How DNS name of VPC endpoint resolves to Private IP outside VPC

0

How DNS name of VPC endpoint resolves to Private IP outside VPC

asked 3 months ago134 views
2 Answers
2

They are resolveable because private endpoints are in Public Zones. They do return private IPs but you will be unable to connect to them unless you have some form of VPN. To prevent this, you have to disable private DNS on the endpoint and create your own Private Route 53 zone and alias in each apex

profile picture
EXPERT
answered 3 months ago
profile pictureAWS
EXPERT
reviewed 3 months ago
1

The default DNS names of VPC endpoints always resolve to their real IP addresses, which are generally private. Only specific services with both public and private IPs, such as publicly accessible RDS databases, or standard AWS service endpoints (like ec2.[region].amazonaws.com) resolve to the private IPs of an endpoint inside a VPC that hosts such an endpoint and to the public IP of the public endpoint for the service when queried from outside an endpoint-equipped VPC.

EXPERT
answered 3 months ago
profile picture
EXPERT
reviewed 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions