Added VPC endpoints from #311 to Terraform 0.11 branch (#319)

* add missing endpoints from #311 * fix mistakes in endpoint names * added endpoints cloudformation, codepipeline, appmesh, sagemaker (api+runtime), transfer, servicecatalog, storagegateway * fix mistakes in endpoint names * fix mistakes in endpoint names * add endpoint tag to full example * terraform format

Added VPC endpoints from #311 to Terraform 0.11 branch (#319)
* add missing endpoints from #311 * fix mistakes in endpoint names * added endpoints cloudformation, codepipeline, appmesh, sagemaker (api+runtime), transfer, servicecatalog, storagegateway * fix mistakes in endpoint names * fix mistakes in endpoint names * add endpoint tag to full example * terraform format
5a731972 · Ilia Lazebnik · Anton Babenko · 5d852eff · 5a731972 · 5a731972
Commit 5a731972 authored Sep 03, 2019 by Ilia Lazebnik Committed by Anton Babenko Sep 03, 2019
6 changed files
--- a/README.md
+++ b/README.md
@@ -207,12 +207,30 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | apigw\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for API GW endpoint | string | `"false"` | no |
 | apigw\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for API GW  endpoint | list | `[]` | no |
 | apigw\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for API GW endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| appmesh\_envoy\_management\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for APPMESH Envoy Management endpoint | string | `"false"` | no |
+| appmesh\_envoy\_management\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for APPMESH Envoy Management endpoint | list | `[]` | no |
+| appmesh\_envoy\_management\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for APPMESH Envoy Management endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `"false"` | no |
 | azs | A list of availability zones in the region | list | `[]` | no |
 | cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `"0.0.0.0/0"` | no |
+| cloudformation\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CloudFormation endpoint | string | `"false"` | no |
+| cloudformation\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CloudFormation endpoint | list | `[]` | no |
+| cloudformation\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CloudFormation endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | cloudtrail\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CloudTrail endpoint | string | `"false"` | no |
 | cloudtrail\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CloudTrail endpoint | list | `[]` | no |
 | cloudtrail\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CloudTrail endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| codebuild\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CodeBuild endpoint | string | `"false"` | no |
+| codebuild\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CodeBuild endpoint | list | `[]` | no |
+| codebuild\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CodeBuild endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| codecommit\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CodeCommit endpoint | string | `"false"` | no |
+| codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CodeCommit endpoint | list | `[]` | no |
+| codecommit\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CodeCommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| codepipeline\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CodePipeline endpoint | string | `"false"` | no |
+| codepipeline\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CodePipeline endpoint | list | `[]` | no |
+| codepipeline\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CodePipeline endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| config\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Config endpoint | string | `"false"` | no |
+| config\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Config endpoint | list | `[]` | no |
+| config\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Config endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `"false"` | no |
 | create\_database\_nat\_gateway\_route | Controls if a nat gateway route should be created to give internet access to the database subnets | string | `"false"` | no |
 | create\_database\_subnet\_group | Controls if database subnet group should be created | string | `"true"` | no |
@@ -279,7 +297,13 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | elasticloadbalancing\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Elastic Load Balancing endpoint | list | `[]` | no |
 | elasticloadbalancing\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Elastic Load Balancing endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | enable\_apigw\_endpoint | Should be true if you want to provision an api gateway endpoint to the VPC | string | `"false"` | no |
+| enable\_appmesh\_envoy\_management\_endpoint | Should be true if you want to provision an APPMESH Envoy Management endpoint to the VPC | string | `"false"` | no |
+| enable\_cloudformation\_endpoint | Should be true if you want to provision an CloudFormation endpoint to the VPC | string | `"false"` | no |
 | enable\_cloudtrail\_endpoint | Should be true if you want to provision a CloudTrail endpoint to the VPC | string | `"false"` | no |
+| enable\_codebuild\_endpoint | Should be true if you want to provision an CodeBuild endpoint to the VPC | string | `"false"` | no |
+| enable\_codecommit\_endpoint | Should be true if you want to provision an CodeCommit endpointto the VPC | string | `"false"` | no |
+| enable\_codepipeline\_endpoint | Should be true if you want to provision an CodePipeline endpoint to the VPC | string | `"false"` | no |
+| enable\_config\_endpoint | Should be true if you want to provision an Config endpoint to the VPC | string | `"false"` | no |
 | enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `"false"` | no |
 | enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | string | `"false"` | no |
 | enable\_dns\_support | Should be true to enable DNS support in the VPC | string | `"true"` | no |
@@ -293,21 +317,40 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | enable\_ecs\_telemetry\_endpoint | Should be true if you want to provision a ECS Telemetry endpoint to the VPC | string | `"false"` | no |
 | enable\_elasticloadbalancing\_endpoint | Should be true if you want to provision a Elastic Load Balancing endpoint to the VPC | string | `"false"` | no |
 | enable\_events\_endpoint | Should be true if you want to provision a CloudWatch Events endpoint to the VPC | string | `"false"` | no |
+| enable\_git\_codecommit\_endpoint | Should be true if you want to provision an Git CodeCommit endpoint to the VPC | string | `"false"` | no |
+| enable\_glue\_endpoint | Should be true if you want to provision an Glue endpoint to the VPC | string | `"false"` | no |
+| enable\_kinesis\_firehose\_endpoint | Should be true if you want to provision an Kinesis Firehose endpoint to the VPC | string | `"false"` | no |
+| enable\_kinesis\_streams\_endpoint | Should be true if you want to provision an Kinesis Streams endpoint to the VPC | string | `"false"` | no |
 | enable\_kms\_endpoint | Should be true if you want to provision a KMS endpoint to the VPC | string | `"false"` | no |
 | enable\_logs\_endpoint | Should be true if you want to provision a CloudWatch Logs endpoint to the VPC | string | `"false"` | no |
 | enable\_monitoring\_endpoint | Should be true if you want to provision a CloudWatch Monitoring endpoint to the VPC | string | `"false"` | no |
 | enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `"false"` | no |
 | enable\_public\_redshift | Controls if redshift should have public routing table | string | `"false"` | no |
 | enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `"false"` | no |
+| enable\_sagemaker\_api\_endpoint | Should be true if you want to provision an Sagemaker API endpoint to the VPC | string | `"false"` | no |
+| enable\_sagemaker\_notebook\_endpoint | Should be true if you want to provision an SageMaker Notebook endpoint to the VPC | string | `"false"` | no |
+| enable\_sagemaker\_runtime\_endpoint | Should be true if you want to provision an Sagemaker Runtime endpoint to the VPC | string | `"false"` | no |
+| enable\_secretsmanager\_endpoint | Should be true if you want to provision an Secrets Manager endpoint to the VPC | string | `"false"` | no |
+| enable\_servicecatalog\_endpoint | Should be true if you want to provision an Service Catalog endpoint to the VPC | string | `"false"` | no |
 | enable\_sns\_endpoint | Should be true if you want to provision a SNS endpoint to the VPC | string | `"false"` | no |
 | enable\_sqs\_endpoint | Should be true if you want to provision an SQS endpoint to the VPC | string | `"false"` | no |
 | enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | string | `"false"` | no |
 | enable\_ssmmessages\_endpoint | Should be true if you want to provision a SSMMESSAGES endpoint to the VPC | string | `"false"` | no |
+| enable\_storagegateway\_endpoint | Should be true if you want to provision an Storage Gateway endpoint to the VPC | string | `"false"` | no |
+| enable\_sts\_endpoint | Should be true if you want to provision an STS endpoint to the VPC | string | `"false"` | no |
+| enable\_transfer\_endpoint | Should be true if you want to provision an Transfer endpoint to the VPC | string | `"false"` | no |
+| enable\_transferserver\_endpoint | Should be true if you want to provision an Transfer Server endpoint to the VPC | string | `"false"` | no |
 | enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `"false"` | no |
 | events\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Events endpoint | string | `"false"` | no |
 | events\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CloudWatch Events endpoint | list | `[]` | no |
 | events\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CloudWatch Events endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | external\_nat\_ip\_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list | `[]` | no |
+| git\_codecommit\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Git CodeCommit endpoint | string | `"false"` | no |
+| git\_codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Git CodeCommit endpoint | list | `[]` | no |
+| git\_codecommit\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Git CodeCommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| glue\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Glue endpoint | string | `"false"` | no |
+| glue\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Glue endpoint | list | `[]` | no |
+| glue\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Glue endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | igw\_tags | Additional tags for the internet gateway | map | `{}` | no |
 | instance\_tenancy | A tenancy option for instances launched into the VPC | string | `"default"` | no |
 | intra\_acl\_tags | Additional tags for the intra subnets network ACL | map | `{}` | no |
@@ -318,6 +361,12 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | intra\_subnet\_suffix | Suffix to append to intra subnets name | string | `"intra"` | no |
 | intra\_subnet\_tags | Additional tags for the intra subnets | map | `{}` | no |
 | intra\_subnets | A list of intra subnets | list | `[]` | no |
+| kinesis\_firehose\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Kinesis Firehose endpoint | string | `"false"` | no |
+| kinesis\_firehose\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Kinesis Firehose endpoint | list | `[]` | no |
+| kinesis\_firehose\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Kinesis Firehose endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| kinesis\_streams\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Kinesis Streams endpoint | string | `"false"` | no |
+| kinesis\_streams\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Kinesis Streams endpoint | list | `[]` | no |
+| kinesis\_streams\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Kinesis Streams endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | kms\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for KMS endpoint | string | `"false"` | no |
 | kms\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for KMS endpoint | list | `[]` | no |
 | kms\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for KMS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
@@ -362,7 +411,23 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | redshift\_subnet\_tags | Additional tags for the redshift subnets | map | `{}` | no |
 | redshift\_subnets | A list of redshift subnets | list | `[]` | no |
 | reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `"false"` | no |
+| sagemaker\_api\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Sagemaker API endpoint | string | `"false"` | no |
+| sagemaker\_api\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Sagemaker API endpoint | list | `[]` | no |
+| sagemaker\_api\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Sagemaker API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| sagemaker\_notebook\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SageMaker Notebook endpoint | string | `"false"` | no |
+| sagemaker\_notebook\_endpoint\_region | Region to use for Sagemaker Notebook endpoint | string | `""` | no |
+| sagemaker\_notebook\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SageMaker Notebook endpoint | list | `[]` | no |
+| sagemaker\_notebook\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SageMaker Notebook endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| sagemaker\_runtime\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Sagemaker Runtime endpoint | string | `"false"` | no |
+| sagemaker\_runtime\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Sagemaker Runtime endpoint | list | `[]` | no |
+| sagemaker\_runtime\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Sagemaker Runtime endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | secondary\_cidr\_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list | `[]` | no |
+| secretsmanager\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Secrets Manager endpoint | string | `"false"` | no |
+| secretsmanager\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Secrets Manager endpoint | list | `[]` | no |
+| secretsmanager\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Secrets Manager endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| servicecatalog\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Service Catalog endpoint | string | `"false"` | no |
+| servicecatalog\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Service Catalog endpoint | list | `[]` | no |
+| servicecatalog\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Service Catalog endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `"false"` | no |
 | sns\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SNS endpoint | string | `"false"` | no |
 | sns\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SNS endpoint | list | `[]` | no |
@@ -376,7 +441,19 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | ssmmessages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint | string | `"false"` | no |
 | ssmmessages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint | list | `[]` | no |
 | ssmmessages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| storagegateway\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Storage Gateway endpoint | string | `"false"` | no |
+| storagegateway\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Storage Gateway endpoint | list | `[]` | no |
+| storagegateway\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Storage Gateway endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| sts\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for STS endpoint | string | `"false"` | no |
+| sts\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for STS endpoint | list | `[]` | no |
+| sts\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for STS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | tags | A map of tags to add to all resources | map | `{}` | no |
+| transfer\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Transfer endpoint | string | `"false"` | no |
+| transfer\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Transfer endpoint | list | `[]` | no |
+| transfer\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Transfer endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | list | `[]` | no |
+| transferserver\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Transfer Server endpoint | string | `"false"` | no |
+| transferserver\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Transfer Server endpoint | list | `[]` | no |
+| transferserver\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Transfer Server endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | vpc\_endpoint\_tags | Additional tags for the VPC Endpoints | map | `{}` | no |
 | vpc\_tags | Additional tags for the VPC | map | `{}` | no |
 | vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `""` | no |
@@ -448,6 +525,15 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | vpc\_endpoint\_cloudtrail\_dns\_entry | The DNS entries for the VPC Endpoint for CloudTrail. |
 | vpc\_endpoint\_cloudtrail\_id | The ID of VPC endpoint for CloudTrail |
 | vpc\_endpoint\_cloudtrail\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CloudTrail. |
+| vpc\_endpoint\_codebuild\_dns\_entry | The DNS entries for the VPC Endpoint for CodeBuild. |
+| vpc\_endpoint\_codebuild\_id | The ID of VPC endpoint for CodeBuild |
+| vpc\_endpoint\_codebuild\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CodeBuild. |
+| vpc\_endpoint\_codecommit\_dns\_entry | The DNS entries for the VPC Endpoint for CodeCommit. |
+| vpc\_endpoint\_codecommit\_id | The ID of VPC endpoint for CodeCommit |
+| vpc\_endpoint\_codecommit\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CodeCommit. |
+| vpc\_endpoint\_config\_dns\_entry | The DNS entries for the VPC Endpoint for Config. |
+| vpc\_endpoint\_config\_id | The ID of VPC endpoint for Config |
+| vpc\_endpoint\_config\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Config. |
 | vpc\_endpoint\_dynamodb\_id | The ID of VPC endpoint for DynamoDB |
 | vpc\_endpoint\_dynamodb\_pl\_id | The prefix list for the DynamoDB VPC endpoint. |
 | vpc\_endpoint\_ec2\_dns\_entry | The DNS entries for the VPC Endpoint for EC2. |
@@ -477,6 +563,18 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | vpc\_endpoint\_events\_dns\_entry | The DNS entries for the VPC Endpoint for CloudWatch Events. |
 | vpc\_endpoint\_events\_id | The ID of VPC endpoint for CloudWatch Events |
 | vpc\_endpoint\_events\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CloudWatch Events. |
+| vpc\_endpoint\_git\_codecommit\_dns\_entry | The DNS entries for the VPC Endpoint for Git CodeCommit. |
+| vpc\_endpoint\_git\_codecommit\_id | The ID of VPC endpoint for Git CodeCommit |
+| vpc\_endpoint\_git\_codecommit\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Git CodeCommit. |
+| vpc\_endpoint\_glue\_dns\_entry | The DNS entries for the VPC Endpoint for Glue. |
+| vpc\_endpoint\_glue\_id | The ID of VPC endpoint for Glue |
+| vpc\_endpoint\_glue\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Glue. |
+| vpc\_endpoint\_kinesis\_firehose\_dns\_entry | The DNS entries for the VPC Endpoint for Kinesis Firehose. |
+| vpc\_endpoint\_kinesis\_firehose\_id | The ID of VPC endpoint for Kinesis Firehose |
+| vpc\_endpoint\_kinesis\_firehose\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Kinesis Firehose. |
+| vpc\_endpoint\_kinesis\_streams\_dns\_entry | The DNS entries for the VPC Endpoint for Kinesis Streams. |
+| vpc\_endpoint\_kinesis\_streams\_id | The ID of VPC endpoint for Kinesis Streams |
+| vpc\_endpoint\_kinesis\_streams\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Kinesis Streams. |
 | vpc\_endpoint\_kms\_dns\_entry | The DNS entries for the VPC Endpoint for KMS. |
 | vpc\_endpoint\_kms\_id | The ID of VPC endpoint for KMS |
 | vpc\_endpoint\_kms\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for KMS. |
@@ -488,6 +586,12 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | vpc\_endpoint\_monitoring\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CloudWatch Monitoring. |
 | vpc\_endpoint\_s3\_id | The ID of VPC endpoint for S3 |
 | vpc\_endpoint\_s3\_pl\_id | The prefix list for the S3 VPC endpoint. |
+| vpc\_endpoint\_sagemaker\_notebook\_dns\_entry | The DNS entries for the VPC Endpoint for SageMaker Notebook. |
+| vpc\_endpoint\_sagemaker\_notebook\_id | The ID of VPC endpoint for SageMaker Notebook |
+| vpc\_endpoint\_sagemaker\_notebook\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SageMaker Notebook. |
+| vpc\_endpoint\_secretsmanager\_dns\_entry | The DNS entries for the VPC Endpoint for Secrets Manager. |
+| vpc\_endpoint\_secretsmanager\_id | The ID of VPC endpoint for Secrets Manager |
+| vpc\_endpoint\_secretsmanager\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Secrets Manager. |
 | vpc\_endpoint\_sns\_dns\_entry | The DNS entries for the VPC Endpoint for SNS. |
 | vpc\_endpoint\_sns\_id | The ID of VPC endpoint for SNS |
 | vpc\_endpoint\_sns\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SNS. |
@@ -500,6 +604,12 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | vpc\_endpoint\_ssmmessages\_dns\_entry | The DNS entries for the VPC Endpoint for SSMMESSAGES. |
 | vpc\_endpoint\_ssmmessages\_id | The ID of VPC endpoint for SSMMESSAGES |
 | vpc\_endpoint\_ssmmessages\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSMMESSAGES. |
+| vpc\_endpoint\_sts\_dns\_entry | The DNS entries for the VPC Endpoint for STS. |
+| vpc\_endpoint\_sts\_id | The ID of VPC endpoint for STS |
+| vpc\_endpoint\_sts\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for STS. |
+| vpc\_endpoint\_transferserver\_dns\_entry | The DNS entries for the VPC Endpoint for Transfer Server. |
+| vpc\_endpoint\_transferserver\_id | The ID of VPC endpoint for Transfer Server |
+| vpc\_endpoint\_transferserver\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Transfer Server. |
 | vpc\_id | The ID of the VPC |
 | vpc\_instance\_tenancy | Tenancy of instances spin up within VPC |
 | vpc\_main\_route\_table\_id | The ID of the main route table associated with this VPC |

--- a/examples/complete-vpc/main.tf
+++ b/examples/complete-vpc/main.tf
@@ -97,4 +97,8 @@ module "vpc" {
    Environment = "staging"
    Name        = "complete"
  }
+
+  vpc_endpoint_tags = {
+    Endpoint = true
+  }
 }
--- a/main.tf
+++ b/main.tf
@@ -589,498 +589,6 @@ resource "aws_route" "private_nat_gateway" {
  }
 }

-######################
-# VPC Endpoint for S3
-######################
-data "aws_vpc_endpoint_service" "s3" {
-  count = "${var.create_vpc && var.enable_s3_endpoint ? 1 : 0}"
-
-  service = "s3"
-}
-
-resource "aws_vpc_endpoint" "s3" {
-  count = "${var.create_vpc && var.enable_s3_endpoint ? 1 : 0}"
-
-  vpc_id       = "${local.vpc_id}"
-  service_name = "${data.aws_vpc_endpoint_service.s3.service_name}"
-
-  tags = "${local.vpce_tags}"
-}
-
-resource "aws_vpc_endpoint_route_table_association" "private_s3" {
-  count = "${var.create_vpc && var.enable_s3_endpoint ? local.nat_gateway_count : 0}"
-
-  vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}"
-  route_table_id  = "${element(aws_route_table.private.*.id, count.index)}"
-}
-
-resource "aws_vpc_endpoint_route_table_association" "intra_s3" {
-  count = "${var.create_vpc && var.enable_s3_endpoint && length(var.intra_subnets) > 0 ? 1 : 0}"
-
-  vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}"
-  route_table_id  = "${element(aws_route_table.intra.*.id, 0)}"
-}
-
-resource "aws_vpc_endpoint_route_table_association" "public_s3" {
-  count = "${var.create_vpc && var.enable_s3_endpoint && length(var.public_subnets) > 0 ? 1 : 0}"
-
-  vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}"
-  route_table_id  = "${aws_route_table.public.id}"
-}
-
-############################
-# VPC Endpoint for DynamoDB
-############################
-data "aws_vpc_endpoint_service" "dynamodb" {
-  count = "${var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0}"
-
-  service = "dynamodb"
-}
-
-resource "aws_vpc_endpoint" "dynamodb" {
-  count = "${var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0}"
-
-  vpc_id       = "${local.vpc_id}"
-  service_name = "${data.aws_vpc_endpoint_service.dynamodb.service_name}"
-
-  tags = "${local.vpce_tags}"
-}
-
-resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" {
-  count = "${var.create_vpc && var.enable_dynamodb_endpoint ? local.nat_gateway_count : 0}"
-
-  vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}"
-  route_table_id  = "${element(aws_route_table.private.*.id, count.index)}"
-}
-
-resource "aws_vpc_endpoint_route_table_association" "intra_dynamodb" {
-  count = "${var.create_vpc && var.enable_dynamodb_endpoint && length(var.intra_subnets) > 0 ? 1 : 0}"
-
-  vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}"
-  route_table_id  = "${element(aws_route_table.intra.*.id, 0)}"
-}
-
-resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
-  count = "${var.create_vpc && var.enable_dynamodb_endpoint && length(var.public_subnets) > 0 ? 1 : 0}"
-
-  vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}"
-  route_table_id  = "${aws_route_table.public.id}"
-}
-
-#######################
-# VPC Endpoint for SQS
-#######################
-data "aws_vpc_endpoint_service" "sqs" {
-  count = "${var.create_vpc && var.enable_sqs_endpoint ? 1 : 0}"
-
-  service = "sqs"
-}
-
-resource "aws_vpc_endpoint" "sqs" {
-  count = "${var.create_vpc && var.enable_sqs_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.sqs.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.sqs_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.sqs_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-#######################
-# VPC Endpoint for SSM
-#######################
-data "aws_vpc_endpoint_service" "ssm" {
-  count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}"
-
-  service = "ssm"
-}
-
-resource "aws_vpc_endpoint" "ssm" {
-  count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.ssm.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.ssm_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.ssm_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-###############################
-# VPC Endpoint for SSMMESSAGES
-###############################
-data "aws_vpc_endpoint_service" "ssmmessages" {
-  count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}"
-
-  service = "ssmmessages"
-}
-
-resource "aws_vpc_endpoint" "ssmmessages" {
-  count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.ssmmessages.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.ssmmessages_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.ssmmessages_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-#######################
-# VPC Endpoint for EC2
-#######################
-data "aws_vpc_endpoint_service" "ec2" {
-  count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}"
-
-  service = "ec2"
-}
-
-resource "aws_vpc_endpoint" "ec2" {
-  count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.ec2.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.ec2_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.ec2_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-###############################
-# VPC Endpoint for EC2MESSAGES
-###############################
-data "aws_vpc_endpoint_service" "ec2messages" {
-  count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}"
-
-  service = "ec2messages"
-}
-
-resource "aws_vpc_endpoint" "ec2messages" {
-  count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.ec2messages.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.ec2messages_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.ec2messages_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-###########################
-# VPC Endpoint for ECR API
-###########################
-data "aws_vpc_endpoint_service" "ecr_api" {
-  count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}"
-
-  service = "ecr.api"
-}
-
-resource "aws_vpc_endpoint" "ecr_api" {
-  count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.ecr_api.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.ecr_api_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.ecr_api_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-###########################
-# VPC Endpoint for ECR DKR
-###########################
-data "aws_vpc_endpoint_service" "ecr_dkr" {
-  count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}"
-
-  service = "ecr.dkr"
-}
-
-resource "aws_vpc_endpoint" "ecr_dkr" {
-  count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.ecr_dkr.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.ecr_dkr_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-#######################
-# VPC Endpoint for API Gateway
-#######################
-data "aws_vpc_endpoint_service" "apigw" {
-  count = "${var.create_vpc && var.enable_apigw_endpoint ? 1 : 0}"
-
-  service = "execute-api"
-}
-
-resource "aws_vpc_endpoint" "apigw" {
-  count = "${var.create_vpc && var.enable_apigw_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.apigw.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.apigw_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.apigw_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-#######################
-# VPC Endpoint for KMS
-#######################
-data "aws_vpc_endpoint_service" "kms" {
-  count = "${var.create_vpc && var.enable_kms_endpoint ? 1 : 0}"
-
-  service = "kms"
-}
-
-resource "aws_vpc_endpoint" "kms" {
-  count = "${var.create_vpc && var.enable_kms_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.kms.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.kms_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.kms_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-#######################
-# VPC Endpoint for ECS
-#######################
-data "aws_vpc_endpoint_service" "ecs" {
-  count = "${var.create_vpc && var.enable_ecs_endpoint ? 1 : 0}"
-
-  service = "ecs"
-}
-
-resource "aws_vpc_endpoint" "ecs" {
-  count = "${var.create_vpc && var.enable_ecs_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.ecs.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.ecs_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.ecs_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-#######################
-# VPC Endpoint for ECS Agent
-#######################
-data "aws_vpc_endpoint_service" "ecs_agent" {
-  count = "${var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0}"
-
-  service = "ecs-agent"
-}
-
-resource "aws_vpc_endpoint" "ecs_agent" {
-  count = "${var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.ecs_agent.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.ecs_agent_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.ecs_agent_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-#######################
-# VPC Endpoint for ECS Telemetry
-#######################
-data "aws_vpc_endpoint_service" "ecs_telemetry" {
-  count = "${var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0}"
-
-  service = "ecs-telemetry"
-}
-
-resource "aws_vpc_endpoint" "ecs_telemetry" {
-  count = "${var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.ecs_telemetry.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.ecs_telemetry_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.ecs_telemetry_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-#######################
-# VPC Endpoint for Elasic Load Balancing
-#######################
-data "aws_vpc_endpoint_service" "elasticloadbalancing" {
-  count = "${var.create_vpc && var.enable_elasticloadbalancing_endpoint ? 1 : 0}"
-
-  service = "elasticloadbalancing"
-}
-
-resource "aws_vpc_endpoint" "elasticloadbalancing" {
-  count = "${var.create_vpc && var.enable_elasticloadbalancing_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.elasticloadbalancing.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.elasticloadbalancing_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.elasticloadbalancing_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.elasticloadbalancing_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-#######################
-# VPC Endpoint for SNS
-#######################
-data "aws_vpc_endpoint_service" "sns" {
-  count = "${var.create_vpc && var.enable_sns_endpoint ? 1 : 0}"
-
-  service = "sns"
-}
-
-resource "aws_vpc_endpoint" "sns" {
-  count = "${var.create_vpc && var.enable_sns_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.sns.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.sns_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.sns_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.sns_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-#######################
-# VPC Endpoint for CloudWatch Logs
-#######################
-data "aws_vpc_endpoint_service" "logs" {
-  count = "${var.create_vpc && var.enable_logs_endpoint ? 1 : 0}"
-
-  service = "logs"
-}
-
-resource "aws_vpc_endpoint" "logs" {
-  count = "${var.create_vpc && var.enable_logs_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.logs.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.logs_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.logs_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.logs_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-#######################
-# VPC Endpoint for CloudTrail
-#######################
-data "aws_vpc_endpoint_service" "cloudtrail" {
-  count = "${var.create_vpc && var.enable_cloudtrail_endpoint ? 1 : 0}"
-
-  service = "cloudtrail"
-}
-
-resource "aws_vpc_endpoint" "cloudtrail" {
-  count = "${var.create_vpc && var.enable_cloudtrail_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.cloudtrail.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.cloudtrail_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.cloudtrail_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.cloudtrail_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-#######################
-# VPC Endpoint for CloudWatch Monitoring
-#######################
-data "aws_vpc_endpoint_service" "monitoring" {
-  count = "${var.create_vpc && var.enable_monitoring_endpoint ? 1 : 0}"
-
-  service = "monitoring"
-}
-
-resource "aws_vpc_endpoint" "monitoring" {
-  count = "${var.create_vpc && var.enable_monitoring_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.monitoring.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.monitoring_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.monitoring_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.monitoring_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
-#######################
-# VPC Endpoint for CloudWatch Events
-#######################
-data "aws_vpc_endpoint_service" "events" {
-  count = "${var.create_vpc && var.enable_events_endpoint ? 1 : 0}"
-
-  service = "events"
-}
-
-resource "aws_vpc_endpoint" "events" {
-  count = "${var.create_vpc && var.enable_events_endpoint ? 1 : 0}"
-
-  vpc_id            = "${local.vpc_id}"
-  service_name      = "${data.aws_vpc_endpoint_service.events.service_name}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids  = ["${var.events_endpoint_security_group_ids}"]
-  subnet_ids          = ["${coalescelist(var.events_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
-  private_dns_enabled = "${var.events_endpoint_private_dns_enabled}"
-
-  tags = "${local.vpce_tags}"
-}
-
 ##########################
 # Route table association
 ##########################

--- a/outputs.tf
+++ b/outputs.tf
@@ -614,6 +614,171 @@ output "vpc_endpoint_events_dns_entry" {
  value       = "${flatten(aws_vpc_endpoint.events.*.dns_entry)}"
 }

+output "vpc_endpoint_codebuild_id" {
+  description = "The ID of VPC endpoint for CodeBuild"
+  value       = "${element(concat(aws_vpc_endpoint.codebuild.*.id, list("")), 0)}"
+}
+
+output "vpc_endpoint_codebuild_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for CodeBuild."
+  value       = "${flatten(aws_vpc_endpoint.codebuild.*.network_interface_ids)}"
+}
+
+output "vpc_endpoint_codebuild_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for CodeBuild."
+  value       = "${flatten(aws_vpc_endpoint.codebuild.*.dns_entry)}"
+}
+
+output "vpc_endpoint_codecommit_id" {
+  description = "The ID of VPC endpoint for CodeCommit"
+  value       = "${element(concat(aws_vpc_endpoint.codecommit.*.id, list("")), 0)}"
+}
+
+output "vpc_endpoint_codecommit_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for CodeCommit."
+  value       = "${flatten(aws_vpc_endpoint.codecommit.*.network_interface_ids)}"
+}
+
+output "vpc_endpoint_codecommit_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for CodeCommit."
+  value       = "${flatten(aws_vpc_endpoint.codecommit.*.dns_entry)}"
+}
+
+output "vpc_endpoint_git_codecommit_id" {
+  description = "The ID of VPC endpoint for Git CodeCommit"
+  value       = "${element(concat(aws_vpc_endpoint.git_codecommit.*.id, list("")), 0)}"
+}
+
+output "vpc_endpoint_git_codecommit_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Git CodeCommit."
+  value       = "${flatten(aws_vpc_endpoint.git_codecommit.*.network_interface_ids)}"
+}
+
+output "vpc_endpoint_git_codecommit_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Git CodeCommit."
+  value       = "${flatten(aws_vpc_endpoint.git_codecommit.*.dns_entry)}"
+}
+
+output "vpc_endpoint_config_id" {
+  description = "The ID of VPC endpoint for Config"
+  value       = "${element(concat(aws_vpc_endpoint.config.*.id, list("")), 0)}"
+}
+
+output "vpc_endpoint_config_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Config."
+  value       = "${flatten(aws_vpc_endpoint.config.*.network_interface_ids)}"
+}
+
+output "vpc_endpoint_config_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Config."
+  value       = "${flatten(aws_vpc_endpoint.config.*.dns_entry)}"
+}
+
+output "vpc_endpoint_secretsmanager_id" {
+  description = "The ID of VPC endpoint for Secrets Manager"
+  value       = "${element(concat(aws_vpc_endpoint.secretsmanager.*.id, list("")), 0)}"
+}
+
+output "vpc_endpoint_secretsmanager_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Secrets Manager."
+  value       = "${flatten(aws_vpc_endpoint.secretsmanager.*.network_interface_ids)}"
+}
+
+output "vpc_endpoint_secretsmanager_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Secrets Manager."
+  value       = "${flatten(aws_vpc_endpoint.secretsmanager.*.dns_entry)}"
+}
+
+output "vpc_endpoint_transferserver_id" {
+  description = "The ID of VPC endpoint for Transfer Server"
+  value       = "${element(concat(aws_vpc_endpoint.transferserver.*.id, list("")), 0)}"
+}
+
+output "vpc_endpoint_transferserver_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Transfer Server."
+  value       = "${flatten(aws_vpc_endpoint.transferserver.*.network_interface_ids)}"
+}
+
+output "vpc_endpoint_transferserver_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Transfer Server."
+  value       = "${flatten(aws_vpc_endpoint.transferserver.*.dns_entry)}"
+}
+
+output "vpc_endpoint_kinesis_streams_id" {
+  description = "The ID of VPC endpoint for Kinesis Streams"
+  value       = "${element(concat(aws_vpc_endpoint.kinesis_streams.*.id, list("")), 0)}"
+}
+
+output "vpc_endpoint_kinesis_streams_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Kinesis Streams."
+  value       = "${flatten(aws_vpc_endpoint.kinesis_streams.*.network_interface_ids)}"
+}
+
+output "vpc_endpoint_kinesis_streams_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Kinesis Streams."
+  value       = "${flatten(aws_vpc_endpoint.kinesis_streams.*.dns_entry)}"
+}
+
+output "vpc_endpoint_kinesis_firehose_id" {
+  description = "The ID of VPC endpoint for Kinesis Firehose"
+  value       = "${element(concat(aws_vpc_endpoint.kinesis_firehose.*.id, list("")), 0)}"
+}
+
+output "vpc_endpoint_kinesis_firehose_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Kinesis Firehose."
+  value       = "${flatten(aws_vpc_endpoint.kinesis_firehose.*.network_interface_ids)}"
+}
+
+output "vpc_endpoint_kinesis_firehose_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Kinesis Firehose."
+  value       = "${flatten(aws_vpc_endpoint.kinesis_firehose.*.dns_entry)}"
+}
+
+output "vpc_endpoint_glue_id" {
+  description = "The ID of VPC endpoint for Glue"
+  value       = "${element(concat(aws_vpc_endpoint.glue.*.id, list("")), 0)}"
+}
+
+output "vpc_endpoint_glue_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Glue."
+  value       = "${flatten(aws_vpc_endpoint.glue.*.network_interface_ids)}"
+}
+
+output "vpc_endpoint_glue_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Glue."
+  value       = "${flatten(aws_vpc_endpoint.glue.*.dns_entry)}"
+}
+
+output "vpc_endpoint_sagemaker_notebook_id" {
+  description = "The ID of VPC endpoint for SageMaker Notebook"
+  value       = "${element(concat(aws_vpc_endpoint.sagemaker_notebook.*.id, list("")), 0)}"
+}
+
+output "vpc_endpoint_sagemaker_notebook_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for SageMaker Notebook."
+  value       = "${flatten(aws_vpc_endpoint.sagemaker_notebook.*.network_interface_ids)}"
+}
+
+output "vpc_endpoint_sagemaker_notebook_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for SageMaker Notebook."
+  value       = "${flatten(aws_vpc_endpoint.sagemaker_notebook.*.dns_entry)}"
+}
+
+output "vpc_endpoint_sts_id" {
+  description = "The ID of VPC endpoint for STS"
+  value       = "${element(concat(aws_vpc_endpoint.sts.*.id, list("")), 0)}"
+}
+
+output "vpc_endpoint_sts_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for STS."
+  value       = "${flatten(aws_vpc_endpoint.sts.*.network_interface_ids)}"
+}
+
+output "vpc_endpoint_sts_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for STS."
+  value       = "${flatten(aws_vpc_endpoint.sts.*.dns_entry)}"
+}
+
 # Static values (arguments)
 output "azs" {
  description = "A list of availability zones specified as argument to this module"

--- a/variables.tf
+++ b/variables.tf
@@ -544,6 +544,391 @@ variable "monitoring_endpoint_private_dns_enabled" {
  default     = false
 }

+variable "enable_codebuild_endpoint" {
+  description = "Should be true if you want to provision an CodeBuild endpoint to the VPC"
+  default     = false
+}
+
+variable "codebuild_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for CodeBuild endpoint"
+  default     = []
+}
+
+variable "codebuild_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for CodeBuild endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "codebuild_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for CodeBuild endpoint"
+  default     = false
+}
+
+variable "enable_codecommit_endpoint" {
+  description = "Should be true if you want to provision an CodeCommit endpointto the VPC"
+  default     = false
+}
+
+variable "codecommit_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for CodeCommit endpoint"
+  default     = []
+}
+
+variable "codecommit_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for CodeCommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "codecommit_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for CodeCommit endpoint"
+  default     = false
+}
+
+variable "enable_git_codecommit_endpoint" {
+  description = "Should be true if you want to provision an Git CodeCommit endpoint to the VPC"
+  default     = false
+}
+
+variable "git_codecommit_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Git CodeCommit endpoint"
+  default     = []
+}
+
+variable "git_codecommit_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Git CodeCommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "git_codecommit_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Git CodeCommit endpoint"
+  default     = false
+}
+
+variable "enable_config_endpoint" {
+  description = "Should be true if you want to provision an Config endpoint to the VPC"
+  default     = false
+}
+
+variable "config_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Config endpoint"
+  default     = []
+}
+
+variable "config_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Config endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "config_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Config endpoint"
+  default     = false
+}
+
+variable "enable_secretsmanager_endpoint" {
+  description = "Should be true if you want to provision an Secrets Manager endpoint to the VPC"
+  default     = false
+}
+
+variable "secretsmanager_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Secrets Manager endpoint"
+  default     = []
+}
+
+variable "secretsmanager_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Secrets Manager endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "secretsmanager_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Secrets Manager endpoint"
+  default     = false
+}
+
+variable "enable_transferserver_endpoint" {
+  description = "Should be true if you want to provision an Transfer Server endpoint to the VPC"
+  default     = false
+}
+
+variable "transferserver_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Transfer Server endpoint"
+  default     = []
+}
+
+variable "transferserver_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Transfer Server endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "transferserver_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Transfer Server endpoint"
+  default     = false
+}
+
+variable "enable_kinesis_streams_endpoint" {
+  description = "Should be true if you want to provision an Kinesis Streams endpoint to the VPC"
+  default     = false
+}
+
+variable "kinesis_streams_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Kinesis Streams endpoint"
+  default     = []
+}
+
+variable "kinesis_streams_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Kinesis Streams endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "kinesis_streams_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Kinesis Streams endpoint"
+  default     = false
+}
+
+variable "enable_kinesis_firehose_endpoint" {
+  description = "Should be true if you want to provision an Kinesis Firehose endpoint to the VPC"
+  default     = false
+}
+
+variable "kinesis_firehose_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Kinesis Firehose endpoint"
+  default     = []
+}
+
+variable "kinesis_firehose_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Kinesis Firehose endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "kinesis_firehose_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Kinesis Firehose endpoint"
+  default     = false
+}
+
+variable "enable_glue_endpoint" {
+  description = "Should be true if you want to provision an Glue endpoint to the VPC"
+  default     = false
+}
+
+variable "glue_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Glue endpoint"
+  default     = []
+}
+
+variable "glue_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Glue endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "glue_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Glue endpoint"
+  default     = false
+}
+
+variable "enable_sagemaker_notebook_endpoint" {
+  description = "Should be true if you want to provision an SageMaker Notebook endpoint to the VPC"
+  default     = false
+}
+
+variable "sagemaker_notebook_endpoint_region" {
+  description = "Region to use for Sagemaker Notebook endpoint"
+  default     = ""
+}
+
+variable "sagemaker_notebook_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for SageMaker Notebook endpoint"
+  default     = []
+}
+
+variable "sagemaker_notebook_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for SageMaker Notebook endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "sagemaker_notebook_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for SageMaker Notebook endpoint"
+  default     = false
+}
+
+variable "enable_sts_endpoint" {
+  description = "Should be true if you want to provision an STS endpoint to the VPC"
+  default     = false
+}
+
+variable "sts_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for STS endpoint"
+  default     = []
+}
+
+variable "sts_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for STS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "sts_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for STS endpoint"
+  default     = false
+}
+
+variable "enable_cloudformation_endpoint" {
+  description = "Should be true if you want to provision an CloudFormation endpoint to the VPC"
+  default     = false
+}
+
+variable "cloudformation_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for CloudFormation endpoint"
+  default     = []
+}
+
+variable "cloudformation_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for CloudFormation endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "cloudformation_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for CloudFormation endpoint"
+  default     = false
+}
+
+variable "enable_codepipeline_endpoint" {
+  description = "Should be true if you want to provision an CodePipeline endpoint to the VPC"
+  default     = false
+}
+
+variable "codepipeline_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for CodePipeline endpoint"
+  default     = []
+}
+
+variable "codepipeline_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for CodePipeline endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "codepipeline_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for CodePipeline endpoint"
+  default     = false
+}
+
+variable "enable_appmesh_envoy_management_endpoint" {
+  description = "Should be true if you want to provision an APPMESH Envoy Management endpoint to the VPC"
+  default     = false
+}
+
+variable "appmesh_envoy_management_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for APPMESH Envoy Management endpoint"
+  default     = []
+}
+
+variable "appmesh_envoy_management_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for APPMESH Envoy Management endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "appmesh_envoy_management_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for APPMESH Envoy Management endpoint"
+  default     = false
+}
+
+variable "enable_servicecatalog_endpoint" {
+  description = "Should be true if you want to provision an Service Catalog endpoint to the VPC"
+  default     = false
+}
+
+variable "servicecatalog_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Service Catalog endpoint"
+  default     = []
+}
+
+variable "servicecatalog_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Service Catalog endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "servicecatalog_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Service Catalog endpoint"
+  default     = false
+}
+
+variable "enable_storagegateway_endpoint" {
+  description = "Should be true if you want to provision an Storage Gateway endpoint to the VPC"
+  default     = false
+}
+
+variable "storagegateway_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Storage Gateway endpoint"
+  default     = []
+}
+
+variable "storagegateway_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Storage Gateway endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "storagegateway_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Storage Gateway endpoint"
+  default     = false
+}
+
+variable "enable_transfer_endpoint" {
+  description = "Should be true if you want to provision an Transfer endpoint to the VPC"
+  default     = false
+}
+
+variable "transfer_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Transfer endpoint"
+  default     = []
+}
+
+variable "transfer_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Transfer endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
+  default     = []
+}
+
+variable "transfer_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Transfer endpoint"
+  default     = false
+}
+
+variable "enable_sagemaker_api_endpoint" {
+  description = "Should be true if you want to provision an Sagemaker API endpoint to the VPC"
+  default     = false
+}
+
+variable "sagemaker_api_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Sagemaker API endpoint"
+  default     = []
+}
+
+variable "sagemaker_api_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Sagemaker API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "sagemaker_api_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Sagemaker API endpoint"
+  default     = false
+}
+
+variable "enable_sagemaker_runtime_endpoint" {
+  description = "Should be true if you want to provision an Sagemaker Runtime endpoint to the VPC"
+  default     = false
+}
+
+variable "sagemaker_runtime_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Sagemaker Runtime endpoint"
+  default     = []
+}
+
+variable "sagemaker_runtime_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Sagemaker Runtime endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+
+variable "sagemaker_runtime_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Sagemaker Runtime endpoint"
+  default     = false
+}
+
 variable "map_public_ip_on_launch" {
  description = "Should be false if you do not want to auto-assign public IP on launch"
  default     = true

--- a/vpc-endpoint.tf
+++ b/vpc-endpoint.tf
+######################
+# VPC Endpoint for S3
+######################
+data "aws_vpc_endpoint_service" "s3" {
+  count = "${var.create_vpc && var.enable_s3_endpoint ? 1 : 0}"
+
+  service = "s3"
+}
+
+resource "aws_vpc_endpoint" "s3" {
+  count = "${var.create_vpc && var.enable_s3_endpoint ? 1 : 0}"
+
+  vpc_id       = "${local.vpc_id}"
+  service_name = "${data.aws_vpc_endpoint_service.s3.service_name}"
+
+  tags = "${local.vpce_tags}"
+}
+
+resource "aws_vpc_endpoint_route_table_association" "private_s3" {
+  count = "${var.create_vpc && var.enable_s3_endpoint ? local.nat_gateway_count : 0}"
+
+  vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}"
+  route_table_id  = "${element(aws_route_table.private.*.id, count.index)}"
+}
+
+resource "aws_vpc_endpoint_route_table_association" "intra_s3" {
+  count = "${var.create_vpc && var.enable_s3_endpoint && length(var.intra_subnets) > 0 ? 1 : 0}"
+
+  vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}"
+  route_table_id  = "${element(aws_route_table.intra.*.id, 0)}"
+}
+
+resource "aws_vpc_endpoint_route_table_association" "public_s3" {
+  count = "${var.create_vpc && var.enable_s3_endpoint && length(var.public_subnets) > 0 ? 1 : 0}"
+
+  vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}"
+  route_table_id  = "${aws_route_table.public.id}"
+}
+
+############################
+# VPC Endpoint for DynamoDB
+############################
+data "aws_vpc_endpoint_service" "dynamodb" {
+  count = "${var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0}"
+
+  service = "dynamodb"
+}
+
+resource "aws_vpc_endpoint" "dynamodb" {
+  count = "${var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0}"
+
+  vpc_id       = "${local.vpc_id}"
+  service_name = "${data.aws_vpc_endpoint_service.dynamodb.service_name}"
+
+  tags = "${local.vpce_tags}"
+}
+
+resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" {
+  count = "${var.create_vpc && var.enable_dynamodb_endpoint ? local.nat_gateway_count : 0}"
+
+  vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}"
+  route_table_id  = "${element(aws_route_table.private.*.id, count.index)}"
+}
+
+resource "aws_vpc_endpoint_route_table_association" "intra_dynamodb" {
+  count = "${var.create_vpc && var.enable_dynamodb_endpoint && length(var.intra_subnets) > 0 ? 1 : 0}"
+
+  vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}"
+  route_table_id  = "${element(aws_route_table.intra.*.id, 0)}"
+}
+
+resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
+  count = "${var.create_vpc && var.enable_dynamodb_endpoint && length(var.public_subnets) > 0 ? 1 : 0}"
+
+  vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}"
+  route_table_id  = "${aws_route_table.public.id}"
+}
+
+#######################
+# VPC Endpoint for CodeBuild
+#######################
+data "aws_vpc_endpoint_service" "codebuild" {
+  count = "${var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0}"
+
+  service = "codebuild"
+}
+
+resource "aws_vpc_endpoint" "codebuild" {
+  count = "${var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.codebuild.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.codebuild_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.codebuild_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.codebuild_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for CodeCommit
+#######################
+data "aws_vpc_endpoint_service" "codecommit" {
+  count = "${var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0}"
+
+  service = "codecommit"
+}
+
+resource "aws_vpc_endpoint" "codecommit" {
+  count = "${var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.codecommit.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.codecommit_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.codecommit_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for Giy CodeCommit
+#######################
+data "aws_vpc_endpoint_service" "git_codecommit" {
+  count = "${var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0}"
+
+  service = "git-codecommit"
+}
+
+resource "aws_vpc_endpoint" "git_codecommit" {
+  count = "${var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.git_codecommit.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.git_codecommit_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.git_codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.git_codecommit_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for Config
+#######################
+data "aws_vpc_endpoint_service" "config" {
+  count = "${var.create_vpc && var.enable_config_endpoint ? 1 : 0}"
+
+  service = "config"
+}
+
+resource "aws_vpc_endpoint" "config" {
+  count = "${var.create_vpc && var.enable_config_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.config.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.config_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.config_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.config_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for SQS
+#######################
+data "aws_vpc_endpoint_service" "sqs" {
+  count = "${var.create_vpc && var.enable_sqs_endpoint ? 1 : 0}"
+
+  service = "sqs"
+}
+
+resource "aws_vpc_endpoint" "sqs" {
+  count = "${var.create_vpc && var.enable_sqs_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.sqs.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.sqs_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.sqs_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for Secrets Manager
+#######################
+data "aws_vpc_endpoint_service" "secretsmanager" {
+  count = "${var.create_vpc && var.enable_secretsmanager_endpoint ? 1 : 0}"
+
+  service = "secretsmanager"
+}
+
+resource "aws_vpc_endpoint" "secretsmanager" {
+  count = "${var.create_vpc && var.enable_secretsmanager_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.secretsmanager.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.secretsmanager_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.secretsmanager_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.secretsmanager_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for SSM
+#######################
+data "aws_vpc_endpoint_service" "ssm" {
+  count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}"
+
+  service = "ssm"
+}
+
+resource "aws_vpc_endpoint" "ssm" {
+  count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.ssm.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.ssm_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.ssm_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+###############################
+# VPC Endpoint for SSMMESSAGES
+###############################
+data "aws_vpc_endpoint_service" "ssmmessages" {
+  count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}"
+
+  service = "ssmmessages"
+}
+
+resource "aws_vpc_endpoint" "ssmmessages" {
+  count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.ssmmessages.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.ssmmessages_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.ssmmessages_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for EC2
+#######################
+data "aws_vpc_endpoint_service" "ec2" {
+  count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}"
+
+  service = "ec2"
+}
+
+resource "aws_vpc_endpoint" "ec2" {
+  count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.ec2.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.ec2_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.ec2_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+###############################
+# VPC Endpoint for EC2MESSAGES
+###############################
+data "aws_vpc_endpoint_service" "ec2messages" {
+  count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}"
+
+  service = "ec2messages"
+}
+
+resource "aws_vpc_endpoint" "ec2messages" {
+  count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.ec2messages.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.ec2messages_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.ec2messages_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for Transfer Server
+#######################
+data "aws_vpc_endpoint_service" "transferserver" {
+  count = "${var.create_vpc && var.enable_transferserver_endpoint ? 1 : 0}"
+
+  service = "transfer.server"
+}
+
+resource "aws_vpc_endpoint" "transferserver" {
+  count = "${var.create_vpc && var.enable_transferserver_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.transferserver.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.transferserver_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.transferserver_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.transferserver_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+###########################
+# VPC Endpoint for ECR API
+###########################
+data "aws_vpc_endpoint_service" "ecr_api" {
+  count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}"
+
+  service = "ecr.api"
+}
+
+resource "aws_vpc_endpoint" "ecr_api" {
+  count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.ecr_api.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.ecr_api_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.ecr_api_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+###########################
+# VPC Endpoint for ECR DKR
+###########################
+data "aws_vpc_endpoint_service" "ecr_dkr" {
+  count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}"
+
+  service = "ecr.dkr"
+}
+
+resource "aws_vpc_endpoint" "ecr_dkr" {
+  count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.ecr_dkr.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.ecr_dkr_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for API Gateway
+#######################
+data "aws_vpc_endpoint_service" "apigw" {
+  count = "${var.create_vpc && var.enable_apigw_endpoint ? 1 : 0}"
+
+  service = "execute-api"
+}
+
+resource "aws_vpc_endpoint" "apigw" {
+  count = "${var.create_vpc && var.enable_apigw_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.apigw.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.apigw_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.apigw_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for KMS
+#######################
+data "aws_vpc_endpoint_service" "kms" {
+  count = "${var.create_vpc && var.enable_kms_endpoint ? 1 : 0}"
+
+  service = "kms"
+}
+
+resource "aws_vpc_endpoint" "kms" {
+  count = "${var.create_vpc && var.enable_kms_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.kms.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.kms_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.kms_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for ECS
+#######################
+data "aws_vpc_endpoint_service" "ecs" {
+  count = "${var.create_vpc && var.enable_ecs_endpoint ? 1 : 0}"
+
+  service = "ecs"
+}
+
+resource "aws_vpc_endpoint" "ecs" {
+  count = "${var.create_vpc && var.enable_ecs_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.ecs.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.ecs_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.ecs_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for ECS Agent
+#######################
+data "aws_vpc_endpoint_service" "ecs_agent" {
+  count = "${var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0}"
+
+  service = "ecs-agent"
+}
+
+resource "aws_vpc_endpoint" "ecs_agent" {
+  count = "${var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.ecs_agent.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.ecs_agent_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.ecs_agent_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for ECS Telemetry
+#######################
+data "aws_vpc_endpoint_service" "ecs_telemetry" {
+  count = "${var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0}"
+
+  service = "ecs-telemetry"
+}
+
+resource "aws_vpc_endpoint" "ecs_telemetry" {
+  count = "${var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.ecs_telemetry.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.ecs_telemetry_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.ecs_telemetry_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for Elasic Load Balancing
+#######################
+data "aws_vpc_endpoint_service" "elasticloadbalancing" {
+  count = "${var.create_vpc && var.enable_elasticloadbalancing_endpoint ? 1 : 0}"
+
+  service = "elasticloadbalancing"
+}
+
+resource "aws_vpc_endpoint" "elasticloadbalancing" {
+  count = "${var.create_vpc && var.enable_elasticloadbalancing_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.elasticloadbalancing.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.elasticloadbalancing_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.elasticloadbalancing_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.elasticloadbalancing_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for SNS
+#######################
+data "aws_vpc_endpoint_service" "sns" {
+  count = "${var.create_vpc && var.enable_sns_endpoint ? 1 : 0}"
+
+  service = "sns"
+}
+
+resource "aws_vpc_endpoint" "sns" {
+  count = "${var.create_vpc && var.enable_sns_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.sns.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.sns_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.sns_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.sns_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for CloudWatch Logs
+#######################
+data "aws_vpc_endpoint_service" "logs" {
+  count = "${var.create_vpc && var.enable_logs_endpoint ? 1 : 0}"
+
+  service = "logs"
+}
+
+resource "aws_vpc_endpoint" "logs" {
+  count = "${var.create_vpc && var.enable_logs_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.logs.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.logs_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.logs_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.logs_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for CloudTrail
+#######################
+data "aws_vpc_endpoint_service" "cloudtrail" {
+  count = "${var.create_vpc && var.enable_cloudtrail_endpoint ? 1 : 0}"
+
+  service = "cloudtrail"
+}
+
+resource "aws_vpc_endpoint" "cloudtrail" {
+  count = "${var.create_vpc && var.enable_cloudtrail_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.cloudtrail.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.cloudtrail_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.cloudtrail_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.cloudtrail_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for CloudWatch Monitoring
+#######################
+data "aws_vpc_endpoint_service" "monitoring" {
+  count = "${var.create_vpc && var.enable_monitoring_endpoint ? 1 : 0}"
+
+  service = "monitoring"
+}
+
+resource "aws_vpc_endpoint" "monitoring" {
+  count = "${var.create_vpc && var.enable_monitoring_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.monitoring.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.monitoring_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.monitoring_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.monitoring_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for CloudWatch Events
+#######################
+data "aws_vpc_endpoint_service" "events" {
+  count = "${var.create_vpc && var.enable_events_endpoint ? 1 : 0}"
+
+  service = "events"
+}
+
+resource "aws_vpc_endpoint" "events" {
+  count = "${var.create_vpc && var.enable_events_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.events.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.events_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.events_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.events_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for Kinesis Streams
+#######################
+data "aws_vpc_endpoint_service" "kinesis_streams" {
+  count = "${var.create_vpc && var.enable_kinesis_streams_endpoint ? 1 : 0}"
+
+  service = "kinesis-streams"
+}
+
+resource "aws_vpc_endpoint" "kinesis_streams" {
+  count = "${var.create_vpc && var.enable_kinesis_streams_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.kinesis_streams.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.kinesis_streams_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.kinesis_streams_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.kinesis_streams_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for Kinesis Firehose
+#######################
+data "aws_vpc_endpoint_service" "kinesis_firehose" {
+  count = "${var.create_vpc && var.enable_kinesis_firehose_endpoint ? 1 : 0}"
+
+  service = "kinesis-firehose"
+}
+
+resource "aws_vpc_endpoint" "kinesis_firehose" {
+  count = "${var.create_vpc && var.enable_kinesis_firehose_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.kinesis_firehose.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.kinesis_firehose_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.kinesis_firehose_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.kinesis_firehose_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for Glue
+#######################
+data "aws_vpc_endpoint_service" "glue" {
+  count = "${var.create_vpc && var.enable_glue_endpoint ? 1 : 0}"
+
+  service = "glue"
+}
+
+resource "aws_vpc_endpoint" "glue" {
+  count = "${var.create_vpc && var.enable_glue_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.glue.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.glue_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.glue_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.glue_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for Sagemaker Notebook
+#######################
+data "aws_vpc_endpoint_service" "sagemaker_notebook" {
+  count = "${var.create_vpc && var.enable_sagemaker_notebook_endpoint ? 1 : 0}"
+
+  service = "aws.sagemaker.${var.sagemaker_notebook_endpoint_region}.notebook"
+}
+
+resource "aws_vpc_endpoint" "sagemaker_notebook" {
+  count = "${var.create_vpc && var.enable_sagemaker_notebook_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.sagemaker_notebook.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.sagemaker_notebook_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.sagemaker_notebook_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.sagemaker_notebook_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for STS
+#######################
+data "aws_vpc_endpoint_service" "sts" {
+  count = "${var.create_vpc && var.enable_sts_endpoint ? 1 : 0}"
+
+  service = "sts"
+}
+
+resource "aws_vpc_endpoint" "sts" {
+  count = "${var.create_vpc && var.enable_sts_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.sts.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.sts_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.sts_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.sts_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for CloudFormation
+#######################
+data "aws_vpc_endpoint_service" "cloudformation" {
+  count = "${var.create_vpc && var.enable_cloudformation_endpoint ? 1 : 0}"
+
+  service = "cloudformation"
+}
+
+resource "aws_vpc_endpoint" "cloudformation" {
+  count = "${var.create_vpc && var.enable_cloudformation_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.cloudformation.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.cloudformation_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.cloudformation_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.cloudformation_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for CodePipeline
+#######################
+data "aws_vpc_endpoint_service" "codepipeline" {
+  count = "${var.create_vpc && var.enable_codepipeline_endpoint ? 1 : 0}"
+
+  service = "codepipeline"
+}
+
+resource "aws_vpc_endpoint" "codepipeline" {
+  count = "${var.create_vpc && var.enable_codepipeline_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.codepipeline.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.codepipeline_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.codepipeline_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.codepipeline_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for appmesh_envoy_management
+#######################
+data "aws_vpc_endpoint_service" "appmesh_envoy_management" {
+  count = "${var.create_vpc && var.enable_appmesh_envoy_management_endpoint ? 1: 0}"
+
+  service = "appmesh_envoy_management"
+}
+
+resource "aws_vpc_endpoint" "appmesh_envoy_management" {
+  count = "${var.create_vpc && var.enable_appmesh_envoy_management_endpoint ? 1: 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.appmesh_envoy_management.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.appmesh_envoy_management_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.appmesh_envoy_management_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.appmesh_envoy_management_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for Service Catalog
+#######################
+data "aws_vpc_endpoint_service" "servicecatalog" {
+  count = "${var.create_vpc && var.enable_servicecatalog_endpoint ? 1 : 0}"
+
+  service = "servicecatalog"
+}
+
+resource "aws_vpc_endpoint" "servicecatalog" {
+  count = "${var.create_vpc && var.enable_servicecatalog_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.servicecatalog.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.servicecatalog_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.servicecatalog_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.servicecatalog_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for Storage Gateway
+#######################
+data "aws_vpc_endpoint_service" "storagegateway" {
+  count = "${var.create_vpc && var.enable_storagegateway_endpoint ? 1 : 0}"
+
+  service = "storagegateway"
+}
+
+resource "aws_vpc_endpoint" "storagegateway" {
+  count = "${var.create_vpc && var.enable_storagegateway_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.storagegateway.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.storagegateway_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.storagegateway_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.storagegateway_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for Transfer
+#######################
+data "aws_vpc_endpoint_service" "transfer" {
+  count = "${var.create_vpc && var.enable_transfer_endpoint ? 1 : 0}"
+
+  service = "transfer"
+}
+
+resource "aws_vpc_endpoint" "transfer" {
+  count = "${var.create_vpc && var.enable_transfer_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.transfer.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.transfer_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.transfer_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.transfer_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for Sagemaker API
+#######################
+data "aws_vpc_endpoint_service" "sagemaker_api" {
+  count = "${var.create_vpc && var.enable_sagemaker_api_endpoint ? 1 : 0}"
+
+  service = "sagemaker_api"
+}
+
+resource "aws_vpc_endpoint" "sagemaker_api" {
+  count = "${var.create_vpc && var.enable_sagemaker_api_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.sagemaker_api.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.sagemaker_api_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.sagemaker_api_endpoint_subnet_ids,aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.sagemaker_api_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}
+
+#######################
+# VPC Endpoint for SAGEMAKER.RUNTIME
+#######################
+data "aws_vpc_endpoint_service" "sagemaker_runtime" {
+  count = "${var.create_vpc && var.enable_sagemaker_runtime_endpoint ? 1 : 0}"
+
+  service = "sagemaker.runtime"
+}
+
+resource "aws_vpc_endpoint" "sagemaker.runtime" {
+  count = "${var.create_vpc && var.enable_sagemaker_runtime_endpoint ? 1 : 0}"
+
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.sagemaker_runtime.service_name}"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = ["${var.sagemaker_runtime_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.sagemaker_runtime_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.sagemaker_runtime_endpoint_private_dns_enabled}"
+
+  tags = "${local.vpce_tags}"
+}