By using AWS re:Post, you agree to the Terms of Use

Unable to resolve the private dns name of a Sagemaker runtime VPC interface endpoint


I deployed interface endpoints for multiple AWS services into a dedicated subnet in my VPC. Besides a Sagemaker runtime interface endpoint I also created endpoints for CloudWatch logs, KMS and more.

The resolving of the service domain name (e.g. works for all endpoints, except for the Sagemaker runtime (e.g. endpoint specific domain names of the Sagemaker runtime endpoint also work, only the resolving of fails with no answers from the DNS server.

I tried multiple times to recreate the endpoint, but that didn't help either. The resolving of the domain works if I deploy the endpoint into another test VPC.

Any ideas on what could be wrong? Thanks in advance! Bert

2 Answers

Hi Bert,

There are two possible reasons.

  1. Private DNS name is not enable for this endpoint.
  2. The endpoint doesn't have an interface in the subnet where the EC2 instance is running.

Verify that private DNS is enabled for your endpoint.

$ aws ec2 describe-vpc-endpoints --vpc-endpoint-ids vpce-044a93bEXAMPLE --query 'VpcEndpoints[].PrivateDnsEnabled' --region REGION

If the response is not "true", modify the endpoint and enable private DNS names. If it is already enabled, make sure that the endpoint has an interface in the AZ ( in any subnet in that AZ) where you your EC2 instance is running.

For example, if your EC2 instance is in eu-central-1a, make sure that the endpoint has an interface in one of the subnets in eu-central-1a.

answered a month ago

Hi Renjith_R

Thank you for the suggestions.

Private DNS is enabled, so that is not the issue.

As far as I know the endpoint doesn't need to be in the same subnet or even in the same AZ as the EC2 instance calling the endpoint. At least this works for all the other endpoints like KMS and CloudWatch Logs. I tested it anyway and deployed the Sagemaker runtime endpoint into the same subnet as the EC2 instance and there it works.

Another test I did was deploying the Sagemaker runtime again into my "endpoint subnet" with private dns name disabled and attaching a private hosted zone for the Sagemaker runtime domain pointing to the private IP of the Sagemaker runtime endpoint. This works as well.

Afterwards I removed the private hosted zone and enabled private dns name again and it stopped working.

Best regards


answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions