Why does this setting prevent the custom VPC endpoint from resolving the api.mypurecloud.com hostname despite correct route table associations in the us-west-2 region?
“Ensure the VPC endpoint policy allows full access to the aws:PrincipalOrgId for the Genesys Cloud organization.”
The integration fails with a 504 Gateway Timeout on /api/v2/users/me when routed through the private endpoint, whereas public internet access works instantly. The AppFoundry instance is deployed in the same AWS account as the BYOC resources.
TL;DR: Check your DNS policy.
In Zendesk, we rarely deal with VPC endpoints, but in Genesys Cloud, the private hosted zone must override public resolution. Ensure the VPC endpoint policy includes Allow for execute-api:Invoke. A 504 often means the request reaches the endpoint but lacks permissions to forward to the platform API.
Make sure you verify the DNS resolution path.
- Check that the VPC endpoint policy explicitly permits
execute-api:Invoke for the specific AWS account.
- Confirm the private hosted zone is associated with the VPC to override public DNS records.
- Validate route table entries point correctly to the endpoint ID rather than the NAT gateway.
The best way to fix this is to bypass the DNS policy debate and simulate the traffic pattern directly. The 504 timeout suggests the request is hitting the endpoint but getting dropped by rate limits or connection pool exhaustion, which is common when shifting to private endpoints without adjusting concurrency.
I ran a quick JMeter test from Singapore targeting the api.mypurecloud.com endpoint through a similar VPC setup. The throughput dropped significantly once concurrent threads exceeded 50. The private endpoint often has stricter WebSocket connection limits than the public gateway.
Check your JMeter thread group settings. If you are simulating high call volumes, ensure the HTTP Request Defaults sampler has Keep-Alive enabled. Also, verify the Connection Timeout is set to at least 10000ms. The platform API can be sluggish under load on private links.
<hashTree>
<HTTPSamplerProxy>
<stringProp name="HTTPSampler.request_timeout">10000</stringProp>
<boolProp name="HTTPSampler.use_keepalive">true</boolProp>
</HTTPSamplerProxy>
</hashTree>
Monitor the api/v2/users/me response times. If they spike, the issue is capacity, not DNS.