Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
How do I set up my VPC endpoint service to use a custom private DNS name?
I'm a service provider that created an AWS PrivateLink virtual private cloud (VPC) endpoint service in my Amazon Virtual Private Cloud (Amazon VPC). I want to confirm that consumers of my service can use a custom private DNS name to access my VPC endpoint.
Short description
Service providers can specify a private DNS name for a new or existing endpoint service. To use a private DNS name, turn on the feature and then specify a private DNS name. Then, use the Amazon VPC console or API to verify that you control the domain or subdomain. After you verify the domain ownership, consumers can use the private DNS name to access the endpoint.
Resolution
Service provider configuration
Complete the following steps:
- Create a VPC endpoint service, if you don't already have one. Make sure to turn on Private DNS Name and provide the private DNS name when you create your VPC endpoint service. If you created an endpoint service but didn't specify a private DNS name, then you can associate a private DNS name with your endpoint service.
- As a service provider, you must create DNS records in the public domain that you use for the private DNS validation. You can use Amazon Route 53 to register or add a new domain.
- View the endpoint service private DNS name configuration details. Note the Domain verification value and Domain verification name that you need to create the DNS server records.
- Add the provided TXT record to the DNS service for your domain. If you use Route 53 as a DNS provider, see Creating records by using the Amazon Route 53 console.
- Review the private DNS name to verify that you, the service provider, own the domain name.
Service consumer configuration
Complete the following steps:
- Set enableDnsHostnames and enableDnsSupport to true for the VPC where you plan to configure the VPC interface endpoints. For more information, see View and update DNS attributes for your VPC.
- Use the service name from the service provider to create the VPC interface endpoints in the VPC of your service consumer account. You can't turn on private DNS names until the service provider accepts the endpoint connection request.
Note: If your service provider doesn't require endpoint connection acceptance, then you can turn on private DNS names and skip the following steps. - Contact the service provider to request acceptance of the connection request. For more information, see Accept or reject connection requests.
Note: After an interface endpoint is accepted, it's in the Available state. To verify the endpoint's acceptance, check the Status of the VPC interface endpoint in your service consumer account. - Modify the private DNS names for the VPC interface endpoint that you created in step 2, and then choose Enable for this endpoint.
Related information
- Tags
- Amazon VPC
- Language
- English
Relevant content
- asked 4 years ago
- asked 4 years ago
