Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Difference between VPC Endpoints

0

What is the difference between gateway and interface endpoints? I know former is based on routing while later is based on ENI but I feel what's going behind the scenes is still the same for both cases. For gateway endpoints, I believe that particular ip's (in the way of prefix list) are routed to S3/dynamodb service. But before that shouldn't a dns resolution happen? So if I say "aws s3 ls", dns should provide a private IP (which would be one of the prefix list) and then can routing can happen. Isn't the concept still the same for interface endpoints? That is, a dns resolution to a private IP?

Themen
Vernetzung & Bereitstellung von Inhalten
Tags
Amazon VPC
Sprache
English
nishan
gefragt vor einem Jahr288 Aufrufe
1 Antwort
1

Yes, DNS resolution happens with both endpoints. You're correct in how you describe things.

For Gateway Endpoints you'll find that the DNS entry resolves to the public IP address for the S3 and DynamoDB services. The VPC then routes those IP addresses to the endpoint and you're connected with the services.

For Interface Endpoints (which are powered by PrivateLink) the DNS entry resolves to a private IP address that PrivateLink creates for the network interface in your VPC. Note that as per the documentation you need to have DNS hostnames and DNS resolution enabled in your VPC for this to work. Also, there is a specific name for the endpoint that can also be used - but in most cases it is far easier to use the "normal" (public) endpoint name because it requires no application changes.

profile pictureAWS
EXPERTE
Brettski-AWS
beantwortet vor einem Jahr
profile picture
EXPERTE
Sedat Salman
überprüft vor einem Jahr
profile picture
EXPERTE
Riku_Kobayashi
überprüft vor einem Jahr
  • nishan
    vor einem Jahr

    I have a couple of more questions:

    1. Both dnshostnames and dns resolution must be turned on for both interface and gateway endpoints to work. Right?
    2. Who is doing the dns resolution. I believe it would be amazon dns server, i.e. 169.254.169.253 along with vpc+2. If so, how can I leverage vpc endpoints if I want to use custom dns server
  • Brettski-AWS EXPERTE
    vor einem Jahr
    1. Yes.
    2. The custom DNS server would need to forward requests for Amazon-owned DNS names to an Amazon-owned resolver (Route 53 in this case) which is the IP address you've listed. You can also set up a Route 53 Resolver.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt