Cloudformation VPC S3 interface endpoint with PrivateDnsEnabled and PrivateDnsOnlyForInboundResolverEndpoint set to false


So im trying to create S3 VPC interface endpoint using Cloudformation.

there is a field called "PrivateDnsOnlyForInboundResolverEndpoint" which is set to true automatically by default if I enable "private DNS names" to true.

I want to create the endpoint with private DNS names enabled but PrivateDnsOnlyForInboundResolverEndpoint set to false, for some reason I`m not able to to that.

There is no mention for it in the

Also, it seems to be available only for the AWS cli

Any suggestions ?

My current template looks like so:

AWSTemplateFormatVersion: '2010-09-09'
Description: CloudFormation template to create VPC interface endpoint for S3
    Type: String
    Description: VPC to create the endpoint in
    Type: String
    Description: Subnet ID for endpoint
    Type: 'AWS::EC2::VPCEndpoint'
      VpcId: !Ref VPCId
      SubnetIds: [!Ref SubnetId1]
      ServiceName: ''
      VpcEndpointType: Interface
      PrivateDnsEnabled: true

I would imagine it would like so:

  PrivateDnsOnlyForInboundResolverEndpoint: false
asked a year ago1738 views
3 Answers

This can be achieved by invoking a lambda function from CloudFormation template with below steps.

1/ Create a lambda function with IAM permissions which can take input from CloudFormation, create vpc endpoint and return response to CloudFormation. 2/ Update CloudFormation template to invoke this lambda function


answered a year ago
  • I dont think this is to way to solve it.. not even for a workaround.


I agree with you. It seems that there is no way to specify "PrivateDnsOnlyForInboundResolverEndpoint" field via AWS CloudFormation. You may use Former2 to confirm whether such field existis or not by scanning existing VPCEndpoint resource.

profile picture
answered a year ago
  • Well, I did that before posting.. So I can confirm no such field exists.


I also have this problem and have resorted to just manually creating the endpoints outside of the CF template. Cloudformation has a surprising number of bugs and limited features/properties of resources missing etc.

To add more context, I specifically have this problem 'PrivateDnsOnlyForInboundResolverEndpoint' only for the S3 endpoint interface type. I have successfully created an ec2 endpoint interface without a problem. My new solution is to use a Gateway endpoint for S3 instead.

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions