diff --git a/enhancements/installer/aws-cross-account-dns-zone.md b/enhancements/installer/aws-cross-account-dns-zone.md
index 1a63f5402e3..22bb935953c 100644
--- a/enhancements/installer/aws-cross-account-dns-zone.md
+++ b/enhancements/installer/aws-cross-account-dns-zone.md
@@ -139,8 +139,6 @@ type AWSDNSSpec struct {
 
 ```
 
-The name of the field is discussed further in open questions.
-
 #### Install Config
 
 `platform.aws.hostedZoneRole` would be added to complement the existing `platform.aws.hostedZone` field.
@@ -162,9 +160,29 @@ platform:
     hostedZone: Z00147933I3NWOQ6M4699
     hostedZoneRole: arn:aws:iam::<account-a>:role/<role-name>
 ```
-Please see Open Questions for further discussion of the install config.
 
+### API: External DNS Operator
+
+This enhancement also extends [External DNS Operator](https://github.com/openshift/external-dns-operator), an add-on
+operator deployable using Operator Lifecycle Manager (OLM), to support cross account DNS zones in AWS. We extend the
+`ExternalDNS` API object by adding the field `RoleARN` to `ExternalDNSAWSProviderOptions` struct (`spec.provider.aws`).
+Refer to [externaldns_types.go](https://github.com/openshift/external-dns-operator/blob/main/api/v1beta1/externaldns_types.go)
+for the existing API structure of the `ExternalDNS` object.
+
+```go
+type ExternalDNSAWSProviderOptions struct {
+     [...]
+     // RoleARN contains the ARN of a IAM role that will be assumed when using the AWS API.
+     // It provides the ability to use a hosted zone in another AWS account.
+     //
+     // +kubebuilder:validation:Optional
+     // +optional
+     RoleARN *string `json:"roleARN,omitempty"`
+     [...]
+}
+```
 
+See [External DNS Operator Details](#External-DNS-Operator-Details) for more implementation details.
 
 ### Implementation Details/Notes/Constraints [optional]
 
@@ -218,6 +236,27 @@ An example IAM Trust Policy:
 
 ```
 
+#### External DNS Operator Details
+
+Prior to this enhancement, the [External DNS Operator API](https://github.com/openshift/external-dns-operator/blob/main/api)
+did not allow users to configure an AWS role ARN field. As a result, there wasn't a supported way to use the External
+DNS Operator to create DNS records in another AWS account within a shared VPC.
+
+The External DNS Operator configures and runs the [External DNS](https://github.com/openshift/external-dns) binary.
+Conveniently, External DNS already supports the [--aws-assume-role](https://github.com/openshift/external-dns/blob/fe00b4b83c2263282a9068655e8e3fbbc167b653/docs/faq.md#can-external-dns-manageaddremove-records-in-a-hosted-zone-which-is-setup-in-different-aws-account)
+argument, which uses the specified AWS role ARN when creating new DNS records. Therefore, to support shared VPCs with
+the External DNS Operator, we update the [API](#API-External-DNS-Operator) to expose the `--aws-assume-role` argument
+for the External DNS binary.
+
+By design, External DNS can update both public and private DNS zones. Therefore, External DNS Operator users are able
+to use both public and private DNS zones in other accounts, provided the role ARN has appropriate permissions.
+
+More details on using a role ARN to create DNS records in another AWS account will be documented in External DNS
+Operator's [Docs](https://github.com/openshift/external-dns/tree/master/docs).
+
+Note that External DNS Operator updates are asynchronous to OpenShift's standard release of OpenShift Container
+Platform. Therefore, any updates to External DNS Operator are considered out of payload.
+
 ### Risks and Mitigations
 
 Add-on operators needing permissions will not work unless updated to use the role ARN.