Added more VPC endpoints (Glue, STS, Sagemaker Notebook), and all missing outputs (#311)

* AWS Glue VPC endpoint * sagemaker notebook vpc endpoint * correct service name for notebook endpoint * added outputs kinesis * added endpoints output glue, fix readme * endpoint for STS * endpoint for STS (variables) * Added more VPC endpoints (Glue, STS, Sagemaker Notebook), and all missing outputs

Added more VPC endpoints (Glue, STS, Sagemaker Notebook), and all missing outputs (#311)
* AWS Glue VPC endpoint * sagemaker notebook vpc endpoint * correct service name for notebook endpoint * added outputs kinesis * added endpoints output glue, fix readme * endpoint for STS * endpoint for STS (variables) * Added more VPC endpoints (Glue, STS, Sagemaker Notebook), and all missing outputs
2fbaaacd · Edward Viaene · Anton Babenko · 013b7ab6 · 2fbaaacd · 2fbaaacd
Commit 2fbaaacd authored Sep 02, 2019 by Edward Viaene Committed by Anton Babenko Sep 02, 2019
Show whitespace changes
Inline Side-by-side

Showing with 965 additions and 633 deletions

README.md README.md +44 -1

main.tf main.tf +0 -632

outputs.tf outputs.tf +150 -0

variables.tf variables.tf +78 -0

vpc-endpoints.tf vpc-endpoints.tf +693 -0

No files found.
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ These types of resources are supported:
 * [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html):
  * Gateway: S3, DynamoDB
  * Interface: EC2, SSM, EC2 Messages, SSM Messages, SQS, ECR API, ECR DKR, API Gateway, KMS, 
-ECS, ECS Agent, ECS Telemetry, SNS, CloudWatch(Monitoring, Logs, Events), Elastic Load Balancing, CloudTrail, Secrets Manager, Config, Codebuild, Codecommit, Git-Codecommit, Transfer Server, Kinesis Streams, Kinesis Firehose
+ECS, ECS Agent, ECS Telemetry, SNS, STS, Glue, CloudWatch(Monitoring, Logs, Events), Elastic Load Balancing, CloudTrail, Secrets Manager, Config, Codebuild, Codecommit, Git-Codecommit, Transfer Server, Kinesis Streams, Kinesis Firehose, Sagemaker Notebook
 * [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html)
 * [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html)
 * [Redshift Subnet Group](https://www.terraform.io/docs/providers/aws/r/redshift_subnet_group.html)
@@ -312,6 +312,7 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | enable\_elasticloadbalancing\_endpoint | Should be true if you want to provision a Elastic Load Balancing endpoint to the VPC | bool | `"false"` | no |
 | enable\_events\_endpoint | Should be true if you want to provision a CloudWatch Events endpoint to the VPC | bool | `"false"` | no |
 | enable\_git\_codecommit\_endpoint | Should be true if you want to provision an Git Codecommit endpoint to the VPC | string | `"false"` | no |
+| enable\_glue\_endpoint | Should be true if you want to provision a Glue endpoint to the VPC | bool | `"false"` | no |
 | enable\_ipv6 | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. | bool | `"false"` | no |
 | enable\_kinesis\_firehose\_endpoint | Should be true if you want to provision a Kinesis Firehose endpoint to the VPC | bool | `"false"` | no |
 | enable\_kinesis\_streams\_endpoint | Should be true if you want to provision a Kinesis Streams endpoint to the VPC | bool | `"false"` | no |
@@ -321,11 +322,13 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | bool | `"false"` | no |
 | enable\_public\_redshift | Controls if redshift should have public routing table | bool | `"false"` | no |
 | enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | bool | `"false"` | no |
+| enable\_sagemaker\_notebook\_endpoint | Should be true if you want to provision a Sagemaker Notebook endpoint to the VPC | bool | `"false"` | no |
 | enable\_secretsmanager\_endpoint | Should be true if you want to provision an Secrets Manager endpoint to the VPC | bool | `"false"` | no |
 | enable\_sns\_endpoint | Should be true if you want to provision a SNS endpoint to the VPC | bool | `"false"` | no |
 | enable\_sqs\_endpoint | Should be true if you want to provision an SQS endpoint to the VPC | string | `"false"` | no |
 | enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | bool | `"false"` | no |
 | enable\_ssmmessages\_endpoint | Should be true if you want to provision a SSMMESSAGES endpoint to the VPC | bool | `"false"` | no |
+| enable\_sts\_endpoint | Should be true if you want to provision a STS endpoint to the VPC | bool | `"false"` | no |
 | enable\_transferserver\_endpoint | Should be true if you want to provision a Transer Server endpoint to the VPC | bool | `"false"` | no |
 | enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | bool | `"false"` | no |
 | events\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Events endpoint | bool | `"false"` | no |
@@ -335,6 +338,9 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | git\_codecommit\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint | string | `"false"` | no |
 | git\_codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint | list | `[]` | no |
 | git\_codecommit\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Git Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| glue\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Glue endpoint | bool | `"false"` | no |
+| glue\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Glue endpoint | list(string) | `[]` | no |
+| glue\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Glue endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
 | igw\_tags | Additional tags for the internet gateway | map(string) | `{}` | no |
 | instance\_tenancy | A tenancy option for instances launched into the VPC | string | `"default"` | no |
 | intra\_acl\_tags | Additional tags for the intra subnets network ACL | map(string) | `{}` | no |
@@ -403,6 +409,10 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | redshift\_subnet\_tags | Additional tags for the redshift subnets | map(string) | `{}` | no |
 | redshift\_subnets | A list of redshift subnets | list(string) | `[]` | no |
 | reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | bool | `"false"` | no |
+| sagemaker\_notebook\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Sagemaker Notebook endpoint | bool | `"false"` | no |
+| sagemaker\_notebook\_endpoint\_region | Region to use for Sagemaker Notebook endpoint | string | `""` | no |
+| sagemaker\_notebook\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Sagemaker Notebook endpoint | list(string) | `[]` | no |
+| sagemaker\_notebook\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Sagemaker Notebook endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
 | secondary\_cidr\_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list(string) | `[]` | no |
 | secretsmanager\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Secrets Manager endpoint | bool | `"false"` | no |
 | secretsmanager\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Secrets Manager endpoint | list(string) | `[]` | no |
@@ -420,6 +430,9 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | ssmmessages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint | bool | `"false"` | no |
 | ssmmessages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint | list(string) | `[]` | no |
 | ssmmessages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
+| sts\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for STS endpoint | bool | `"false"` | no |
+| sts\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for STS endpoint | list(string) | `[]` | no |
+| sts\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for STS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
 | tags | A map of tags to add to all resources | map(string) | `{}` | no |
 | transferserver\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Transfer Server endpoint | bool | `"false"` | no |
 | transferserver\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Transfer Server endpoint | list(string) | `[]` | no |
@@ -502,6 +515,15 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | vpc\_endpoint\_cloudtrail\_dns\_entry | The DNS entries for the VPC Endpoint for CloudTrail. |
 | vpc\_endpoint\_cloudtrail\_id | The ID of VPC endpoint for CloudTrail |
 | vpc\_endpoint\_cloudtrail\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CloudTrail. |
+| vpc\_endpoint\_codebuild\_dns\_entry | The DNS entries for the VPC Endpoint for codebuild. |
+| vpc\_endpoint\_codebuild\_id | The ID of VPC endpoint for codebuild |
+| vpc\_endpoint\_codebuild\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for codebuild. |
+| vpc\_endpoint\_codecommit\_dns\_entry | The DNS entries for the VPC Endpoint for codecommit. |
+| vpc\_endpoint\_codecommit\_id | The ID of VPC endpoint for codecommit |
+| vpc\_endpoint\_codecommit\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for codecommit. |
+| vpc\_endpoint\_config\_dns\_entry | The DNS entries for the VPC Endpoint for config. |
+| vpc\_endpoint\_config\_id | The ID of VPC endpoint for config |
+| vpc\_endpoint\_config\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for config. |
 | vpc\_endpoint\_dynamodb\_id | The ID of VPC endpoint for DynamoDB |
 | vpc\_endpoint\_dynamodb\_pl\_id | The prefix list for the DynamoDB VPC endpoint. |
 | vpc\_endpoint\_ec2\_dns\_entry | The DNS entries for the VPC Endpoint for EC2. |
@@ -531,6 +553,18 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | vpc\_endpoint\_events\_dns\_entry | The DNS entries for the VPC Endpoint for CloudWatch Events. |
 | vpc\_endpoint\_events\_id | The ID of VPC endpoint for CloudWatch Events |
 | vpc\_endpoint\_events\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CloudWatch Events. |
+| vpc\_endpoint\_git\_codecommit\_dns\_entry | The DNS entries for the VPC Endpoint for git_codecommit. |
+| vpc\_endpoint\_git\_codecommit\_id | The ID of VPC endpoint for git_codecommit |
+| vpc\_endpoint\_git\_codecommit\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for git_codecommit. |
+| vpc\_endpoint\_glue\_dns\_entry | The DNS entries for the VPC Endpoint for Glue. |
+| vpc\_endpoint\_glue\_id | The ID of VPC endpoint for Glue |
+| vpc\_endpoint\_glue\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Glue. |
+| vpc\_endpoint\_kinesis\_firehose\_dns\_entry | The DNS entries for the VPC Endpoint for Kinesis Firehose. |
+| vpc\_endpoint\_kinesis\_firehose\_id | The ID of VPC endpoint for Kinesis Firehose |
+| vpc\_endpoint\_kinesis\_firehose\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Kinesis Firehose. |
+| vpc\_endpoint\_kinesis\_streams\_dns\_entry | The DNS entries for the VPC Endpoint for Kinesis Streams. |
+| vpc\_endpoint\_kinesis\_streams\_id | The ID of VPC endpoint for Kinesis Streams |
+| vpc\_endpoint\_kinesis\_streams\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Kinesis Streams. |
 | vpc\_endpoint\_kms\_dns\_entry | The DNS entries for the VPC Endpoint for KMS. |
 | vpc\_endpoint\_kms\_id | The ID of VPC endpoint for KMS |
 | vpc\_endpoint\_kms\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for KMS. |
@@ -542,6 +576,9 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | vpc\_endpoint\_monitoring\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CloudWatch Monitoring. |
 | vpc\_endpoint\_s3\_id | The ID of VPC endpoint for S3 |
 | vpc\_endpoint\_s3\_pl\_id | The prefix list for the S3 VPC endpoint. |
+| vpc\_endpoint\_secretsmanager\_dns\_entry | The DNS entries for the VPC Endpoint for secretsmanager. |
+| vpc\_endpoint\_secretsmanager\_id | The ID of VPC endpoint for secretsmanager |
+| vpc\_endpoint\_secretsmanager\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for secretsmanager. |
 | vpc\_endpoint\_sns\_dns\_entry | The DNS entries for the VPC Endpoint for SNS. |
 | vpc\_endpoint\_sns\_id | The ID of VPC endpoint for SNS |
 | vpc\_endpoint\_sns\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SNS. |
@@ -554,6 +591,12 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | vpc\_endpoint\_ssmmessages\_dns\_entry | The DNS entries for the VPC Endpoint for SSMMESSAGES. |
 | vpc\_endpoint\_ssmmessages\_id | The ID of VPC endpoint for SSMMESSAGES |
 | vpc\_endpoint\_ssmmessages\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSMMESSAGES. |
+| vpc\_endpoint\_sts\_dns\_entry | The DNS entries for the VPC Endpoint for STS. |
+| vpc\_endpoint\_sts\_id | The ID of VPC endpoint for STS |
+| vpc\_endpoint\_sts\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for STS. |
+| vpc\_endpoint\_transferserver\_dns\_entry | The DNS entries for the VPC Endpoint for transferserver. |
+| vpc\_endpoint\_transferserver\_id | The ID of VPC endpoint for transferserver |
+| vpc\_endpoint\_transferserver\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for transferserver |
 | vpc\_id | The ID of the VPC |
 | vpc\_instance\_tenancy | Tenancy of instances spin up within VPC |
 | vpc\_ipv6\_association\_id | The association ID for the IPv6 CIDR block |

--- a/main.tf
+++ b/main.tf
@@ -876,638 +876,6 @@ resource "aws_route" "private_ipv6_egress" {
  egress_only_gateway_id      = element(aws_egress_only_internet_gateway.this.*.id, 0)
 }

-######################
-# VPC Endpoint for S3
-######################
-data "aws_vpc_endpoint_service" "s3" {
-  count = var.create_vpc && var.enable_s3_endpoint ? 1 : 0
-
-  service = "s3"
-}
-
-resource "aws_vpc_endpoint" "s3" {
-  count = var.create_vpc && var.enable_s3_endpoint ? 1 : 0
-
-  vpc_id       = local.vpc_id
-  service_name = data.aws_vpc_endpoint_service.s3[0].service_name
-}
-
-resource "aws_vpc_endpoint_route_table_association" "private_s3" {
-  count = var.create_vpc && var.enable_s3_endpoint ? local.nat_gateway_count : 0
-
-  vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
-  route_table_id  = element(aws_route_table.private.*.id, count.index)
-}
-
-resource "aws_vpc_endpoint_route_table_association" "intra_s3" {
-  count = var.create_vpc && var.enable_s3_endpoint && length(var.intra_subnets) > 0 ? 1 : 0
-
-  vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
-  route_table_id  = element(aws_route_table.intra.*.id, 0)
-}
-
-resource "aws_vpc_endpoint_route_table_association" "public_s3" {
-  count = var.create_vpc && var.enable_s3_endpoint && length(var.public_subnets) > 0 ? 1 : 0
-
-  vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
-  route_table_id  = aws_route_table.public[0].id
-}
-
-############################
-# VPC Endpoint for DynamoDB
-############################
-data "aws_vpc_endpoint_service" "dynamodb" {
-  count = var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0
-
-  service = "dynamodb"
-}
-
-resource "aws_vpc_endpoint" "dynamodb" {
-  count = var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0
-
-  vpc_id       = local.vpc_id
-  service_name = data.aws_vpc_endpoint_service.dynamodb[0].service_name
-}
-
-resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" {
-  count = var.create_vpc && var.enable_dynamodb_endpoint ? local.nat_gateway_count : 0
-
-  vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
-  route_table_id  = element(aws_route_table.private.*.id, count.index)
-}
-
-resource "aws_vpc_endpoint_route_table_association" "intra_dynamodb" {
-  count = var.create_vpc && var.enable_dynamodb_endpoint && length(var.intra_subnets) > 0 ? 1 : 0
-
-  vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
-  route_table_id  = element(aws_route_table.intra.*.id, 0)
-}
-
-resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
-  count = var.create_vpc && var.enable_dynamodb_endpoint && length(var.public_subnets) > 0 ? 1 : 0
-
-  vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
-  route_table_id  = aws_route_table.public[0].id
-}
-
-
-#############################
-# VPC Endpoint for Codebuild
-#############################
-data "aws_vpc_endpoint_service" "codebuild" {
-  count = var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0
-
-  service = "codebuild"
-}
-
-resource "aws_vpc_endpoint" "codebuild" {
-  count = var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.codebuild[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.codebuild_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.codebuild_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.codebuild_endpoint_private_dns_enabled
-}
-
-###############################
-# VPC Endpoint for Code Commit
-###############################
-data "aws_vpc_endpoint_service" "codecommit" {
-  count = var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0
-
-  service = "codecommit"
-}
-
-resource "aws_vpc_endpoint" "codecommit" {
-  count = var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.codecommit[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.codecommit_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.codecommit_endpoint_private_dns_enabled
-}
-
-###################################
-# VPC Endpoint for Git Code Commit
-###################################
-data "aws_vpc_endpoint_service" "git_codecommit" {
-  count = var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0
-
-  service = "git-codecommit"
-}
-
-resource "aws_vpc_endpoint" "git_codecommit" {
-  count = var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.git_codecommit[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.git_codecommit_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.git_codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.git_codecommit_endpoint_private_dns_enabled
-}
-
-##########################
-# VPC Endpoint for Config
-##########################
-data "aws_vpc_endpoint_service" "config" {
-  count = var.create_vpc && var.enable_config_endpoint ? 1 : 0
-
-  service = "config"
-}
-
-resource "aws_vpc_endpoint" "config" {
-  count = var.create_vpc && var.enable_config_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.config[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.config_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.config_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.config_endpoint_private_dns_enabled
-}
-
-#######################
-# VPC Endpoint for SQS
-#######################
-data "aws_vpc_endpoint_service" "sqs" {
-  count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
-
-  service = "sqs"
-}
-
-resource "aws_vpc_endpoint" "sqs" {
-  count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.sqs[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.sqs_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.sqs_endpoint_private_dns_enabled
-}
-
-###################################
-# VPC Endpoint for Secrets Manager
-###################################
-data "aws_vpc_endpoint_service" "secretsmanager" {
-  count = var.create_vpc && var.enable_secretsmanager_endpoint ? 1 : 0
-
-  service = "secretsmanager"
-}
-
-resource "aws_vpc_endpoint" "secretsmanager" {
-  count = var.create_vpc && var.enable_secretsmanager_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.secretsmanager[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.secretsmanager_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.secretsmanager_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.secretsmanager_endpoint_private_dns_enabled
-}
-
-#######################
-# VPC Endpoint for SSM
-#######################
-data "aws_vpc_endpoint_service" "ssm" {
-  count = var.create_vpc && var.enable_ssm_endpoint ? 1 : 0
-
-  service = "ssm"
-}
-
-resource "aws_vpc_endpoint" "ssm" {
-  count = var.create_vpc && var.enable_ssm_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.ssm[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.ssm_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.ssm_endpoint_private_dns_enabled
-}
-
-###############################
-# VPC Endpoint for SSMMESSAGES
-###############################
-data "aws_vpc_endpoint_service" "ssmmessages" {
-  count = var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0
-
-  service = "ssmmessages"
-}
-
-resource "aws_vpc_endpoint" "ssmmessages" {
-  count = var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.ssmmessages[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.ssmmessages_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.ssmmessages_endpoint_private_dns_enabled
-}
-
-#######################
-# VPC Endpoint for EC2
-#######################
-data "aws_vpc_endpoint_service" "ec2" {
-  count = var.create_vpc && var.enable_ec2_endpoint ? 1 : 0
-
-  service = "ec2"
-}
-
-resource "aws_vpc_endpoint" "ec2" {
-  count = var.create_vpc && var.enable_ec2_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.ec2[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.ec2_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.ec2_endpoint_private_dns_enabled
-}
-
-###############################
-# VPC Endpoint for EC2MESSAGES
-###############################
-data "aws_vpc_endpoint_service" "ec2messages" {
-  count = var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0
-
-  service = "ec2messages"
-}
-
-resource "aws_vpc_endpoint" "ec2messages" {
-  count = var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.ec2messages[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.ec2messages_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.ec2messages_endpoint_private_dns_enabled
-}
-
-###################################
-# VPC Endpoint for Transfer Server
-###################################
-data "aws_vpc_endpoint_service" "transferserver" {
-  count = var.create_vpc && var.enable_transferserver_endpoint ? 1 : 0
-
-  service = "transfer.server"
-}
-
-resource "aws_vpc_endpoint" "transferserver" {
-  count = var.create_vpc && var.enable_transferserver_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.transferserver[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.transferserver_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.transferserver_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.transferserver_endpoint_private_dns_enabled
-}
-
-###########################
-# VPC Endpoint for ECR API
-###########################
-data "aws_vpc_endpoint_service" "ecr_api" {
-  count = var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0
-
-  service = "ecr.api"
-}
-
-resource "aws_vpc_endpoint" "ecr_api" {
-  count = var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.ecr_api[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.ecr_api_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.ecr_api_endpoint_private_dns_enabled
-}
-
-###########################
-# VPC Endpoint for ECR DKR
-###########################
-data "aws_vpc_endpoint_service" "ecr_dkr" {
-  count = var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0
-
-  service = "ecr.dkr"
-}
-
-resource "aws_vpc_endpoint" "ecr_dkr" {
-  count = var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.ecr_dkr[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.ecr_dkr_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.ecr_dkr_endpoint_private_dns_enabled
-}
-
-#######################
-# VPC Endpoint for API Gateway
-#######################
-data "aws_vpc_endpoint_service" "apigw" {
-  count = var.create_vpc && var.enable_apigw_endpoint ? 1 : 0
-
-  service = "execute-api"
-}
-
-resource "aws_vpc_endpoint" "apigw" {
-  count = var.create_vpc && var.enable_apigw_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.apigw[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.apigw_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.apigw_endpoint_private_dns_enabled
-}
-
-#######################
-# VPC Endpoint for KMS
-#######################
-data "aws_vpc_endpoint_service" "kms" {
-  count = var.create_vpc && var.enable_kms_endpoint ? 1 : 0
-
-  service = "kms"
-}
-
-resource "aws_vpc_endpoint" "kms" {
-  count = var.create_vpc && var.enable_kms_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.kms[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.kms_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.kms_endpoint_private_dns_enabled
-}
-
-#######################
-# VPC Endpoint for ECS
-#######################
-data "aws_vpc_endpoint_service" "ecs" {
-  count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
-
-  service = "ecs"
-}
-
-resource "aws_vpc_endpoint" "ecs" {
-  count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.ecs[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.ecs_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.ecs_endpoint_private_dns_enabled
-}
-
-
-#######################
-# VPC Endpoint for ECS Agent
-#######################
-data "aws_vpc_endpoint_service" "ecs_agent" {
-  count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
-
-  service = "ecs-agent"
-}
-
-resource "aws_vpc_endpoint" "ecs_agent" {
-  count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.ecs_agent[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.ecs_agent_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.ecs_agent_endpoint_private_dns_enabled
-}
-
-
-#######################
-# VPC Endpoint for ECS Telemetry
-#######################
-data "aws_vpc_endpoint_service" "ecs_telemetry" {
-  count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
-
-  service = "ecs-telemetry"
-}
-
-resource "aws_vpc_endpoint" "ecs_telemetry" {
-  count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.ecs_telemetry[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.ecs_telemetry_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.ecs_telemetry_endpoint_private_dns_enabled
-}
-
-
-#######################
-# VPC Endpoint for SNS
-#######################
-data "aws_vpc_endpoint_service" "sns" {
-  count = var.create_vpc && var.enable_sns_endpoint ? 1 : 0
-
-  service = "sns"
-}
-
-resource "aws_vpc_endpoint" "sns" {
-  count = var.create_vpc && var.enable_sns_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.sns[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.sns_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.sns_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.sns_endpoint_private_dns_enabled
-}
-
-
-#######################
-# VPC Endpoint for CloudWatch Monitoring
-#######################
-data "aws_vpc_endpoint_service" "monitoring" {
-  count = var.create_vpc && var.enable_monitoring_endpoint ? 1 : 0
-
-  service = "monitoring"
-}
-
-resource "aws_vpc_endpoint" "monitoring" {
-  count = var.create_vpc && var.enable_monitoring_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.monitoring[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.monitoring_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.monitoring_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.monitoring_endpoint_private_dns_enabled
-}
-
-
-#######################
-# VPC Endpoint for CloudWatch Logs
-#######################
-data "aws_vpc_endpoint_service" "logs" {
-  count = var.create_vpc && var.enable_logs_endpoint ? 1 : 0
-
-  service = "logs"
-}
-
-resource "aws_vpc_endpoint" "logs" {
-  count = var.create_vpc && var.enable_logs_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.logs[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.logs_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.logs_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.logs_endpoint_private_dns_enabled
-}
-
-
-#######################
-# VPC Endpoint for CloudWatch Events
-#######################
-data "aws_vpc_endpoint_service" "events" {
-  count = var.create_vpc && var.enable_events_endpoint ? 1 : 0
-
-  service = "events"
-}
-
-resource "aws_vpc_endpoint" "events" {
-  count = var.create_vpc && var.enable_events_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.events[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.events_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.events_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.events_endpoint_private_dns_enabled
-}
-
-
-#######################
-# VPC Endpoint for Elastic Load Balancing
-#######################
-data "aws_vpc_endpoint_service" "elasticloadbalancing" {
-  count = var.create_vpc && var.enable_elasticloadbalancing_endpoint ? 1 : 0
-
-  service = "elasticloadbalancing"
-}
-
-resource "aws_vpc_endpoint" "elasticloadbalancing" {
-  count = var.create_vpc && var.enable_elasticloadbalancing_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.elasticloadbalancing[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.elasticloadbalancing_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.elasticloadbalancing_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.elasticloadbalancing_endpoint_private_dns_enabled
-}
-
-
-#######################
-# VPC Endpoint for CloudTrail
-#######################
-data "aws_vpc_endpoint_service" "cloudtrail" {
-  count = var.create_vpc && var.enable_cloudtrail_endpoint ? 1 : 0
-
-  service = "cloudtrail"
-}
-
-resource "aws_vpc_endpoint" "cloudtrail" {
-  count = var.create_vpc && var.enable_cloudtrail_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.cloudtrail[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.cloudtrail_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.cloudtrail_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.cloudtrail_endpoint_private_dns_enabled
-}
-
-
-#######################
-# VPC Endpoint for Kinesis Streams
-#######################
-data "aws_vpc_endpoint_service" "kinesis_streams" {
-  count = var.create_vpc && var.enable_kinesis_streams_endpoint ? 1 : 0
-
-  service = "kinesis-streams"
-}
-
-resource "aws_vpc_endpoint" "kinesis_streams" {
-  count = var.create_vpc && var.enable_kinesis_streams_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.kinesis_streams[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.kinesis_streams_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.kinesis_streams_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.kinesis_streams_endpoint_private_dns_enabled
-}
-
-
-#######################
-# VPC Endpoint for Kinesis Firehose
-#######################
-data "aws_vpc_endpoint_service" "kinesis_firehose" {
-  count = var.create_vpc && var.enable_kinesis_firehose_endpoint ? 1 : 0
-
-  service = "kinesis-firehose"
-}
-
-resource "aws_vpc_endpoint" "kinesis_firehose" {
-  count = var.create_vpc && var.enable_kinesis_firehose_endpoint ? 1 : 0
-
-  vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.kinesis_firehose[0].service_name
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = var.kinesis_firehose_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.kinesis_firehose_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.kinesis_firehose_endpoint_private_dns_enabled
-}
-
-
 ##########################
 # Route table association
 ##########################

--- a/outputs.tf
+++ b/outputs.tf
@@ -398,6 +398,81 @@ output "vpc_endpoint_sqs_dns_entry" {
  value       = flatten(aws_vpc_endpoint.sqs.*.dns_entry)
 }

+output "vpc_endpoint_codebuild_id" {
+  description = "The ID of VPC endpoint for codebuild"
+  value       = concat(aws_vpc_endpoint.codebuild.*.id, [""])[0]
+}
+
+output "vpc_endpoint_codebuild_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for codebuild."
+  value       = flatten(aws_vpc_endpoint.codebuild.*.network_interface_ids)
+}
+
+output "vpc_endpoint_codebuild_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for codebuild."
+  value       = flatten(aws_vpc_endpoint.codebuild.*.dns_entry)
+}
+
+output "vpc_endpoint_codecommit_id" {
+  description = "The ID of VPC endpoint for codecommit"
+  value       = concat(aws_vpc_endpoint.codecommit.*.id, [""])[0]
+}
+
+output "vpc_endpoint_codecommit_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for codecommit."
+  value       = flatten(aws_vpc_endpoint.codecommit.*.network_interface_ids)
+}
+
+output "vpc_endpoint_codecommit_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for codecommit."
+  value       = flatten(aws_vpc_endpoint.codecommit.*.dns_entry)
+}
+
+output "vpc_endpoint_git_codecommit_id" {
+  description = "The ID of VPC endpoint for git_codecommit"
+  value       = concat(aws_vpc_endpoint.git_codecommit.*.id, [""])[0]
+}
+
+output "vpc_endpoint_git_codecommit_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for git_codecommit."
+  value       = flatten(aws_vpc_endpoint.git_codecommit.*.network_interface_ids)
+}
+
+output "vpc_endpoint_git_codecommit_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for git_codecommit."
+  value       = flatten(aws_vpc_endpoint.git_codecommit.*.dns_entry)
+}
+
+output "vpc_endpoint_config_id" {
+  description = "The ID of VPC endpoint for config"
+  value       = concat(aws_vpc_endpoint.config.*.id, [""])[0]
+}
+
+output "vpc_endpoint_config_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for config."
+  value       = flatten(aws_vpc_endpoint.config.*.network_interface_ids)
+}
+
+output "vpc_endpoint_config_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for config."
+  value       = flatten(aws_vpc_endpoint.config.*.dns_entry)
+}
+
+output "vpc_endpoint_secretsmanager_id" {
+  description = "The ID of VPC endpoint for secretsmanager"
+  value       = concat(aws_vpc_endpoint.secretsmanager.*.id, [""])[0]
+}
+
+output "vpc_endpoint_secretsmanager_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for secretsmanager."
+  value       = flatten(aws_vpc_endpoint.secretsmanager.*.network_interface_ids)
+}
+
+output "vpc_endpoint_secretsmanager_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for secretsmanager."
+  value       = flatten(aws_vpc_endpoint.secretsmanager.*.dns_entry)
+}
+
 output "vpc_endpoint_ssm_id" {
  description = "The ID of VPC endpoint for SSM"
  value       = concat(aws_vpc_endpoint.ssm.*.id, [""])[0]
@@ -458,6 +533,36 @@ output "vpc_endpoint_ec2messages_dns_entry" {
  value       = flatten(aws_vpc_endpoint.ec2messages.*.dns_entry)
 }

+output "vpc_endpoint_transferserver_id" {
+  description = "The ID of VPC endpoint for transferserver"
+  value       = concat(aws_vpc_endpoint.transferserver.*.id, [""])[0]
+}
+
+output "vpc_endpoint_transferserver_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for transferserver"
+  value       = flatten(aws_vpc_endpoint.transferserver.*.network_interface_ids)
+}
+
+output "vpc_endpoint_transferserver_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for transferserver."
+  value       = flatten(aws_vpc_endpoint.transferserver.*.dns_entry)
+}
+
+output "vpc_endpoint_glue_id" {
+  description = "The ID of VPC endpoint for Glue"
+  value       = concat(aws_vpc_endpoint.glue.*.id, [""])[0]
+}
+
+output "vpc_endpoint_glue_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Glue."
+  value       = flatten(aws_vpc_endpoint.glue.*.network_interface_ids)
+}
+
+output "vpc_endpoint_glue_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Glue."
+  value       = flatten(aws_vpc_endpoint.glue.*.dns_entry)
+}
+
 output "vpc_endpoint_kms_id" {
  description = "The ID of VPC endpoint for KMS"
  value       = concat(aws_vpc_endpoint.kms.*.id, [""])[0]
@@ -473,6 +578,36 @@ output "vpc_endpoint_kms_dns_entry" {
  value       = flatten(aws_vpc_endpoint.kms.*.dns_entry)
 }

+output "vpc_endpoint_kinesis_firehose_id" {
+  description = "The ID of VPC endpoint for Kinesis Firehose"
+  value       = concat(aws_vpc_endpoint.kinesis_firehose.*.id, [""])[0]
+}
+
+output "vpc_endpoint_kinesis_firehose_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Kinesis Firehose."
+  value       = flatten(aws_vpc_endpoint.kinesis_firehose.*.network_interface_ids)
+}
+
+output "vpc_endpoint_kinesis_firehose_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Kinesis Firehose."
+  value       = flatten(aws_vpc_endpoint.kinesis_firehose.*.dns_entry)
+}
+
+output "vpc_endpoint_kinesis_streams_id" {
+  description = "The ID of VPC endpoint for Kinesis Streams"
+  value       = concat(aws_vpc_endpoint.kinesis_streams.*.id, [""])[0]
+}
+
+output "vpc_endpoint_kinesis_streams_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Kinesis Streams."
+  value       = flatten(aws_vpc_endpoint.kinesis_streams.*.network_interface_ids)
+}
+
+output "vpc_endpoint_kinesis_streams_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Kinesis Streams."
+  value       = flatten(aws_vpc_endpoint.kinesis_streams.*.dns_entry)
+}
+
 output "vpc_endpoint_ecr_api_id" {
  description = "The ID of VPC endpoint for ECR API"
  value       = concat(aws_vpc_endpoint.ecr_api.*.id, [""])[0]
@@ -653,6 +788,21 @@ output "vpc_endpoint_cloudtrail_dns_entry" {
  value       = flatten(aws_vpc_endpoint.cloudtrail.*.dns_entry)
 }

+output "vpc_endpoint_sts_id" {
+  description = "The ID of VPC endpoint for STS"
+  value       = concat(aws_vpc_endpoint.sts.*.id, [""])[0]
+}
+
+output "vpc_endpoint_sts_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for STS."
+  value       = flatten(aws_vpc_endpoint.sts.*.network_interface_ids)
+}
+
+output "vpc_endpoint_sts_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for STS."
+  value       = flatten(aws_vpc_endpoint.sts.*.dns_entry)
+}
+
 # Static values (arguments)
 output "azs" {
  description = "A list of availability zones specified as argument to this module"

--- a/variables.tf
+++ b/variables.tf
@@ -903,6 +903,84 @@ variable "kinesis_firehose_endpoint_private_dns_enabled" {
  default     = false
 }

+variable "enable_glue_endpoint" {
+  description = "Should be true if you want to provision a Glue endpoint to the VPC"
+  type        = bool
+  default     = false
+}
+
+variable "glue_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Glue endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "glue_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Glue endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "glue_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Glue endpoint"
+  type        = bool
+  default     = false
+}
+
+variable "enable_sagemaker_notebook_endpoint" {
+  description = "Should be true if you want to provision a Sagemaker Notebook endpoint to the VPC"
+  type        = bool
+  default     = false
+}
+
+variable "sagemaker_notebook_endpoint_region" {
+  description = "Region to use for Sagemaker Notebook endpoint"
+  type        = string
+  default     = ""
+}
+
+variable "sagemaker_notebook_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Sagemaker Notebook endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "sagemaker_notebook_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Sagemaker Notebook endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "sagemaker_notebook_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Sagemaker Notebook endpoint"
+  type        = bool
+  default     = false
+}
+
+variable "enable_sts_endpoint" {
+  description = "Should be true if you want to provision a STS endpoint to the VPC"
+  type        = bool
+  default     = false
+}
+
+variable "sts_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for STS endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "sts_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for STS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "sts_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for STS endpoint"
+  type        = bool
+  default     = false
+}
+
 variable "map_public_ip_on_launch" {
  description = "Should be false if you do not want to auto-assign public IP on launch"
  type        = bool

--- a/vpc-endpoints.tf
+++ b/vpc-endpoints.tf
+######################
+# VPC Endpoint for S3
+######################
+data "aws_vpc_endpoint_service" "s3" {
+  count = var.create_vpc && var.enable_s3_endpoint ? 1 : 0
+
+  service = "s3"
+}
+
+resource "aws_vpc_endpoint" "s3" {
+  count = var.create_vpc && var.enable_s3_endpoint ? 1 : 0
+
+  vpc_id       = local.vpc_id
+  service_name = data.aws_vpc_endpoint_service.s3[0].service_name
+}
+
+resource "aws_vpc_endpoint_route_table_association" "private_s3" {
+  count = var.create_vpc && var.enable_s3_endpoint ? local.nat_gateway_count : 0
+
+  vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
+  route_table_id  = element(aws_route_table.private.*.id, count.index)
+}
+
+resource "aws_vpc_endpoint_route_table_association" "intra_s3" {
+  count = var.create_vpc && var.enable_s3_endpoint && length(var.intra_subnets) > 0 ? 1 : 0
+
+  vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
+  route_table_id  = element(aws_route_table.intra.*.id, 0)
+}
+
+resource "aws_vpc_endpoint_route_table_association" "public_s3" {
+  count = var.create_vpc && var.enable_s3_endpoint && length(var.public_subnets) > 0 ? 1 : 0
+
+  vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
+  route_table_id  = aws_route_table.public[0].id
+}
+
+############################
+# VPC Endpoint for DynamoDB
+############################
+data "aws_vpc_endpoint_service" "dynamodb" {
+  count = var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0
+
+  service = "dynamodb"
+}
+
+resource "aws_vpc_endpoint" "dynamodb" {
+  count = var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0
+
+  vpc_id       = local.vpc_id
+  service_name = data.aws_vpc_endpoint_service.dynamodb[0].service_name
+}
+
+resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" {
+  count = var.create_vpc && var.enable_dynamodb_endpoint ? local.nat_gateway_count : 0
+
+  vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
+  route_table_id  = element(aws_route_table.private.*.id, count.index)
+}
+
+resource "aws_vpc_endpoint_route_table_association" "intra_dynamodb" {
+  count = var.create_vpc && var.enable_dynamodb_endpoint && length(var.intra_subnets) > 0 ? 1 : 0
+
+  vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
+  route_table_id  = element(aws_route_table.intra.*.id, 0)
+}
+
+resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
+  count = var.create_vpc && var.enable_dynamodb_endpoint && length(var.public_subnets) > 0 ? 1 : 0
+
+  vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
+  route_table_id  = aws_route_table.public[0].id
+}
+
+
+#############################
+# VPC Endpoint for Codebuild
+#############################
+data "aws_vpc_endpoint_service" "codebuild" {
+  count = var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0
+
+  service = "codebuild"
+}
+
+resource "aws_vpc_endpoint" "codebuild" {
+  count = var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.codebuild[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.codebuild_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.codebuild_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.codebuild_endpoint_private_dns_enabled
+}
+
+###############################
+# VPC Endpoint for Code Commit
+###############################
+data "aws_vpc_endpoint_service" "codecommit" {
+  count = var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0
+
+  service = "codecommit"
+}
+
+resource "aws_vpc_endpoint" "codecommit" {
+  count = var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.codecommit[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.codecommit_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.codecommit_endpoint_private_dns_enabled
+}
+
+###################################
+# VPC Endpoint for Git Code Commit
+###################################
+data "aws_vpc_endpoint_service" "git_codecommit" {
+  count = var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0
+
+  service = "git-codecommit"
+}
+
+resource "aws_vpc_endpoint" "git_codecommit" {
+  count = var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.git_codecommit[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.git_codecommit_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.git_codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.git_codecommit_endpoint_private_dns_enabled
+}
+
+##########################
+# VPC Endpoint for Config
+##########################
+data "aws_vpc_endpoint_service" "config" {
+  count = var.create_vpc && var.enable_config_endpoint ? 1 : 0
+
+  service = "config"
+}
+
+resource "aws_vpc_endpoint" "config" {
+  count = var.create_vpc && var.enable_config_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.config[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.config_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.config_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.config_endpoint_private_dns_enabled
+}
+
+#######################
+# VPC Endpoint for SQS
+#######################
+data "aws_vpc_endpoint_service" "sqs" {
+  count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
+
+  service = "sqs"
+}
+
+resource "aws_vpc_endpoint" "sqs" {
+  count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.sqs[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.sqs_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.sqs_endpoint_private_dns_enabled
+}
+
+###################################
+# VPC Endpoint for Secrets Manager
+###################################
+data "aws_vpc_endpoint_service" "secretsmanager" {
+  count = var.create_vpc && var.enable_secretsmanager_endpoint ? 1 : 0
+
+  service = "secretsmanager"
+}
+
+resource "aws_vpc_endpoint" "secretsmanager" {
+  count = var.create_vpc && var.enable_secretsmanager_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.secretsmanager[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.secretsmanager_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.secretsmanager_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.secretsmanager_endpoint_private_dns_enabled
+}
+
+#######################
+# VPC Endpoint for SSM
+#######################
+data "aws_vpc_endpoint_service" "ssm" {
+  count = var.create_vpc && var.enable_ssm_endpoint ? 1 : 0
+
+  service = "ssm"
+}
+
+resource "aws_vpc_endpoint" "ssm" {
+  count = var.create_vpc && var.enable_ssm_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.ssm[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.ssm_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.ssm_endpoint_private_dns_enabled
+}
+
+###############################
+# VPC Endpoint for SSMMESSAGES
+###############################
+data "aws_vpc_endpoint_service" "ssmmessages" {
+  count = var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0
+
+  service = "ssmmessages"
+}
+
+resource "aws_vpc_endpoint" "ssmmessages" {
+  count = var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.ssmmessages[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.ssmmessages_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.ssmmessages_endpoint_private_dns_enabled
+}
+
+#######################
+# VPC Endpoint for EC2
+#######################
+data "aws_vpc_endpoint_service" "ec2" {
+  count = var.create_vpc && var.enable_ec2_endpoint ? 1 : 0
+
+  service = "ec2"
+}
+
+resource "aws_vpc_endpoint" "ec2" {
+  count = var.create_vpc && var.enable_ec2_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.ec2[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.ec2_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.ec2_endpoint_private_dns_enabled
+}
+
+###############################
+# VPC Endpoint for EC2MESSAGES
+###############################
+data "aws_vpc_endpoint_service" "ec2messages" {
+  count = var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0
+
+  service = "ec2messages"
+}
+
+resource "aws_vpc_endpoint" "ec2messages" {
+  count = var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.ec2messages[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.ec2messages_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.ec2messages_endpoint_private_dns_enabled
+}
+
+###################################
+# VPC Endpoint for Transfer Server
+###################################
+data "aws_vpc_endpoint_service" "transferserver" {
+  count = var.create_vpc && var.enable_transferserver_endpoint ? 1 : 0
+
+  service = "transfer.server"
+}
+
+resource "aws_vpc_endpoint" "transferserver" {
+  count = var.create_vpc && var.enable_transferserver_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.transferserver[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.transferserver_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.transferserver_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.transferserver_endpoint_private_dns_enabled
+}
+
+###########################
+# VPC Endpoint for ECR API
+###########################
+data "aws_vpc_endpoint_service" "ecr_api" {
+  count = var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0
+
+  service = "ecr.api"
+}
+
+resource "aws_vpc_endpoint" "ecr_api" {
+  count = var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.ecr_api[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.ecr_api_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.ecr_api_endpoint_private_dns_enabled
+}
+
+###########################
+# VPC Endpoint for ECR DKR
+###########################
+data "aws_vpc_endpoint_service" "ecr_dkr" {
+  count = var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0
+
+  service = "ecr.dkr"
+}
+
+resource "aws_vpc_endpoint" "ecr_dkr" {
+  count = var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.ecr_dkr[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.ecr_dkr_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.ecr_dkr_endpoint_private_dns_enabled
+}
+
+#######################
+# VPC Endpoint for API Gateway
+#######################
+data "aws_vpc_endpoint_service" "apigw" {
+  count = var.create_vpc && var.enable_apigw_endpoint ? 1 : 0
+
+  service = "execute-api"
+}
+
+resource "aws_vpc_endpoint" "apigw" {
+  count = var.create_vpc && var.enable_apigw_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.apigw[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.apigw_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.apigw_endpoint_private_dns_enabled
+}
+
+#######################
+# VPC Endpoint for KMS
+#######################
+data "aws_vpc_endpoint_service" "kms" {
+  count = var.create_vpc && var.enable_kms_endpoint ? 1 : 0
+
+  service = "kms"
+}
+
+resource "aws_vpc_endpoint" "kms" {
+  count = var.create_vpc && var.enable_kms_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.kms[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.kms_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.kms_endpoint_private_dns_enabled
+}
+
+#######################
+# VPC Endpoint for ECS
+#######################
+data "aws_vpc_endpoint_service" "ecs" {
+  count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
+
+  service = "ecs"
+}
+
+resource "aws_vpc_endpoint" "ecs" {
+  count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.ecs[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.ecs_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.ecs_endpoint_private_dns_enabled
+}
+
+
+#######################
+# VPC Endpoint for ECS Agent
+#######################
+data "aws_vpc_endpoint_service" "ecs_agent" {
+  count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
+
+  service = "ecs-agent"
+}
+
+resource "aws_vpc_endpoint" "ecs_agent" {
+  count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.ecs_agent[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.ecs_agent_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.ecs_agent_endpoint_private_dns_enabled
+}
+
+
+#######################
+# VPC Endpoint for ECS Telemetry
+#######################
+data "aws_vpc_endpoint_service" "ecs_telemetry" {
+  count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
+
+  service = "ecs-telemetry"
+}
+
+resource "aws_vpc_endpoint" "ecs_telemetry" {
+  count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.ecs_telemetry[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.ecs_telemetry_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.ecs_telemetry_endpoint_private_dns_enabled
+}
+
+
+#######################
+# VPC Endpoint for SNS
+#######################
+data "aws_vpc_endpoint_service" "sns" {
+  count = var.create_vpc && var.enable_sns_endpoint ? 1 : 0
+
+  service = "sns"
+}
+
+resource "aws_vpc_endpoint" "sns" {
+  count = var.create_vpc && var.enable_sns_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.sns[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.sns_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.sns_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.sns_endpoint_private_dns_enabled
+}
+
+
+#######################
+# VPC Endpoint for CloudWatch Monitoring
+#######################
+data "aws_vpc_endpoint_service" "monitoring" {
+  count = var.create_vpc && var.enable_monitoring_endpoint ? 1 : 0
+
+  service = "monitoring"
+}
+
+resource "aws_vpc_endpoint" "monitoring" {
+  count = var.create_vpc && var.enable_monitoring_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.monitoring[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.monitoring_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.monitoring_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.monitoring_endpoint_private_dns_enabled
+}
+
+
+#######################
+# VPC Endpoint for CloudWatch Logs
+#######################
+data "aws_vpc_endpoint_service" "logs" {
+  count = var.create_vpc && var.enable_logs_endpoint ? 1 : 0
+
+  service = "logs"
+}
+
+resource "aws_vpc_endpoint" "logs" {
+  count = var.create_vpc && var.enable_logs_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.logs[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.logs_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.logs_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.logs_endpoint_private_dns_enabled
+}
+
+
+#######################
+# VPC Endpoint for CloudWatch Events
+#######################
+data "aws_vpc_endpoint_service" "events" {
+  count = var.create_vpc && var.enable_events_endpoint ? 1 : 0
+
+  service = "events"
+}
+
+resource "aws_vpc_endpoint" "events" {
+  count = var.create_vpc && var.enable_events_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.events[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.events_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.events_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.events_endpoint_private_dns_enabled
+}
+
+
+#######################
+# VPC Endpoint for Elastic Load Balancing
+#######################
+data "aws_vpc_endpoint_service" "elasticloadbalancing" {
+  count = var.create_vpc && var.enable_elasticloadbalancing_endpoint ? 1 : 0
+
+  service = "elasticloadbalancing"
+}
+
+resource "aws_vpc_endpoint" "elasticloadbalancing" {
+  count = var.create_vpc && var.enable_elasticloadbalancing_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.elasticloadbalancing[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.elasticloadbalancing_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.elasticloadbalancing_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.elasticloadbalancing_endpoint_private_dns_enabled
+}
+
+
+#######################
+# VPC Endpoint for CloudTrail
+#######################
+data "aws_vpc_endpoint_service" "cloudtrail" {
+  count = var.create_vpc && var.enable_cloudtrail_endpoint ? 1 : 0
+
+  service = "cloudtrail"
+}
+
+resource "aws_vpc_endpoint" "cloudtrail" {
+  count = var.create_vpc && var.enable_cloudtrail_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.cloudtrail[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.cloudtrail_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.cloudtrail_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.cloudtrail_endpoint_private_dns_enabled
+}
+
+
+#######################
+# VPC Endpoint for Kinesis Streams
+#######################
+data "aws_vpc_endpoint_service" "kinesis_streams" {
+  count = var.create_vpc && var.enable_kinesis_streams_endpoint ? 1 : 0
+
+  service = "kinesis-streams"
+}
+
+resource "aws_vpc_endpoint" "kinesis_streams" {
+  count = var.create_vpc && var.enable_kinesis_streams_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.kinesis_streams[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.kinesis_streams_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.kinesis_streams_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.kinesis_streams_endpoint_private_dns_enabled
+}
+
+
+#######################
+# VPC Endpoint for Kinesis Firehose
+#######################
+data "aws_vpc_endpoint_service" "kinesis_firehose" {
+  count = var.create_vpc && var.enable_kinesis_firehose_endpoint ? 1 : 0
+
+  service = "kinesis-firehose"
+}
+
+resource "aws_vpc_endpoint" "kinesis_firehose" {
+  count = var.create_vpc && var.enable_kinesis_firehose_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.kinesis_firehose[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.kinesis_firehose_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.kinesis_firehose_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.kinesis_firehose_endpoint_private_dns_enabled
+}
+
+#######################
+# VPC Endpoint for Glue
+#######################
+data "aws_vpc_endpoint_service" "glue" {
+  count = var.create_vpc && var.enable_glue_endpoint ? 1 : 0
+
+  service = "glue"
+}
+
+resource "aws_vpc_endpoint" "glue" {
+  count = var.create_vpc && var.enable_glue_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.glue[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.glue_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.glue_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.glue_endpoint_private_dns_enabled
+}
+
+######################################
+# VPC Endpoint for Sagemaker Notebooks
+######################################
+data "aws_vpc_endpoint_service" "sagemaker_notebook" {
+  count = var.create_vpc && var.enable_sagemaker_notebook_endpoint ? 1 : 0
+
+  service_name = "aws.sagemaker.${var.sagemaker_notebook_endpoint_region}.notebook"
+}
+
+resource "aws_vpc_endpoint" "sagemaker_notebook" {
+  count = var.create_vpc && var.enable_sagemaker_notebook_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.sagemaker_notebook[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.sagemaker_notebook_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.sagemaker_notebook_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.sagemaker_notebook_endpoint_private_dns_enabled
+}
+
+#######################
+# VPC Endpoint for STS
+#######################
+data "aws_vpc_endpoint_service" "sts" {
+  count = var.create_vpc && var.enable_sts_endpoint ? 1 : 0
+
+  service = "sts"
+}
+
+resource "aws_vpc_endpoint" "sts" {
+  count = var.create_vpc && var.enable_sts_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.sts[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.sts_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.sts_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.sts_endpoint_private_dns_enabled
+}