- Newest
- Most votes
- Most comments
Hello,
Please see this Knowledge Center article which explains Provider and Consumer side of the configurations for enabling custom Private DNS names:
https://aws.amazon.com/premiumsupport/knowledge-center/vpc-private-dns-name-endpoint-service/
The PrivateLink and NLB are pass-through for HTTPS and the actual SSL offloading or termination is likely on the ALB. As such, the PL as well as NLB are not going to look at or modify anything in the HTTP header. As long as the Clients on the Consumer side use the correct HTTP Hostnames in their request ALB would do the host-based routing just fine.
As for the DNS resolution, the Client (Consumer) side, will have no visibility of NLB/ALB/EKS, they would connect to the VPC endpoint IPs in the consumer VPC. In the below example the PL is setup for 2 AZs, DNS will do round robin for 2 VPC Endpoint private IPs to which Clients will connect to consume the service.
Reference: https://d1.awsstatic.com/whitepapers/aws-privatelink.pdf
Just an Example showing how a Client connects to a PL:
Hope this helps
Relevant content
- asked a year ago
- asked 2 years ago
- Accepted Answerasked 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- How do I delete my Network Load Balancer that's associated with VPC endpoint services (PrivateLink)?AWS OFFICIALUpdated 2 years ago
Thanks Tushar_J, please help me understand a bit more. I see that via enabling private DNS name from the provider, the consumer can use that name while setting up interface endpont in replacement of generated Endpoint-Specific Regional DNS Hostname. What I am still bit unclear is that, say we have
sharedservice.company.com
as the shared endpoint service, is the consumer able to callservice1.sharedservice.company.com
right away? Or does it require them to set up private hosted zone and add that as a record? Would you recommend to do a private hosted zone association across VPCs?Hi robertf, you dont need PHZ, see this: https://aws.amazon.com/about-aws/whats-new/2020/01/aws-privatelink-supports-private-dns-names-internal-3rd-party-services/
Hi Tushar_j, thanks for the info. From what I understand, enable private DNS requires to own a public domain, which is additional to our current setting as everything is internal. In addition, this only creates the private DNS name as one record in consumer’s PHZ (automatically I suppose), in the case of multiple rules that set up on ALB for host based routing, we still need a mechanism to add all DNS records as required, such as s1.my service.com , s2.myservice.com etc which both map to the endpoint DNS for downstream routing. Is that the correct understanding?