Internal DNS resolves to wrong IP address

Question

Since this morning my EC2 machines in Ohio are unable to connect to the secrets manager: the default `us-east-2.compute.internal` DNS resolves to a private IP but the connection cannot be established, while it succeeds if I try from my local machine using the public IP address.
```
$ wget -O- "https://secretsmanager.us-east-2.amazonaws.com/"                    
--2024-03-19 13:06:18--  https://secretsmanager.us-east-2.amazonaws.com/
Resolving secretsmanager.us-east-2.amazonaws.com (secretsmanager.us-east-2.amazonaws.com)... 10.11.10.200, 10.11.1.144, 10.11.13.68
Connecting to secretsmanager.us-east-2.amazonaws.com (secretsmanager.us-east-2.amazonaws.com)|10.11.10.200|:443... ^C
```

I think some configuration was changed during the night and the DNS is still pointing to the old IP addresses but I have no idea how to refresh them.

Does anyone have a suggestion or experienced a similar problem in the past?

Answer

If the SSM service is resolved to Private IP, you have a VPC endpoint for the SSM. You need to check a security group attached to the VPC endpoint.

Check this article as well. It explains the whole configuration way 
https://repost.aws/knowledge-center/ec2-systems-manager-vpc-endpoints

Internal DNS resolves to wrong IP address

Relevanter Inhalt