I have a lambda function running inside my private subnet. According to the docs, this endpoint needs to be specified under the endpoint-url parameter.
This parameter exists inside the CLI, however not within the Boto3 implementation of the same function!
What gives? How do I encrypt from within my VPC using Boto3 (using the default url causes a EndpointConnectionError: Could not connect to the endpoint URL error- even though I already set it as a private DNS as per the docs)?
In Boto3 you set the endpoint URL when you create the client, not when you call individual methods on the client.
client = boto3.kms("kms", endpoint_url="your_kms_URL")
client.encrypt()
Although if this is going to a VPC Interface Endpoint, you might want to review your VPC's DNS settings, and the endpoints Security Group settings, because this should be working out-of-the-box without the need to explicitly specify the endpoint in code.