AWS Workspaces DNS settings prevent resolution of private hostnames like sagemaker.aws

Question

The default DNS settings for my AWS workspaces, is taken from the Managed AD Server (which workspaces are provision from)

it appears that even with a sagemaker notebook endpoint provision on the VPC, sagemaker.aws urls cannot be reached.

However, if i alter one of the dns value of the workspaces to 169.254.169.253, sagemaker.aws is able to be reached.

is there a better solution? it seems that its hard for workspaces to reach AWS services.

Answer

This has nothing to do with Amazon WorkSpaces, this is just how DNS works. You need to configure a hybrid setting to forward DNS queries to the authoritative DNS Server for the URL.

Amazon WorkSpaces are just Windows Desktops as a Service, joined to a Windows Active Directory. For Managed Microsoft AD, DNS is integrated into the Domain Controllers and can be managed through the RSAT snap-ins. It is the same way any Microsoft Windows AD with integrated DNS would be managed.

Amazon WorkSpaces are just Windows Desktops as a Service, joined to a Windows Active Directory. For Managed Microsoft AD, DNS is integrated into the Domain Controllers and can be [managed through the RSAT snap-ins](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_troubleshooting_dns.html). It is the same way any Microsoft Windows AD with integrated DNS would be managed.

AWS Workspaces DNS settings prevent resolution of private hostnames like sagemaker.aws

Relevant questions

Amazon Workspaces without AD connector

Enable MFA on AWS Workspaces

WorkSpaces - Inoperable AD Connector

AWS Workspaces - moving between OUs

Is AWS Managed Microsoft AD billed separately from Amazon WorkSpaces?