Enable DNS resolution for a VPC peering connection
To enable a VPC to resolve public IPv4 DNS hostnames to private IPv4 addresses when queried from instances in the peer VPC, you must modify your existing peering connection.
Both VPCs must be enabled for DNS hostnames and DNS resolution.
You cannot enable DNS resolution support when you create a new peering connection.
You can enable DNS resolution support for an existing peering connection that's in
the active
state.
To enable DNS resolution for a peering connection
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Peering connections.
-
Select the VPC peering connection, and choose Actions, Edit DNS settings.
-
To ensure that queries from the peer VPC resolve to private IP addresses in your local VPC, choose the option to enable DNS resolution for queries from the peer VPC. This option is Requester DNS resolution or Accepter DNS resolution, depending on whether the VPC is the requester or accepter VPC.
-
If the peer VPC is in the same AWS account, you can enable DNS resolution for both VPCs in the peering connection.
-
Choose Save changes.
-
If the peer VPC is in a different AWS account or a different Region, the owner of the peer VPC must sign into the VPC console, perform steps 2 through 4, and choose Save changes.
To enable DNS resolution using the command line or an API
-
modify-vpc-peering-connection-options (AWS CLI)
-
Edit-EC2VpcPeeringConnectionOption (AWS Tools for Windows PowerShell)
-
ModifyVpcPeeringConnectionOptions (Amazon EC2 Query API)
You must modify the requester VPC peering options if you are the requester of the VPC peering connection, and you must modify the accepter VPC peering options if you are the accepter of the VPC peering connection. You can use the describe-vpc-peering-connections or Get-EC2VpcPeeringConnections commands to verify which VPC is the accepter and the requester for a VPC peering connection. For inter-Region peering connections, you must use the Region for the requester VPC to modify the requester VPC peering options and the Region for the accepter VPC to modify the accepter VPC peering options.
In this example, you are the requester of the VPC peering connection, therefore modify the peering connection options using the AWS CLI as follows:
aws ec2 modify-vpc-peering-connection-options --vpc-peering-connection-id
pcx-aaaabbbb
--requester-peering-connection-options AllowDnsResolutionFromRemoteVpc=true