adding codebuild, codecommit and git-codecommit vpc end point support

98bc929d · Christian Kemper · 7c4ddd64 · 98bc929d · 98bc929d · 98bc929d
Commit 98bc929d authored Jul 15, 2019 by Christian Kemper
Show whitespace changes
Inline Side-by-side

Showing with 133 additions and 1 deletion

CHANGELOG.md CHANGELOG.md +1 -1

README.md README.md +9 -0

main.tf main.tf +63 -0

variables.tf variables.tf +60 -0

No files found.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
 <a name="unreleased"></a>
 ## [Unreleased]
 - Updated CHANGELOG
- Added VPC endpoint for Secrets Manager, Config
+- Added VPC endpoint for Secrets Manager, Config, git-codecommit
 <a name="v2.7.0"></a>
 ## [v2.7.0] - 2019-06-17

--- a/README.md
+++ b/README.md
@@ -368,6 +368,15 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | sns\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SNS endpoint | bool | `"false"` | no |
 | sns\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SNS endpoint | list(string) | `[]` | no |
 | sns\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SNS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
+| codebuild\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Codebuild endpoint | string | `"false"` | no |
+| codebuild\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Codebuild endpoint | list | `[]` | no |
+| codebuild\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Codebuild endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| codecommit\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Codecommit endpoint | string | `"false"` | no |
+| codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Codecommit endpoint | list | `[]` | no |
+| codecommit\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| git\_codecommit\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint | string | `"false"` | no |
+| git\_codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint | list | `[]` | no |
+| git\_codecommit\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Git Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | config\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Config endpoint | string | `"false"` | no |
 | config\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Config endpoint | list | `[]` | no |
 | config\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Config endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |

--- a/main.tf
+++ b/main.tf
@@ -899,6 +899,69 @@ resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
 }
+#############################
+# VPC Endpoint for Codebuild
+#############################
+data "aws_vpc_endpoint_service" "codebuild" {
+  count = var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0
+  service = "codebuild"
+}
+resource "aws_vpc_endpoint" "codebuild" {
+  count = var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.codebuild[0].service_name
+  vpc_endpoint_type = "Interface"
+  security_group_ids  = var.codebuild_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.codebuild_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.codebuild_endpoint_private_dns_enabled
+}
+###############################
+# VPC Endpoint for Code Commit
+###############################
+data "aws_vpc_endpoint_service" "codecommit" {
+  count = var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0
+  service = "codecommit"
+}
+resource "aws_vpc_endpoint" "codecommit" {
+  count = var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.codecommit[0].service_name
+  vpc_endpoint_type = "Interface"
+  security_group_ids  = var.codecommit_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.codecommit_endpoint_private_dns_enabled
+}
+###################################
+# VPC Endpoint for Git Code Commit
+###################################
+data "aws_vpc_endpoint_service" "git_codecommit" {
+  count = var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0
+  service = "git-codecommit"
+}
+resource "aws_vpc_endpoint" "git_codecommit" {
+  count = var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.git_codecommit[0].service_name
+  vpc_endpoint_type = "Interface"
+  security_group_ids  = var.git_codecommit_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.git_codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.git_codecommit_endpoint_private_dns_enabled
+}
 ##########################
 # VPC Endpoint for Config
 ##########################

--- a/variables.tf
+++ b/variables.tf
@@ -218,6 +218,66 @@ variable "enable_s3_endpoint" {
  default     = false
 }
+variable "enable_codebuild_endpoint" {
+  description = "Should be true if you want to provision an Codebuild endpoint to the VPC"
+  default     = false
+}
+variable "codebuild_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Codebuild endpoint"
+  default     = []
+}
+variable "codebuild_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Codebuilt endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+variable "codebuild_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Codebuild endpoint"
+  default     = false
+}
+variable "enable_codecommit_endpoint" {
+  description = "Should be true if you want to provision an Codecommit endpoint to the VPC"
+  default     = false
+}
+variable "codecommit_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Codecommit endpoint"
+  default     = []
+}
+variable "codecommit_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+variable "codecommit_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Codecommit endpoint"
+  default     = false
+}
+variable "enable_git_codecommit_endpoint" {
+  description = "Should be true if you want to provision an Git Codecommit endpoint to the VPC"
+  default     = false
+}
+variable "git_codecommit_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint"
+  default     = []
+}
+variable "git_codecommit_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Git Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+variable "git_codecommit_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint"
+  default     = false
+}
 variable "enable_config_endpoint" {
  description = "Should be true if you want to provision an config endpoint to the VPC"
  default     = false