2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
So long as CodeBuild has network connectivity to your CodeCommit endpoint, and the DNS resolution that CodeBuild sees for the CodeCommit service is overridden to point to that endpoint, then CodeCommit will be accessed without using the IGW. DNS resolution is overridden via a Private Hosted Zone (PHZ). The way it works within a single VPC is that you set PrivateDnsEnabled=true for the VPC Endpoint when you create it, which sets up an AWS-managed PHZ associated with the VPC.
See https://www.linkedin.com/pulse/how-share-interface-vpc-endpoints-across-aws-accounts-steve-kinsman/ for more info.
関連するコンテンツ
- AWS公式更新しました 9ヶ月前
I must have misconfigured something here.
If you're not sharing across VPCs, it's easiest to set PrivateDnsEnabled=true and let AWS manage the PHZ for you. Though of course you can set "false" instead and do your own as it sounds like you're doing. The PHZ would normally contain an Alias record mapping the service DNS name to the VPC Endpoint name rather than a regular A record mapping to an IP address. For example an SMS PHZ of ours has:
Record name = sms.ap-southeast-2.amazonaws.com
Value = vpce-xxxxxxxxxxxxxxxxx-xxxxxxxx.sms.ap-southeast-2.vpce.amazonaws.com.
Alias = Yes
You don't need "*." on the front of the record name.
VPC has "DNS hostnames" & "DNS resolution" enabled. Can I set "PrivateDnsEnabled=true" using console?
So far I have tried following:
Created Private Hosted Zone in Route 53 for git-codecommit.us-east-1.amazonaws.com
Added A record using alias to point to the endpoint
Getting "CLIENT_ERROR: Get "https:// git-codecommit.us-east-1.amazonaws.com/v1/repos/Test/info/refs?service=git-upload-pack": x509: certificate is valid for codecommit.us-east-1.amazonaws.com, *.codecommit.us-east-1.vpce.amazonaws.com, not git-codecommit.us-east-1.amazonaws.com for primary source and source version refs/heads/master"
Deleted old private hosted Zone
Created new private hosted Zone for codecommit.us-east-1.amazonaws.com
Added A record using alias to point to the endpoint
Getting "CLIENT_ERROR: Get "https:// git-codecommit.us-east-1.amazonaws.com/v1/repos/Test/info/refs?service=git-upload-pack": dial tcp 52.94.226.180:443: i/o timeout for primary source and source version refs/heads/master"