So I’m trying to create S3 Interface endpoint with DNS enabled but without "Enable private DNS only for inbound endpoint".
In AWS DOCs and in boto3 DOCs its described as "PrivateDnsOnlyForInboundEndpoint"
but I don’t see anything regarding this in Terraform DOCs.
When I’m using the "private_dns_enabled = true"
I’m getting InvalidParamter: To set PrivateDnsOnlyForInboundEndpoint to true, to VPC-XXXX must have a gateway endpoint for this service.
As I mentioned earlier I do not need PrivateDnsOnlyForInboundEndpoint, So I’m trying to disable this option without any success.
In AWS console the option does exists – (as shown in the picture)
Terraform code
resource "aws_vpc_endpoint" "s3_interface" {
vpc_id = data.aws_vpc.vpc_id.id
service_name = "com.amazonaws.${var.aws_region}.s3"
vpc_endpoint_type = "Interface"
subnet_ids = [data.aws_subnet.mgmt_private_subnet.id]
security_group_ids = [data.aws_security_group.sg.id]
private_dns_enabled = true
dns_options {
dns_record_ip_type = "ipv4"
}
}
Any help would be appreciated
2
Answers
So after checking.. here is the answer. it turns out that PrivateDnsOnlyForInboundEndpoint is a new feature that is not yet exists in terraform. You can view it here - https://github.com/hashicorp/terraform-provider-aws/issues/30041 https://aws.amazon.com/about-aws/whats-new/2023/03/amazon-s3-private-connectivity-on-premises-networks/
Thanks anyway (:
What you try to do is not possible.
For interface endpoints you need you have to use a inbound reslover endpoint to get the private DNS to work. But if you go with a gateway endpoint instead it should work.
Read more here