Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Shield advanced for Route53 delegated subdomains

0

A customer has (all using Route 53):

  • a parent AWS account where the domain myapplication.com is hosted
  • multiple child AWS accounts that operate hosted zones for subdomains, such as app1.myapplication.com, app2.myapplication.com, etc.
  • the parent account delegates to the child accounts using NS records

They were wondering: if they are using Shield advanced for Route 53, do they only need to sign up the myapplication.com hosted zone in the parent account or do they also need to go to all child accounts and sign up the subdomain hosted zones for Shield advanced as well?

I was thinking the latter one, as the DNS servers for the parent domain may be different to the ones for the subdomains, but wanted to confirm here.

Thanks a lot for your input!

Argomenti
Sicurezza, identità e conformitàNetworking e distribuzione di contenuti
Tag
AWS ShieldAmazon Route 53
Lingua
English
AWS-User-2749457
posta 6 anni fa448 visualizzazioni
1 Risposta
0
Risposta accettata

It is as you suspected. For Shield Advanced you specify the hosted zone that you wish to protect in the account that the zone is defined in, so unfortunately your customer will need to add in protection for each hosted zone across each of their sub-accounts. Shield Advanced is subscribed to and configured on a per account basis - of course, if these accounts are all in the same consolidated billing family then the customer is only charged once, but there is no automatic protection of sub-domains in sub-accounts across that billing family.

AWS
ESPERTO
Dr Andrew Kane
con risposta 6 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente