En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Access to specific DNS from EC2

0

We have a VPC with Internet access. Within the VPC we have an EC2 which does not allow internet access using the Security Group. We wish to allow specific DNS to be reachable from this EC2 (Egress). What are the possible options?

Essentially, looking for DNS filtering at the EC2 egress and not at the VPC.

The reason for specific DNS is that the IP associated with the DNS can change and we prefer not having a logic to dynamically update the security group.

Sujets
Réseaux et diffusion de contenu
Balises
Amazon VPCRéseaux et diffusion de contenuGroupe de sécuritéDomain Name System (DNS)
Langue
English
Rajas Gujarathi
demandé il y a 2 mois472 vues
1 réponse
2

Have you thought about using Route53 Resolver DNS Firewall to do this?

https://docs.aws.amazon.com/vpc/latest/userguide/resolver-dns-firewall.html

Either way, you still have to allow the EC2 talk to a DNS Server and that in turn will allow recursive DNS queries.

profile picture
EXPERT
Gary Mclean
répondu il y a 2 mois
profile picture
EXPERT
Oleksii Bebych
vérifié il y a 2 mois
profile picture
EXPERT
Giovanni Lauria
vérifié il y a 2 mois
  • Rajas Gujarathi
    il y a 2 mois

    Thanks, I will go through it. After reading the first paragraph, it appears to be at the VPC level. But will go through it in detail.

    "It can also block requests for public or private Amazon EC2 instance names." -> This seems promising, will have a more detail reading sometime later today.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents