Posted On: Mar 14, 2023
Virtual Private Cloud (VPC) interface endpoints for Amazon S3 now offer private DNS options that can help you more easily route S3 requests to the lowest-cost endpoint in your VPC. With private DNS for S3, your on-premises applications can use AWS PrivateLink to access S3 over an interface endpoint, while requests from your in-VPC applications access S3 using gateway endpoints. Routing requests like this helps you take advantage of the lowest-cost private network path without having to make code or configuration changes to your clients.
To get started with private DNS for S3, first create an inbound resolver endpoint in your VPC and point your on-premises resolver to it. Then, go to the VPC console and use the enable DNS name option when you create or modify an interface endpoint. To automatically route requests from on-premises applications over interface endpoints, select Enable private DNS only for inbound endpoint. With this option, S3’s regional DNS names (*.s3.region.amazonaws.com) will resolve to the private IP addresses on your interface endpoints for on-premises clients. Your in-VPC clients will be unaffected, and will continue to use S3’s public IP addresses. This means applications will use interface endpoints for your on-premises traffic, while in-VPC traffic will use lower-cost gateway endpoints.
Private DNS options for VPC interface endpoints for Amazon S3 are now available in all AWS Commercial Regions. You can enable private DNS using the AWS Management Console, AWS CLI, SDK, or AWS CloudFormation. For pricing details, visit AWS PrivateLink pricing. To learn more, read the Amazon S3 documentation.