Skip to content

T
terraform-aws-vpc
Commit 2aca6d24 authored by tharun-allu's avatar tharun-allu Committed by Anton Babenko
Browse files
Options

API gateway Endpoint (#225)

parent ad7164bb
Show whitespace changes
Inline Side-by-side
Showing with 77 additions and 3 deletions
README.md
View file @ 2aca6d24
...@@ -15,7 +15,7 @@ These types of resources are supported: ...@@ -15,7 +15,7 @@ These types of resources are supported:
* [VPN Gateway](https://www.terraform.io/docs/providers/aws/r/vpn_gateway.html) * [VPN Gateway](https://www.terraform.io/docs/providers/aws/r/vpn_gateway.html)
* [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html): * [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html):
* Gateway: S3, DynamoDB * Gateway: S3, DynamoDB
* Interface: EC2, SSM, EC2 Messages, SSM Messages, ECR API, ECR DKR * Interface: EC2, SSM, EC2 Messages, SSM Messages, ECR API, ECR DKR, API Gateway
* [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html) * [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html)
* [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html) * [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html)
* [Redshift Subnet Group](https://www.terraform.io/docs/providers/aws/r/redshift_subnet_group.html) * [Redshift Subnet Group](https://www.terraform.io/docs/providers/aws/r/redshift_subnet_group.html)
...@@ -238,6 +238,7 @@ Terraform version 0.10.3 or newer is required for this module to work. ...@@ -238,6 +238,7 @@ Terraform version 0.10.3 or newer is required for this module to work.
| enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `"false"` | no | | enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `"false"` | no |
| enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | string | `"false"` | no | | enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | string | `"false"` | no |
| enable\_ssmmessages\_endpoint | Should be true if you want to provision a SSMMESSAGES endpoint to the VPC | string | `"false"` | no | | enable\_ssmmessages\_endpoint | Should be true if you want to provision a SSMMESSAGES endpoint to the VPC | string | `"false"` | no |
| enable\_apigw\_endpoint | Should be true if you want to provision a API Gateway endpoint to the VPC | string | `"false"` | no |
| enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `"false"` | no | | enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `"false"` | no |
| external\_nat\_ip\_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list | `[]` | no | | external\_nat\_ip\_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list | `[]` | no |
| igw\_tags | Additional tags for the internet gateway | map | `{}` | no | | igw\_tags | Additional tags for the internet gateway | map | `{}` | no |
...@@ -271,8 +272,10 @@ Terraform version 0.10.3 or newer is required for this module to work. ...@@ -271,8 +272,10 @@ Terraform version 0.10.3 or newer is required for this module to work.
| single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `"false"` | no | | single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `"false"` | no |
| ssm\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint | string | `"false"` | no | | ssm\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint | string | `"false"` | no |
| ssm\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSM endpoint | list | `[]` | no | | ssm\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSM endpoint | list | `[]` | no |
| apigw\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for API Gateway endpoint | list | `[]` | no |
| ssm\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | | ssm\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
| ssmmessages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint | string | `"false"` | no | | ssmmessages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint | string | `"false"` | no |
| apigw\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for API Gateway endpoint | string | `"false"` | no |
| ssmmessages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint | list | `[]` | no | | ssmmessages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint | list | `[]` | no |
| ssmmessages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | | ssmmessages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
| tags | A map of tags to add to all resources | map | `{}` | no | | tags | A map of tags to add to all resources | map | `{}` | no |
...@@ -369,4 +372,3 @@ Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with he ...@@ -369,4 +372,3 @@ Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with he
## License ## License
Apache 2 Licensed. See LICENSE for full details. Apache 2 Licensed. See LICENSE for full details.
examples/issue-224-vpcendpoint-apigw/main.tf 0 → 100644
View file @ 2aca6d24
provider "aws" {
region = "us-east-1"
}
data "aws_security_group" "default" {
name = "default"
vpc_id = "${module.vpc.vpc_id}"
}
module "vpc" {
source = "../../"
name = "complete-example"
cidr = "10.15.0.0/16"
azs = ["us-east-1a"]
private_subnets = ["10.15.1.0/24"]
# VPC endpoint for API gateway
enable_apigw_endpoint = true
apigw_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
apigw_endpoint_private_dns_enabled = true
tags = {
Owner = "user"
Environment = "test"
Name = "test-224"
}
}
main.tf
View file @ 2aca6d24
...@@ -530,6 +530,28 @@ resource "aws_vpc_endpoint" "ecr_dkr" { ...@@ -530,6 +530,28 @@ resource "aws_vpc_endpoint" "ecr_dkr" {
private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}" private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}"
} }
#######################
# VPC Endpoint for API Gateway
#######################
data "aws_vpc_endpoint_service" "apigw" {
count = "${var.create_vpc && var.enable_apigw_endpoint ? 1 : 0}"
service = "execute-api"
}
resource "aws_vpc_endpoint" "apigw" {
count = "${var.create_vpc && var.enable_apigw_endpoint ? 1 : 0}"
vpc_id = "${local.vpc_id}"
service_name = "${data.aws_vpc_endpoint_service.apigw.service_name}"
vpc_endpoint_type = "Interface"
security_group_ids = ["${var.apigw_endpoint_security_group_ids}"]
subnet_ids = ["${coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
private_dns_enabled = "${var.apigw_endpoint_private_dns_enabled}"
}
########################## ##########################
# Route table association # Route table association
########################## ##########################
......
variables.tf
View file @ 2aca6d24
...@@ -208,6 +208,26 @@ variable "enable_ssmmessages_endpoint" { ...@@ -208,6 +208,26 @@ variable "enable_ssmmessages_endpoint" {
default = false default = false
} }
variable "enable_apigw_endpoint" {
description = "Should be true if you want to provision an api gateway endpoint to the VPC"
default = false
}
variable "apigw_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for API GW endpoint"
default = []
}
variable "apigw_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for API GW endpoint"
default = false
}
variable "apigw_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for API GW endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
default = []
}
variable "ssmmessages_endpoint_security_group_ids" { variable "ssmmessages_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint" description = "The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint"
default = [] default = []
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment