skip to Main Content

So I’m trying to create S3 Interface endpoint with DNS enabled but without "Enable private DNS only for inbound endpoint".
In AWS DOCs and in boto3 DOCs its described as "PrivateDnsOnlyForInboundEndpoint"
but I don’t see anything regarding this in Terraform DOCs.

When I’m using the "private_dns_enabled = true"
I’m getting InvalidParamter: To set PrivateDnsOnlyForInboundEndpoint to true, to VPC-XXXX must have a gateway endpoint for this service.

As I mentioned earlier I do not need PrivateDnsOnlyForInboundEndpoint, So I’m trying to disable this option without any success.

In AWS console the option does exists – (as shown in the picture)
AWS EP DNS EDIT

Terraform code

resource "aws_vpc_endpoint" "s3_interface" {
vpc_id              = data.aws_vpc.vpc_id.id
service_name        = "com.amazonaws.${var.aws_region}.s3"
vpc_endpoint_type   = "Interface"
subnet_ids          = [data.aws_subnet.mgmt_private_subnet.id]
security_group_ids  = [data.aws_security_group.sg.id]
private_dns_enabled = true
dns_options {
  dns_record_ip_type = "ipv4"

}
}

Any help would be appreciated

2

Answers


  1. Chosen as BEST ANSWER

    So after checking.. here is the answer. it turns out that PrivateDnsOnlyForInboundEndpoint is a new feature that is not yet exists in terraform. You can view it here - https://github.com/hashicorp/terraform-provider-aws/issues/30041 https://aws.amazon.com/about-aws/whats-new/2023/03/amazon-s3-private-connectivity-on-premises-networks/

    Thanks anyway (:


  2. What you try to do is not possible.
    For interface endpoints you need you have to use a inbound reslover endpoint to get the private DNS to work. But if you go with a gateway endpoint instead it should work.

    Read more here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search