Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

VPC Lattice Service Custom Domain Names via ServiceNetwork endpoints

0

Hi,

If I create a Service Network endpoint in my VPC, I can access lattice services associated with the Service Network using the generated DNS name for each lattice service, e.g.: - https://vpce-123456789abcdef12-snsa-123456789abcdef12.1234567.vpc-lattice-svcs.eu-west-2.on.aws.

But it seems there's no way for me to resolve the lattice service custom domain name to the endpoint within the VPC?

The documentation states "If you enable private DNS for your service-network VPC endpoint, and your VPC has both DNS hostnames and DNS resolution enabled, we create hidden, AWS-managed private hosted zones for the resource configurations that have custom DNS names. "

I note that creating AWS-managed private hosted zones for lattice services that have custom DNS names is missing from the above.

I can obviously create a route53 CNAME mapping the lattice service to the custom domain name, but this would only be valid for clients within the same VPC as the endpoint and would override resolution of other clients in VPCs associated with the Service Network.

Have I missed something here? If not, do we know if creating a private hosted zone for lattice services that have custom DNS names will be added to the functionality of ServiceNetwork endpoints?

Topics
Networking & Content Delivery
Tags
Amazon Route 53Amazon VPCAmazon VPC Lattice
Language
English
asked a year ago350 views
1 Answer
0
Accepted Answer

You're correct in your understanding, and you haven't missed anything significant. The current functionality of VPC Lattice with regard to custom domain names and Service Network endpoints does have some limitations.

When you create a VPC Lattice service, you can indeed configure a custom domain name. However, the resolution of this custom domain name to the VPC Lattice-generated domain name requires some additional configuration, especially when working with Service Network endpoints in different VPCs.

The AWS-managed private hosted zones created when you enable private DNS for your service-network VPC endpoint are primarily for the VPC Lattice infrastructure itself, not for the custom domain names of individual services.

To use custom domain names with VPC Lattice services across different VPCs, you generally need to manually create and manage Route 53 private hosted zones. This involves:

  1. Creating a private hosted zone associated with your consumer VPC.
  2. Adding an ALIAS record in this zone that maps your custom domain name to the VPC Lattice-generated domain name.

You're also correct that this solution would only work for clients within the same VPC as the endpoint, which can be limiting in more complex network architectures.

As for future functionality, while there's no official announcement, it's possible that AWS might enhance the Service Network endpoint capabilities to automatically handle custom domain names for Lattice services. This would align with AWS's general trend of simplifying network management. However, until such a feature is implemented, the manual Route 53 configuration remains the primary method for managing custom domain names with VPC Lattice services across different VPCs.

In the meantime, for multi-VPC setups, you might need to create separate private hosted zones for each VPC that needs to resolve the custom domain names, which can become complex to manage at scale. Some organizations use centralized DNS management strategies or automation to handle this complexity, but it remains a challenge with the current implementation.
Sources
Amazon VPC Lattice Reference Architectures - Amazon VPC Lattice Reference Architectures
Configure a custom domain name for your VPC Lattice service - Amazon VPC Lattice
Amazon VPC Lattice DNS migration strategies and best practices | Networking & Content Delivery

answered a year ago
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content