AWS Config Rule: VPC Peering DNS Resolution Check
VPC_PEERING_DNS_RESOLUTION_CHECK
Eduardo Van Cauteren
Last Update 9 months ago
Description: Checks if DNS resolution from accepter/requester VPC to private IP is enabled. The rule is NON_COMPLIANT if DNS resolution from accepter/requester VPC to private IP is not enabled.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region
How to Resolve Manually
This AWS Config rule assesses whether DNS resolution to private IPs is enabled for the accepter/requester. If this configuration is found to be disabled, the rule will be flagged as non-compliant.
In order to resolve this, you first have to enable DNS Hostnames within the peering VPCs. To do this, go to VPC service within AWS Console then look for the desired VPC. Click on Actions > Edit VPC settings, ensure that Enable DNS hostnames is checked and click on Save button to apply changes.
Check this screenshot as reference:
Now we are going to enable the DNS resolution for the peering connection itself. To do this, look for the peering connection you want to make compliant and click on Edit DNS settings button. Then check Allow accepter VPC and Allow requester VPC checkboxes and finally click Save button.
Your configuration should look like this picture:
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
