How can I access VPC Endpoint interface from on prem client app?

Question

What options are available to allow on prem client make requests to VPC Endpoint (interface created for private RestAPI) ?

Do I absolutely need to use Corporate DNS? If I use corporate DNS, my concern is that all existing requests going to S3 by on prem will suddenly get routed and wont work as expected? Assuming here that I have also direct connect and transit gateway. Is a VPC Endpoint even necessary? Any insight is appreciated.

I'm making the assumption at this point that a VPC Endpoint is the solution for allowing on prem client to make request since it needs some VIP or url to make the request to. How else would I create a private RestAPI without a VPC endpoint?

Answer 1

I am assuming you are asking about Private API Gateway.
In this case VPC Endpoint is mandatory, as it is private.

When you create VPC Endpoint, it will generate some specific DNS names for this endpoint, you can use them to reach your API Gateway.

As you have Direct Connect, your best solution is to use Route53 Resolver.
In this solution your on-premise DNS will forward all resolution names that ends with amazonaws.com to Route53 Resolver.

Please, do not confuse name resolution with network connectivity, resolving names via Direct Connect doesn't mean all services request will flow via Direct Connect.

There is a good whitepapper about this solution:
https://d1.awsstatic.com/whitepapers/hybrid-cloud-dns-options-for-vpc.pdf