- Newest
- Most votes
- Most comments
If you are sharing this service using centralized VPC Architect, So we want spoke VPCs to be able to resolve VPC endpoint DNS hosted in a centralized VPC, the managed PHZ won’t work. To overcome this, disable the option that automatically creates the private DNS when an interface endpoint is created. Next, manually create a Route 53 PHZ and add an __ Alias record __with the full AWS service endpoint name pointing to the interface endpoint.
you can check that in the Whitepaper below as well : https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/centralized-access-to-vpc-private-endpoints.html#interface-vpc-endpoints
Is there any aws cli command to test the working of notebook vpc endpoint. to verify the taht service is called privately form EC2.
You can check if you are receiving the private IP when you are querying the VPC Endpoint DNS, you can use from any EC2 in the Spoke VPC by using any tools of DNS lookup (NSlookup or DIG) .
Example on Linux: >> dig <VPC-Endpoint-DNS>
it should resolve the Same Private IP of the VPC Endpoint if all the configuration is done
Hi,
Following this guidance should allow you to achieve your goal: https://repost.aws/knowledge-center/route53-private-hosted-zone
It will allow you to Route53 private hosted zone with a VPC on a different AWS account.
Best,
Didier
You need to disable DNS on the private endpoint before you will be able to create a PHZ for the endpoint in your route 53.
Relevant content
- Accepted Answer
- Accepted Answerasked 3 years ago
- asked 5 months ago
AWS OFFICIALUpdated 2 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
I tried creating alias record in Route 53 and it's working for other VPC Interface Endpoint like EC2, Sagemaker API but I'm trying to find answer for Sagemaker Notebook endpoint(com.amazonaws.ap-south-1.sagemaker.api). All created DNS name are like "*.notebook.ap-south-1.sagemaker.aws". Since DNS name is ending with "sagemaker.aws", its not showing up in Alias dropdown list of endpoint while setting up in PHZ, usually endpoints DNS ends with "amazonaws.com". How this notebook endpoints can be shared across VPC.
Hello Himanshu, In reference to your point,
Establish a Private Hosted Zone (PHZ): Create a Private Hosted Zone using a chosen name, for example, "Stagemaker.local."
Insert A Record within the PHZ: Add an A record within the established PHZ, directing it to an Alias associated with a VPC Endpoint. Ensure to select "Stagemaker" during this process. Multiple DNS records may appear based on the VPC Endpoint AZ implementation.
Link the PHZ to the VPC: Associate the Private Hosted Zone with the specific VPC for which you intend to resolve DNS queries.
Utilize the New A Record for Resolution: In other VPCs use the newly created A record's name to resolve the Private IP Address of the VPC Endpoint. This ensures that the DNS resolution refers to the desired private IP within the designated VPC