Posted On: Mar 14, 2023

Virtual Private Cloud (VPC) interface endpoints for Amazon S3 now offer private DNS options that can help you more easily route S3 requests to lower-cost endpoints in your VPC. With private DNS for S3, your on-premises applications can use Amazon PrivateLink to access S3 over an interface endpoint, while requests from your in-VPC applications access S3 using gateway endpoints. Routing requests in this way helps you to take advantage of lower-cost private network paths without having to make code or configuration changes to your clients.

You can get started with private DNS for S3 in two simple steps. First, create an inbound resolver endpoint in your VPC and point your on-premises resolver to it. Then, go to the VPC console and use the enable DNS name option when you create or modify an interface endpoint. To automatically route requests from on-premises applications over interface endpoints, select Enable private DNS only for inbound endpoint. With this option, S3’s regional DNS names (* will resolve to the private IP addresses on your interface endpoints for on-premises clients. Your in-VPC clients will be unaffected, and will continue to use S3’s public IP addresses. This means that your applications will use interface endpoints only for your on-premises traffic, while in-VPC traffic will automatically use lower-cost gateway endpoints.

Private DNS options for VPC interface endpoints for Amazon S3 are now available in all Amazon Web Services Commercial Regions, including the Amazon Web Services China (Ningxia) Region, operated by NWCD, and the Amazon Web Services China (Beijing) Region, operated by Sinnet. For pricing details, visit the Amazon PrivateLink pricing page. You can enable private DNS using the Amazon Web Services Management Console, Amazon CLI, SDK, or Amazon CloudFormation. To learn more, read the Amazon S3 documentation.