[ec2] (design): Private DNS support for VPC endpoint services #10580
Assignees
Labels
@aws-cdk/aws-ec2
Related to Amazon Elastic Compute Cloud
guidance
Question that needs advice or information.
in-progress
This issue is being actively worked on.
Comments
flemjame-at-amazon
added
guidance
github-actions
bot
added
the
@aws-cdk/aws-ec2
|
The only thing I can really think of to work around this is to use Inversion of Control, so that we can implement it in route53: // aws-ec2 module
interface VpcEndpointProps {
privateDns: IPrivateDnsProvider;
}
// aws-route53 module
class PrivateDns implements ec2.IPrivateDnsProvider {
public bind(...) {
}
}In fact, I think that's nicer as it looks like what you're supposed to do is create a route53 record to refer to the VPC endpoint anyway. Or, even simpler is just to keep everything in route53: // aws-route53
new VpcEndpointDomainName(this, 'Alias', {
hostedZone: hostedZone,
domainName: 'my-domain.com',
endpoint: new VpcEndpointService(...),
}); |
rix0rrr
added
the
response-requested
|
@rix0rrr do you think this would belong in the route53 module, or route53-patterns? Or something else? |
github-actions
bot
removed
the
response-requested
SomayaB
added
in-progress
|
Feels like something that should be in |
rix0rrr
added
the
response-requested
|
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
github-actions
bot
added
the
closing-soon
|
Will move to route53 |
github-actions
bot
removed
closing-soon
|
mergify bot
pushed a commit
that referenced
this issue
Dec 17, 2020
https://aws.amazon.com/premiumsupport/knowledge-center/vpc-private-dns-name-endpoint-service/ https://docs.aws.amazon.com/vpc/latest/userguide/verify-domains.html AWS added the ability to specify a custom DNS name for an endpoint service earlier this year. It makes it so your clients don't have to create aliases for an InterfaceVpcEndpoint when they connect to your service. This reduces undifferentiated lifting done by clients. This PR creates a construct that will set up the custom DNS. ```ts stack = new Stack(); vpc = new Vpc(stack, 'VPC'); nlb = new NetworkLoadBalancer(stack, 'NLB', { vpc, }); vpces = new VpcEndpointService(stack, 'VPCES', { vpcEndpointServiceLoadBalancers: [nlb], }); // You must use a public hosted zone so domain ownership can be verified zone = new PublicHostedZone(stack, 'PHZ', { zoneName: 'aws-cdk.dev', }); new VpcEndpointServiceDomainName(stack, 'EndpointDomain', { endpointService: vpces, domainName: 'my-stuff.aws-cdk.dev', publicZone: zone, }); ``` Original design ticket: #10580 *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
flochaz
pushed a commit
to flochaz/aws-cdk
that referenced
this issue
Jan 5, 2021
https://aws.amazon.com/premiumsupport/knowledge-center/vpc-private-dns-name-endpoint-service/ https://docs.aws.amazon.com/vpc/latest/userguide/verify-domains.html AWS added the ability to specify a custom DNS name for an endpoint service earlier this year. It makes it so your clients don't have to create aliases for an InterfaceVpcEndpoint when they connect to your service. This reduces undifferentiated lifting done by clients. This PR creates a construct that will set up the custom DNS. ```ts stack = new Stack(); vpc = new Vpc(stack, 'VPC'); nlb = new NetworkLoadBalancer(stack, 'NLB', { vpc, }); vpces = new VpcEndpointService(stack, 'VPCES', { vpcEndpointServiceLoadBalancers: [nlb], }); // You must use a public hosted zone so domain ownership can be verified zone = new PublicHostedZone(stack, 'PHZ', { zoneName: 'aws-cdk.dev', }); new VpcEndpointServiceDomainName(stack, 'EndpointDomain', { endpointService: vpces, domainName: 'my-stuff.aws-cdk.dev', publicZone: zone, }); ``` Original design ticket: aws#10580 *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://aws.amazon.com/premiumsupport/knowledge-center/vpc-private-dns-name-endpoint-service/
https://docs.aws.amazon.com/vpc/latest/userguide/verify-domains.html
❓ General Issue
AWS added the ability to specify a custom DNS name for an endpoint service earlier this year. It makes it so your clients don't have to create aliases for an InterfaceVpcEndpoint when they connect to your service. This reduces undifferentiated lifting done by clients. I'd like to add support for this to CDK.
The Question
The steps for setting it up involve creating Route53 records in a public hosted zone. I had intended it to be used like so:
However this isn't possible -- the route53 module depends on the ec2 module, so I cannot add this feature to the VpcEndpointService construct without creating a circular dependency.
How can I get around this dependency? Would you recommend a different approach?
Environment
The text was updated successfully, but these errors were encountered: