0

I have a setup that consists of an ECS Ec2Service with a single instance running a task that sends an SNS message to a topic whenever the /index page is hit. Everything works fine and I'm able to do Publish the message to the topic if I use regular "open internet" SNS endpoints. However, when I create an VPC Endpoint for the AWS SNS Service and I get the DNS names from the VPC Endpoint details tab and try to Publish the SNS message, while configuring the SNS client with that DNS name, the operation fails due to timeout as if the endpoint is not reachable.

DNS names
   vpce-0c79xxxxxxxxx-xxxxxxxxx.sns.ca-central-1.vpce.amazonaws.com (ZRXXXXXXXXXX)
   vpce-0c79xxxxxxxxx-xxxxxxxxx-ca-central-1b.sns.ca-central-1.vpce.amazonaws.com (ZRXXXXXXXXXX)
   ...

Both my Ec2 and the VPC Endpoint are in the same subnet (tried private then public ones) so I'm not sure what I'm missing.

EDIT1: Calling out that I need Private DNS names enabled = false so I can't use the regular endpoint for routing to the VPC Endpoint

thiagoh
  • 7,098
  • 8
  • 51
  • 77

1 Answers1

1

To use private DNS names, ensure that the attributes 'Enable DNS hostnames' and 'Enable DNS Support' are set to 'true' for your VPC.

More information here.

After you verify the above, You can also perform a VPC reachability analysis using this documentation and it is billable.

Try out dig +noall +answer <your-vpc-endpoint> from any EC2 instances in the associated subnets and this should print the private IPs from your CIDR range.

This answer may also be helpful.

GSSwain
  • 5,787
  • 2
  • 19
  • 24