DNS configuration for AWS Management Console and AWS Sign-In

To route your network traffic to respective VPC endpoints, configure DNS records in the network from which your users will be accessing the AWS Management Console. These DNS records will direct your users browser traffic toward the VPC endpoints you created.

You can create a single hosted zone. However, endpoints such as health.aws.amazon.com and docs.aws.amazon.com won't be accessible because they don't have VPC endpoints. You will need to route these domains to the public internet. We recommend that you create two private hosted zones per Region, one for signin.aws.amazon.com and one for console.aws.amazon.com with the following CNAME records:

For instructions on creating a CNAME record, see Working with records in the Amazon Route 53 Developer Guide.

Some AWS consoles, including Amazon S3, use different patterns for their DNS names. The following are two examples:

To be able to direct this traffic to your AWS Management Console VPC endpoint, you need to add those names individually. We recommend that you configure routing for all endpoints for a fully private experience. However, this isn't required to use AWS Management Console Private Access.

The following json files contain the full list of AWS services and console endpoints to configure per Region. Use the PrivateIpv4DnsNames field under the com.amazonaws.region.console endpoint for the DNS names.

If you use Route 53 to configure your DNS, go to https://console.aws.amazon.com/route53/v2/hostedzones# to verify the DNS setup. For each Private Hosted Zone in Route 53, verify that the following record sets are present.