Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Difference between VPC Endpoints

0

What is the difference between gateway and interface endpoints? I know former is based on routing while later is based on ENI but I feel what's going behind the scenes is still the same for both cases. For gateway endpoints, I believe that particular ip's (in the way of prefix list) are routed to S3/dynamodb service. But before that shouldn't a dns resolution happen? So if I say "aws s3 ls", dns should provide a private IP (which would be one of the prefix list) and then can routing can happen. Isn't the concept still the same for interface endpoints? That is, a dns resolution to a private IP?

Argomenti
Networking e distribuzione di contenuti
Tag
Amazon VPC
Lingua
English
nishan
posta un anno fa282 visualizzazioni
1 Risposta
1

Yes, DNS resolution happens with both endpoints. You're correct in how you describe things.

For Gateway Endpoints you'll find that the DNS entry resolves to the public IP address for the S3 and DynamoDB services. The VPC then routes those IP addresses to the endpoint and you're connected with the services.

For Interface Endpoints (which are powered by PrivateLink) the DNS entry resolves to a private IP address that PrivateLink creates for the network interface in your VPC. Note that as per the documentation you need to have DNS hostnames and DNS resolution enabled in your VPC for this to work. Also, there is a specific name for the endpoint that can also be used - but in most cases it is far easier to use the "normal" (public) endpoint name because it requires no application changes.

profile pictureAWS
ESPERTO
Brettski-AWS
con risposta un anno fa
profile picture
ESPERTO
Sedat Salman
verificato un anno fa
profile picture
ESPERTO
Riku_Kobayashi
verificato un anno fa
  • nishan
    un anno fa

    I have a couple of more questions:

    1. Both dnshostnames and dns resolution must be turned on for both interface and gateway endpoints to work. Right?
    2. Who is doing the dns resolution. I believe it would be amazon dns server, i.e. 169.254.169.253 along with vpc+2. If so, how can I leverage vpc endpoints if I want to use custom dns server
  • Brettski-AWS ESPERTO
    un anno fa
    1. Yes.
    2. The custom DNS server would need to forward requests for Amazon-owned DNS names to an Amazon-owned resolver (Route 53 in this case) which is the IP address you've listed. You can also set up a Route 53 Resolver.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente