VPC Endpoint for AWS Secrets Manager

Question:

Route table (in private subnet) won’t change by adding VPCE as destination for aws secrets manager. Tried with new SG too (not using default SG).
Any idea ?

Answer:

Based on the comments.

Secrets Manager (SM) uses VPC interface endpoints. This is new generation of endpoints, as compared to VPC gateway endpoints for S3 and DynamoDB. The new generation does not modify route tables (RTs). In contrast, the gateway endpoints do modify RTs specified when creating these endpoints.

For seamless work with the interface endpoints, it is important that the VPC has enableDnsHostnames and enableDnsSupport enabled, as well as private DNS for the endpoint. In addition, security group of the endpoint usually needs to be adjusted to allow connections on port 443.

Leave a Reply