I will say this will be the easiest and best one of the possible way:
"Do we need to setup the client domain in Route53, update the name servers to the clients as a first step"
this is also possible:
"can I just request a cert in ACM and get the client to add the txt records and this will allow the auto-renewal"
(Not sure about auto renewal) but I am using the same method. Didn't had a renewal yet
CloudWatch logs for our Aurora Cluster using the Management ConsoleAccepted Answerasked a month ago
VPC Endpoint for AWS Account Factory for Terraform Management Accountasked 3 months ago
Client VPN Endpoint Creation - Not Detecting Client Certificate in ACMAccepted Answerasked 4 years ago
AWS Backup in the Management AccountAccepted Answerasked 2 years ago
IAM as code - centralize the management of IAM roles and policies in a multi-account organizationAccepted Answerasked 2 years ago
Using a subordinate certificate authority from ACM Private CA for mTLS client certificate authentication with MSKasked 8 months ago
AWS Client VPN CertsAccepted Answerasked 3 years ago
Using AWS Organizations can you create a Cloudtrail Lake in a different account than the Management accountasked a day ago
Client Certificate Managementasked 6 months ago
Moving management account to another organizationAccepted Answerasked a month ago