- Newest
- Most votes
- Most comments
You can connect to the VPC endpoint for SQS from the peered VPC, but in order for VPC B to resolve the name sqs.us-west-2.amazonaws.com to the IP addresses of the endpoint located in VPC A, you'd need a Route 53 Resolver inbound endpoint in VPC A, Route 53 Resolver outbound endpoint in VPC B, and a Route 53 Resolver rule attached to VPC B set to use the outbound resolver endpoint to send the queries for those names to the inbound resolver endpoint in VPC A.
Without this setup, VPC B would resolve standard AWS service names to the public service endpoints and not the IPs of the VPC endpoints in one of the peered VPCs of VPC B.
For on-prem, the setup you described will work, if the Route 53 Resolver inbound endpoint is located in VPC A. The on-premises configuration that sends DNS queries to the inbound resolver endpoint corresponds functionally with the combination of outbound resolver endpoint and resolver rule described above for the peered VPC B.
All VPC interface endpoints work with this style of setup, and the interface endpoint option for S3 is no exception.
Relevant content
- asked 3 years ago
Thanks. So that would add Resolver endpoint cost. In that case only other option to resolve from peered VPC B would be below ?
is above correct ?
Yes, that'll work. The Route 53 Resolver inbound and outbound endpoints (for the peered VPC part, not on-prem) are replaced by the private hosted zone. You could use this approach also for on-prem, although instead of an alias record, you'd point the apex A record of the internal DNS zone on premises to the static IPs of the VPC endpoint for SQS.