- 新しい順
- 投票が多い順
- コメントが多い順
Yes, for s3 and to support all bucket.s3... URL, you will need a wildcard record in the PHZ. This ( https://aws.amazon.com/blogs/networking-and-content-delivery/secure-hybrid-access-to-amazon-s3-using-aws-privatelink/) provides great detail on different options to work with S3 endpoints, with PHZ instruction under 'option 3'.
For API Gateway, when you associate endpoint with the REST API, API gateway will create the alias record for you (for <api>-<vpce id>.execute-api.... ). You may not want to create wildcard record for *.execute-api.., if not all your API calls go through the same VPC endpoint.
Hello,
When centralizing access to VPC Interface Endpoints powered by PrivateLink, you should create a record that covers all possible queries that you would want to forward to that endpoint. So taking for example, Amazon S3: if you only want to forward queries for examplebucket to that endpoint then you would only create a record for examplebucket.s3.<region>.amazonaws.com and have it point to that VPC endpoint. If you want to forward all S3 queries to that endpoint, then you can create *.s3.<region>.amazonaws.com.
Hi! The first blog you list (Centralize access using VPC interface endpoints to access AWS services across multiple VPCs) explains very good the steps to follow to configure PHZs and ALIAS records. So, in the example of an S3 VPC endpoint, you first create the PHZ s3.eu-central-1.amazonaws.com, and later the ALIAS record mybucket.s3.eu-central-1.amazonaws.com pointing to the VPC endpoint (as it is explained in Step 2). That configuration should work.
Have you associated the PHZ to all the VPCs that need the DNS resolution? You can try to use the wildcard option to check if the rest of the configuration is done properly. If with the wildcard does not work, maybe you need to check again that you followed all the other steps correctly.
