Create Route 53 Inbound Endpoints
Create Route 53 Inbound Endpoints
To allow your on-premise DNS system to query Route 53 Resolver for any DNS zones (e.g., Private Zones) hosted on Route 53, you need to create a Route 53 Inbound Endpoint. Inbound Endpoint is a bridge for other services to query Route 53 for domain name resolution. When you create an Inbound Endpoint, AWS will create an elastic network interface (ENI) in each availability zone (AZ) you specify to receive incoming DNS queries.
- Access Route 53 console through the search box and search for Route 53.
- Expand the left sidebar, select Inbound endpoints and select Create inbound endpoint.
- On the Create inbound endpoint page, enter the following information:
- In Endpoint name:
R53-InboundEndpoint - VPC in the Region: HybridDNS-VPCStack-. (This is the VPC created by CloudFormation in the previous section)
- Security group for this endpoint: d-###….#_controllers. (This is the security group that CloudFormation created to protect connections to AWS Managed Microsoft Active Directory)
- In Endpoint name:
-
In Endpoint Type, select: IPv4
-
In Protocols for this endpoint, select: Do53
3. Configure IP Addresses
- In IP address #1:
- In Availability Zone, select “ap-southeast-1a”
- In Subnet, select “Private subnet 1A”
- In IP address, select “Use an IP address that is selected automatically”
- In IP address #2:
- In Availability Zone, select “ap-southeast-1c”
- In Subnet, select “Private subnet 2A”
- In IP address, select “Use an IP address that is selected automatically”
- Select Create inbound endpoint
- Complete creating Inbound Endpoint
- When the Inbound Endpoints are created, click on the inbound endpoint to view the endpoint details. You will see the IP addresses that have been assigned to the inbound endpoints. AWS injects an elastic network interface (ENI) into your subnet and assigns this IP address to the ENI.
