Terraform creates VPC endpoint resources on AWS.
module "endpoints" {
source = "git@github.com:examplae/aws-vpc-endpoints.git"
master_prefix = "dev"
aws_region = "ap-southeast-1"
assume_role = "arn:aws:iam::111122223333:role/AWSAFTExecution"
vpc_id = "vpc-12345678"
security_group_ids = ["sg-12345678"]
endpoints = {
s3 = {
# interface endpoint
service = "s3"
tags = { Name = "s3-vpc-endpoint" }
},
sqs = {
service = "sqs"
private_dns_enabled = true
security_group_ids = ["sg-987654321"]
subnet_ids = ["subnet-12345678", "subnet-87654321"]
tags = { Name = "sqs-vpc-endpoint" }
},
}
endpoint_services = {
integration = {
network_load_balancer_arns = [
"arn:aws:elasticloadbalancing:ap-southeast-1:123456789012:loadbalancer/net/non-prod/8add86a6da89e57e"
],
}
}
}- Complete-VPC with VPC Endpoints.
| Name | Version |
|---|---|
| terraform | >= 0.13.1 |
| aws | >= 4.0 |
| Name | Version |
|---|---|
| aws | >= 4.0 |
| Name | Source | Version |
|---|---|---|
| security_group | git::https://github.com/GalaxyFinX/aws-security-group.git | v1.1.0 |
| Name | Type |
|---|---|
| aws_vpc_endpoint.this | resource |
| aws_vpc_endpoint_connection_notification.connection_notification | resource |
| aws_vpc_endpoint_service.endpoint_service | resource |
| aws_vpc_endpoint_service_allowed_principal.allowed_principal | resource |
| aws_region.current | data source |
| aws_vpc_endpoint_service.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| master_prefix | Prefix name | string |
n/a | yes |
| allowed_principals | A list of the ARNs of principal to allow to discover a VPC endpoint service. | list(string) |
[] |
no |
| assume_role | AssumeRole to manage the resources within account that owns | string |
null |
no |
| aws_region | AWS Region name to deploy resources. | string |
"ap-southeast-1" |
no |
| create | Determines whether resources will be created | bool |
true |
no |
| create_security_group | A boolean flag to determine whether to create Security Group. | bool |
false |
no |
| endpoint_services | A map of endpoint services containing their properties and configurations | any |
{} |
no |
| endpoints | A map of interface and/or gateway endpoints containing their properties and configurations | any |
{} |
no |
| notification_configurations | A list of configurations of Endpoint Connection Notifications for VPC Endpoint events. | list(object({ |
[] |
no |
| security_group_extend_rules | A list of maps of Security Group rules. The values of map is fully complated with aws_security_group_rule resource.To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule. { type = "ingress" from_port = 6379 to_port = 6379 protocol = "tcp" cidr_blocks = [] security_group_id = "sg-123456789" } |
any |
[] |
no |
| security_group_ids | Default security group IDs to associate with the VPC endpoints | list(string) |
[] |
no |
| security_group_rules | A list of maps of Security Group rules. The values of map is fully complated with aws_security_group_rule resource.To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule. { type = "ingress" from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] source_security_group_id = null self = null }, |
any |
[ |
no |
| security_name | Name of the security group. | string |
"endpoint-proxy" |
no |
| subnet_ids | Default subnets IDs to associate with the VPC endpoints | list(string) |
[] |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| timeouts | Define maximum timeout for creating, updating, and deleting VPC endpoint resources | map(string) |
{} |
no |
| vpc_id | The ID of the VPC in which the endpoint will be used | string |
null |
no |
| Name | Description |
|---|---|
| dns_entry_endpoints | List of the DNS entries for the VPC Endpoint created |
| private_dns_name_endpoint_services | List of the endpoint service private DNS name configuration |
| service_name_endpoint_services | List of the service name for endpoint services created |