Comment
Author: Admin | 2025-04-27
Transit Gateway using VPC attachment. Transit Gateway extends connectivity to the on-premises network over either a Direct Connect connection or a Site-to-Site VPN connection. Figure 1: Shared services VPC connected through Transit Gateway and then to the on-premises network through Direct Connect and Site-to Site VPN Create an Amazon Route 53 Resolver inbound endpoint with DoH attribute enabled Amazon Route 53 Resolver endpoint supports three protocols: Do53, DoH, and DoH-FIPS. Do53 – (Default) The data is relayed using the Route 53 Resolver without additional encryption over UDP or TCP. DoH – The data is transmitted over an encrypted HTTPS session. DoH-FIPS – The data is transmitted over an encrypted HTTPS session that is compliant with the FIPS 140-2 cryptographic standard. Supported for inbound endpoints only. For more information, see FIPS PUB 140-2. Note: You cannot choose both DoH and DoH-FIPS at the same time. You can choose Do53 only, Do53 and DoH (or DoH-FIPS), or DoH-only (or DoH-FIPS only), depending on your requirements. Additionally, you cannot change the protocol of an inbound endpoint directly from Do53 only to DoH only, or DoH-FIPS only. The reverse is also true. This prevents sudden disruptions to incoming traffic. To change the inbound resolver protocol from Do53 to DoH or DoH-FIPS, you must first enable both Do53 and DoH or Do53 and DoH-FIPS. Next, use Route 53 Resolver query logs to verify that all incoming traffic has transferred to using the DoH protocol or DoH-FIPS. Finally, edit the inbound endpoint configuration to remove Do53 protocol support. Create a new Route 53 Resolver inbound endpoint that supports DoH and specify the following values (Figure 2): Specify the name for the endpoint. From the dropdown, select the VPC that you will use to forward DNS queries from your on-premises environment. Select the Security group for this
Add Comment