Exam AWS Certified Developer Associate topic 1 question 345 discussion

I go with A. Even though we can enable Route53 logs. They will only give information about the domain name resolution. Not necesarily about AWS Network reachability, but VPC Flow Logs will.

The questions is asking to verify that the request is reaching the AWS network. If you look at the VPC FLog Logs, you will see IP traffic inside your VPC. It could happen that your VPC route table, ALB or IGW is misconfigured, and from VPC FLow Logs perspective, it could happen that you don't see the IP traffic you want inside your VPC, but this traffic could be reaching the AWS network effectively. Because of this, B (Route 53) is the correct option.

A is the way to go. The catch is "AWS network reachability."

VPC Flow Logs would show packet arriving in the VPC where the ALB lives, while Route53 would show a request was made to resolve the domain-name. The two are very different, considering the question says "to verify that the request is reaching the AWS network?" it may lean towards A.

Choosing B

Ans: B https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-elb-load-balancer.html To route domain traffic to an ELB load balancer, use Amazon Route 53 to create an alias record that points to your load balancer. An alias record is a Route 53 extension to DNS. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html You can configure Amazon Route 53 to log information about the public DNS queries that Route 53 receives, such as the following: Domain or subdomain that was requested Date and time of the request DNS record type (such as A or AAAA) Route 53 edge location that responded to the DNS query DNS response code, such as NoError or ServFail Once you configure query logging, Route 53 will send logs to CloudWatch Logs. You use CloudWatch Logs tools to access the query logs.