Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS PrivateLink now supports Private DNS names for internal and 3rd party services #11510

Closed
ewbankkit opened this issue Jan 7, 2020 · 10 comments · Fixed by #16495
Closed

AWS PrivateLink now supports Private DNS names for internal and 3rd party services #11510

ewbankkit opened this issue Jan 7, 2020 · 10 comments · Fixed by #16495
Assignees
@bflad
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/ec2 Issues and PRs that pertain to the ec2 service.
Milestone
v3.23.0

Comments

@ewbankkit
Copy link
Contributor

ewbankkit commented Jan 7, 2020
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

You can now access AWS PrivateLink based services privately from within your VPC using Private DNS names.

New or Affected Resource(s)

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

Announcement.
User guide.

RequiresAWS SDK v1.27.1:
@ewbankkit ewbankkit added the enhancement Requests to existing resources that expand the functionality or scope. label Jan 7, 2020
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Jan 7, 2020
@isen-ng
Copy link

isen-ng commented Jan 8, 2020
edited
Loading

This feature would be a great boon for implementing SSL over private links.

I just tried this on the AWS console, and the process goes like this:

  • Assuming we have 2 vpcs, vpc1 and vpc2, where
    • vpc1 will contain the vpc endpoint service, and
    • vpc2 will contain the vpc interface endpoint
  1. In vpc1, enable private DNS name on the vpc endpoint service
    • when you create the vpc endpoint service, or
    • on an existing endpoint service
  2. Take the generated domain verification name and domain verification value and insert a new TXT value in your DNS server (eg, route53)
  3. Wait for the domain to be verified
  4. In vpc2, create the vpc interface endpoint if not already created
    • In vpc1, if endpoint connection acceptance is set to manual, you cannot enable private dns during creation
  5. In vpc1, if endpoint connection acceptance is set to manual, vpc1 must manually accept the interface endpoint connection
  6. In both vpcs, wait for the endpoint connection to connect completely
  7. If endpoint connection acceptance is manual, in vpc2, modify the vpc interface endpoint to enable private dns name
    • this step can only needs to be performed if endpoint connection acceptance is manual and after the endpoint connection is accepted
  8. Wait for the endpoint connection to connect after modification completely

@mattsawyer77
Copy link

@ewbankkit I think the affected resource is actually aws_vpc_endpoint_service, no? The aws_vpc_endpoint already has support for private DNS.

@ewbankkit
Copy link
Contributor Author

@mattsawyer77 Correct, there's a flag on the VPC Endpoint that determines whether or not Private DNS is enabled but the actual DNS name is specified on the VPC Endpoint Service.
I've updated above.
Thanks.

@craigedmunds craigedmunds mentioned this issue Mar 4, 2020
Closed
@craigedmunds
Copy link

Have raised a PR for this as it's affecting us too!

@craigedmunds
Copy link

How do we get a review for this PR?

@codezninja
Copy link

is there anyway to get this reviewed and merged in the next release?

@ewbankkit ewbankkit added service/ec2 Issues and PRs that pertain to the ec2 service. and removed needs-triage Waiting for first response or review from a maintainer. labels Jun 12, 2020
@patcable
Copy link

Want to 👍 this as well - though, it'd be good to get the attributes from the DNS entry so I can use them with another provider to actually set the DNS record. I did a bit of digging and i wasn't sure what the "right way" to expose those variables were - have done a few things w/ AWS API in golang, but not with terraform. It looks like the ServiceConfiguration struct references PrivateDnsNameConfiguration that has those values. Could I make some variables like private_dns_name_record_{name, type, value} that map to *ec2.PrivateDnsNameConfiguration.{Name,Type,Value} to get that change in?

@bflad bflad self-assigned this Jan 5, 2021
@bflad bflad mentioned this issue Jan 5, 2021
Merged
@bflad bflad linked a pull request Jan 5, 2021 that will close this issue
VPC endpoint service private dns name support #16495
Merged
@bflad bflad added this to the v3.23.0 milestone Jan 5, 2021
@bflad
Copy link
Contributor

bflad commented Jan 5, 2021

Support for configurable private_dns_name and adding a private_dns_name_configuration attribute in the aws_vpc_endpoint_service resource has been merged and will release with version 3.23.0 of the Terraform AWS Provider. Thanks to @craigedmunds and @stijndehaes for their efforts here. 👍

@ghost
Copy link

ghost commented Jan 8, 2021

This has been released in version 3.23.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Feb 4, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Feb 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bflad bflad

Labels
enhancement Requests to existing resources that expand the functionality or scope. service/ec2 Issues and PRs that pertain to the ec2 service.
Projects
None yet
Milestone
v3.23.0
7 participants
@bflad @mattsawyer77 @craigedmunds @patcable @ewbankkit @isen-ng @codezninja