The website requests an image or whatever from 27748626267848298474.example.com
, where the number is unique for the visitor. To load the content the browser has to resolve the DNS for it, and the randomness ensures it won’t be cached anywhere as it’s just for you. So it queries its DNS server which queries your DNS provider which queries the website’s DNS server. From there the website’s DNS server can see where the request came from and the website can tell you where it came from and who it’s associated with if known.
Yes it absolutely can be used for fingerprinting. Everything can be used for fingerprinting, and we refuse to fix it because “but who thinks of the ad companies???”.
AWS does have plenty of VPN solutions for this, but likely not with the credentials you have because they’re usually very specific. And it’s probably intentional, if they wanted to give you VPN access they’d give you VPN access.