Unable to resolve the private dns name of a Sagemaker runtime VPC interface endpoint

Hi Bert,

There are two possible reasons.

1. Private DNS name is not enable for this endpoint.
2. The endpoint doesn't have an interface in the subnet where the EC2 instance is running.

Verify that private DNS is enabled for your endpoint.

$ aws ec2 describe-vpc-endpoints --vpc-endpoint-ids vpce-044a93bEXAMPLE --query 'VpcEndpoints[].PrivateDnsEnabled' --region REGION

If the response is not "true", modify the endpoint and enable private DNS names. If it is already enabled, make sure that the endpoint has an interface in the AZ ( in any subnet in that AZ) where you your EC2 instance is running.

For example, if your EC2 instance is in eu-central-1a, make sure that the endpoint has an interface in one of the subnets in eu-central-1a.

Hi Renjith_R

Thank you for the suggestions.

Private DNS is enabled, so that is not the issue.

As far as I know the endpoint doesn't need to be in the same subnet or even in the same AZ as the EC2 instance calling the endpoint. At least this works for all the other endpoints like KMS and CloudWatch Logs. I tested it anyway and deployed the Sagemaker runtime endpoint into the same subnet as the EC2 instance and there it works.

Another test I did was deploying the Sagemaker runtime again into my "endpoint subnet" with private dns name disabled and attaching a private hosted zone for the Sagemaker runtime domain pointing to the private IP of the Sagemaker runtime endpoint. This works as well.

Afterwards I removed the private hosted zone and enabled private dns name again and it stopped working.

Best regards

Bert