I did have a public dns hosted zone with a record for for go-ipfs-ceramic-prod-4-1-internal.example.com. Spent a chunk of time researching the issue given your response. I was able to resolve this specific issue by setting up a Private DNS hosted zone for the VPC and adding the record there. You have to deploy with terraform, let the ceramic container initially reach a looping failed state where it can’t find the ipfs container, then you can associate the DNS.
I am going to write out the full steps I used (see this thread on VPC config if you need prior context):
- Create a public hosted zone
ceramic.example.com(must own domain on route53)- assuming you have a separate hosted zone for
example.com, add aNSrecord to theexample.comhosted zone with the value being the nameservers found in theceramic.example.comhosted zone - Create ACM certificate for
ceramic.example.com(I had*.ceramic.example.comas secondary domain on SSL certificate but not sure if it matters) and add it to theceramic.example.comhosted domain in route53 (button press)
- assuming you have a separate hosted zone for
terraform apply- Create private hosted zone
ceramic.example.com- Create A record
go-ipfs-ceramic-prod-4-1-internal.ceramic.example.com(numbers may or may not change for you), pick alias > application/ classic load balancer >dualstack.internal-ceramic-prod-4-1-ipfs-nd-in-XXXXXXXX.us-east-1.elb.amazonaws.com.
- Create A record
There are still some issues so I don’t bother with adding the routes for the public ceramic.example.com hosted zones but it is the same process pointed to the public ipfs and ceramic ALB’s I assume. If it is not there will be another thread 