Difference between VPC Endpoints

0

What is the difference between gateway and interface endpoints? I know former is based on routing while later is based on ENI but I feel what's going behind the scenes is still the same for both cases. For gateway endpoints, I believe that particular ip's (in the way of prefix list) are routed to S3/dynamodb service. But before that shouldn't a dns resolution happen? So if I say "aws s3 ls", dns should provide a private IP (which would be one of the prefix list) and then can routing can happen. Isn't the concept still the same for interface endpoints? That is, a dns resolution to a private IP?

nishan
질문됨 일 년 전337회 조회
1개 답변
1

Yes, DNS resolution happens with both endpoints. You're correct in how you describe things.

For Gateway Endpoints you'll find that the DNS entry resolves to the public IP address for the S3 and DynamoDB services. The VPC then routes those IP addresses to the endpoint and you're connected with the services.

For Interface Endpoints (which are powered by PrivateLink) the DNS entry resolves to a private IP address that PrivateLink creates for the network interface in your VPC. Note that as per the documentation you need to have DNS hostnames and DNS resolution enabled in your VPC for this to work. Also, there is a specific name for the endpoint that can also be used - but in most cases it is far easier to use the "normal" (public) endpoint name because it requires no application changes.

profile pictureAWS
전문가
답변함 일 년 전
profile picture
전문가
검토됨 일 년 전
profile picture
전문가
검토됨 일 년 전
  • I have a couple of more questions:

    1. Both dnshostnames and dns resolution must be turned on for both interface and gateway endpoints to work. Right?
    2. Who is doing the dns resolution. I believe it would be amazon dns server, i.e. 169.254.169.253 along with vpc+2. If so, how can I leverage vpc endpoints if I want to use custom dns server
    1. Yes.
    2. The custom DNS server would need to forward requests for Amazon-owned DNS names to an Amazon-owned resolver (Route 53 in this case) which is the IP address you've listed. You can also set up a Route 53 Resolver.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠