Skip to content

T
terraform-aws-vpc
Commit a98422ba authored by Bryant Biggs's avatar Bryant Biggs Committed by GitHub
Browse files
Options

refactor: remove existing vpc endpoint configurations from base module and... 

refactor: remove existing vpc endpoint configurations from base module and move into sub-module (#635)
parent 43edd440
Hide whitespace changes
Inline Side-by-side
Showing with 1120 additions and 6000 deletions
.pre-commit-config.yaml
View file @ a98422ba
repos: repos:
- repo: git://github.com/antonbabenko/pre-commit-terraform - repo: git://github.com/antonbabenko/pre-commit-terraform
rev: v1.48.0 rev: v1.50.0
hooks: hooks:
- id: terraform_fmt - id: terraform_fmt
- id: terraform_validate - id: terraform_validate
......
README.md
View file @ a98422ba
This source diff could not be displayed because it is too large. You can view the blob instead.
UPGRADE-3.0.md 0 → 100644
View file @ a98422ba
# Upgrade from v2.x to v3.x
If you have any questions regarding this upgrade process, please consult the `examples` directory:
- [Complete-VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/complete-vpc)
If you find a bug, please open an issue with supporting configuration to reproduce.
## List of backwards incompatible changes
Previously, VPC endpoints were configured as standalone resources with their own set of variables and attributes. Now, this functionality is provided via a module which loops over a map of maps using `for_each` to generate the desired VPC endpoints. Therefore, to maintain the existing set of functionality while upgrading, you will need to perform the following changes:
1. Move the endpoint resource from the main module to the sub-module. The example state move below is valid for all endpoints you might have configured (reference [`complete-vpc`](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/complete-vpc) example for reference), where `ssmmessages` should be updated for and state move performed for each endpoint configured:
```
terraform state mv 'module.vpc.aws_vpc_endpoint.ssm[0]' 'module.vpc_endpoints.aws_vpc_endpoint.this["ssm"]'
terraform state mv 'module.vpc.aws_vpc_endpoint.ssmmessages[0]' 'module.vpc_endpoints.aws_vpc_endpoint.this["ssmmessages"]'
terraform state mv 'module.vpc.aws_vpc_endpoint.ec2[0]' 'module.vpc_endpoints.aws_vpc_endpoint.this["ec2"]'
...
```
2. Remove the gateway endpoint route table association separate resources. The route table associations are now managed in the VPC endpoint resource itself via the map of maps provided to the VPC endpoint sub-module. Perform the necessary removals for each route table association and for S3 and/or DynamoDB depending on your configuration:
```
terraform state rm 'module.vpc.aws_vpc_endpoint_route_table_association.intra_dynamodb[0]'
terraform state rm 'module.vpc.aws_vpc_endpoint_route_table_association.private_dynamodb[0]'
terraform state rm 'module.vpc.aws_vpc_endpoint_route_table_association.public_dynamodb[0]'
...
```
### Variable and output changes
1. Removed variables:
- `enable_*_endpoint`
- `*_endpoint_type`
- `*_endpoint_security_group_ids`
- `*_endpoint_subnet_ids`
- `*_endpoint_private_dns_enabled`
- `*_endpoint_policy`
2. Renamed variables:
See the [VPC endpoint sub-module](modules/vpc-endpoints) for the more information on the variables to utilize for VPC endpoints
3. Removed outputs:
- `vpc_endpoint_*`
4. Renamed outputs:
VPC endpoint outputs are now provided via the VPC endpoint sub-module and can be accessed via lookups. See [`complete-vpc`](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/complete-vpc) for further examples of how to access VPC endpoint attributes from outputs
examples/complete-vpc/README.md
View file @ a98422ba
...@@ -21,20 +21,22 @@ Note that this example may create resources which can cost money (AWS Elastic IP ...@@ -21,20 +21,22 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.21 | | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.10 | | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.15 |
## Providers ## Providers
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.10 | | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.15 |
## Modules ## Modules
| Name | Source | Version | | Name | Source | Version |
|------|--------|---------| |------|--------|---------|
| <a name="module_vpc"></a> [vpc](#module\_vpc) | ../../ | | | <a name="module_vpc"></a> [vpc](#module\_vpc) | ../../ | |
| <a name="module_vpc_endpoints"></a> [vpc\_endpoints](#module\_vpc\_endpoints) | ../../modules/vpc-endpoints | |
| <a name="module_vpc_endpoints_nocreate"></a> [vpc\_endpoints\_nocreate](#module\_vpc\_endpoints\_nocreate) | ../../modules/vpc-endpoints | |
## Resources ## Resources
...@@ -43,7 +45,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP ...@@ -43,7 +45,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| [aws_iam_policy_document.dynamodb_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.dynamodb_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.generic_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.generic_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source | | [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source |
| [aws_vpc_endpoint.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint) | data source | | [aws_vpc_endpoint_service.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | data source |
## Inputs ## Inputs
......
examples/complete-vpc/main.tf
View file @ a98422ba
...@@ -2,19 +2,27 @@ provider "aws" { ...@@ -2,19 +2,27 @@ provider "aws" {
region = "eu-west-1" region = "eu-west-1"
} }
data "aws_security_group" "default" { locals {
name = "default" name = "complete-example"
vpc_id = module.vpc.vpc_id region = "eu-west-1"
tags = {
Owner = "user"
Environment = "staging"
Name = "complete"
}
} }
################################################################################
# VPC Module
################################################################################
module "vpc" { module "vpc" {
source = "../../" source = "../../"
name = "complete-example" name = local.name
cidr = "20.10.0.0/16" # 10.0.0.0/8 is reserved for EC2-Classic cidr = "20.10.0.0/16" # 10.0.0.0/8 is reserved for EC2-Classic
azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
private_subnets = ["20.10.1.0/24", "20.10.2.0/24", "20.10.3.0/24"] private_subnets = ["20.10.1.0/24", "20.10.2.0/24", "20.10.3.0/24"]
public_subnets = ["20.10.11.0/24", "20.10.12.0/24", "20.10.13.0/24"] public_subnets = ["20.10.11.0/24", "20.10.12.0/24", "20.10.13.0/24"]
database_subnets = ["20.10.21.0/24", "20.10.22.0/24", "20.10.23.0/24"] database_subnets = ["20.10.21.0/24", "20.10.22.0/24", "20.10.23.0/24"]
...@@ -53,80 +61,6 @@ module "vpc" { ...@@ -53,80 +61,6 @@ module "vpc" {
dhcp_options_domain_name = "service.consul" dhcp_options_domain_name = "service.consul"
dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"] dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"]
# VPC endpoint for S3
# Note - S3 Interface type support is only available on AWS provider 3.10 and later
enable_s3_endpoint = true
s3_endpoint_type = "Interface"
s3_endpoint_private_dns_enabled = false
s3_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for DynamoDB
enable_dynamodb_endpoint = true
dynamodb_endpoint_policy = data.aws_iam_policy_document.dynamodb_endpoint_policy.json
# VPC endpoint for SSM
enable_ssm_endpoint = true
ssm_endpoint_private_dns_enabled = true
ssm_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for Lambda
enable_lambda_endpoint = true
lambda_endpoint_private_dns_enabled = true
lambda_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for SSMMESSAGES
enable_ssmmessages_endpoint = true
ssmmessages_endpoint_private_dns_enabled = true
ssmmessages_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC Endpoint for EC2
enable_ec2_endpoint = true
ec2_endpoint_policy = data.aws_iam_policy_document.generic_endpoint_policy.json
ec2_endpoint_private_dns_enabled = true
ec2_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC Endpoint for EC2MESSAGES
enable_ec2messages_endpoint = true
ec2messages_endpoint_private_dns_enabled = true
ec2messages_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC Endpoint for ECR API
enable_ecr_api_endpoint = true
ecr_api_endpoint_policy = data.aws_iam_policy_document.generic_endpoint_policy.json
ecr_api_endpoint_private_dns_enabled = true
ecr_api_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC Endpoint for ECR DKR
enable_ecr_dkr_endpoint = true
ecr_dkr_endpoint_policy = data.aws_iam_policy_document.generic_endpoint_policy.json
ecr_dkr_endpoint_private_dns_enabled = true
ecr_dkr_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for KMS
enable_kms_endpoint = true
kms_endpoint_private_dns_enabled = true
kms_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for ECS
enable_ecs_endpoint = true
ecs_endpoint_private_dns_enabled = true
ecs_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for ECS telemetry
enable_ecs_telemetry_endpoint = true
ecs_telemetry_endpoint_private_dns_enabled = true
ecs_telemetry_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for CodeDeploy
enable_codedeploy_endpoint = true
codedeploy_endpoint_private_dns_enabled = true
codedeploy_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for CodeDeploy Commands Secure
enable_codedeploy_commands_secure_endpoint = true
codedeploy_commands_secure_endpoint_private_dns_enabled = true
codedeploy_commands_secure_endpoint_security_group_ids = [data.aws_security_group.default.id]
# Default security group - ingress/egress rules cleared to deny all # Default security group - ingress/egress rules cleared to deny all
manage_default_security_group = true manage_default_security_group = true
default_security_group_ingress = [] default_security_group_ingress = []
...@@ -138,22 +72,124 @@ module "vpc" { ...@@ -138,22 +72,124 @@ module "vpc" {
create_flow_log_cloudwatch_iam_role = true create_flow_log_cloudwatch_iam_role = true
flow_log_max_aggregation_interval = 60 flow_log_max_aggregation_interval = 60
tags = { tags = local.tags
Owner = "user" }
Environment = "staging"
Name = "complete" ################################################################################
# VPC Endpoints Module
################################################################################
module "vpc_endpoints" {
source = "../../modules/vpc-endpoints"
vpc_id = module.vpc.vpc_id
security_group_ids = [data.aws_security_group.default.id]
endpoints = {
s3 = {
service = "s3"
tags = { Name = "s3-vpc-endpoint" }
},
dynamodb = {
service = "dynamodb"
service_type = "Gateway"
route_table_ids = flatten([module.vpc.intra_route_table_ids, module.vpc.private_route_table_ids, module.vpc.public_route_table_ids])
policy = data.aws_iam_policy_document.dynamodb_endpoint_policy.json
tags = { Name = "dynamodb-vpc-endpoint" }
},
ssm = {
service = "ssm"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
},
ssmmessages = {
service = "ssmmessages"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
},
lambda = {
service = "lambda"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
},
ecs = {
service = "ecs"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
},
ecs_telemetry = {
service = "ecs-telemetry"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
},
ec2 = {
service = "ec2"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
},
ec2messages = {
service = "ec2messages"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
},
ecr_api = {
service = "ecr.api"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
policy = data.aws_iam_policy_document.generic_endpoint_policy.json
},
ecr_dkr = {
service = "ecr.dkr"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
policy = data.aws_iam_policy_document.generic_endpoint_policy.json
},
kms = {
service = "kms"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
},
codedeploy = {
service = "codedeploy"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
},
codedeploy_commands_secure = {
service = "codedeploy-commands-secure"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
},
} }
vpc_endpoint_tags = { tags = merge(local.tags, {
Project = "Secret" Project = "Secret"
Endpoint = "true" Endpoint = "true"
} })
}
module "vpc_endpoints_nocreate" {
source = "../../modules/vpc-endpoints"
create = false
}
################################################################################
# Supporting Resources
################################################################################
data "aws_security_group" "default" {
name = "default"
vpc_id = module.vpc.vpc_id
} }
# Data source used to avoid race condition # Data source used to avoid race condition
data "aws_vpc_endpoint" "dynamodb" { data "aws_vpc_endpoint_service" "dynamodb" {
vpc_id = module.vpc.vpc_id service = "dynamodb"
service_name = "com.amazonaws.eu-west-1.dynamodb"
filter {
name = "service-type"
values = ["Gateway"]
}
} }
data "aws_iam_policy_document" "dynamodb_endpoint_policy" { data "aws_iam_policy_document" "dynamodb_endpoint_policy" {
...@@ -171,7 +207,7 @@ data "aws_iam_policy_document" "dynamodb_endpoint_policy" { ...@@ -171,7 +207,7 @@ data "aws_iam_policy_document" "dynamodb_endpoint_policy" {
test = "StringNotEquals" test = "StringNotEquals"
variable = "aws:sourceVpce" variable = "aws:sourceVpce"
values = [data.aws_vpc_endpoint.dynamodb.id] values = [data.aws_vpc_endpoint_service.dynamodb.id]
} }
} }
} }
...@@ -191,7 +227,7 @@ data "aws_iam_policy_document" "generic_endpoint_policy" { ...@@ -191,7 +227,7 @@ data "aws_iam_policy_document" "generic_endpoint_policy" {
test = "StringNotEquals" test = "StringNotEquals"
variable = "aws:sourceVpce" variable = "aws:sourceVpce"
values = [data.aws_vpc_endpoint.dynamodb.id] values = [data.aws_vpc_endpoint_service.dynamodb.id]
} }
} }
} }
examples/complete-vpc/outputs.tf
View file @ a98422ba
...@@ -44,32 +44,32 @@ output "nat_public_ips" { ...@@ -44,32 +44,32 @@ output "nat_public_ips" {
# VPC endpoints # VPC endpoints
output "vpc_endpoint_ssm_id" { output "vpc_endpoint_ssm_id" {
description = "The ID of VPC endpoint for SSM" description = "The ID of VPC endpoint for SSM"
value = module.vpc.vpc_endpoint_ssm_id value = module.vpc_endpoints.endpoints["ssm"].id
} }
output "vpc_endpoint_ssm_network_interface_ids" { output "vpc_endpoint_ssm_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SSM." description = "One or more network interfaces for the VPC Endpoint for SSM."
value = module.vpc.vpc_endpoint_ssm_network_interface_ids value = module.vpc_endpoints.endpoints["ssm"].network_interface_ids
} }
output "vpc_endpoint_ssm_dns_entry" { output "vpc_endpoint_ssm_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SSM." description = "The DNS entries for the VPC Endpoint for SSM."
value = module.vpc.vpc_endpoint_ssm_dns_entry value = module.vpc_endpoints.endpoints["ssm"].dns_entry
} }
output "vpc_endpoint_lambda_id" { output "vpc_endpoint_lambda_id" {
description = "The ID of VPC endpoint for Lambda" description = "The ID of VPC endpoint for Lambda"
value = module.vpc.vpc_endpoint_lambda_id value = module.vpc_endpoints.endpoints["lambda"].id
} }
output "vpc_endpoint_lambda_network_interface_ids" { output "vpc_endpoint_lambda_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Lambda." description = "One or more network interfaces for the VPC Endpoint for Lambda."
value = module.vpc.vpc_endpoint_lambda_network_interface_ids value = module.vpc_endpoints.endpoints["lambda"].network_interface_ids
} }
output "vpc_endpoint_lambda_dns_entry" { output "vpc_endpoint_lambda_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Lambda." description = "The DNS entries for the VPC Endpoint for Lambda."
value = module.vpc.vpc_endpoint_lambda_dns_entry value = module.vpc_endpoints.endpoints["lambda"].dns_entry
} }
# Customer Gateway # Customer Gateway
......
examples/complete-vpc/versions.tf
View file @ a98422ba
terraform { terraform {
required_version = ">= 0.12.21" required_version = ">= 0.12.26"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = ">= 3.10" version = ">= 3.15"
} }
} }
} }
examples/ipv6/README.md
View file @ a98422ba
...@@ -19,14 +19,12 @@ Note that this example may create resources which can cost money (AWS Elastic IP ...@@ -19,14 +19,12 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.21 | | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.70 | | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.15 |
## Providers ## Providers
| Name | Version | No providers.
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.70 |
## Modules ## Modules
...@@ -36,9 +34,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP ...@@ -36,9 +34,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
## Resources ## Resources
| Name | Type | No resources.
|------|------|
| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
## Inputs ## Inputs
......
examples/ipv6/main.tf
View file @ a98422ba
provider "aws" { provider "aws" {
region = local.region
}
locals {
region = "eu-west-1" region = "eu-west-1"
} }
data "aws_availability_zones" "available" {} ################################################################################
# VPC Module
################################################################################
module "vpc" { module "vpc" {
source = "../.." source = "../.."
name = "ipv6" name = "ipv6"
cidr = "10.0.0.0/16" cidr = "10.0.0.0/16"
azs = [data.aws_availability_zones.available.names[0], data.aws_availability_zones.available.names[1]] azs = ["${local.region}a", "${local.region}b"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] public_subnets = ["10.0.101.0/24", "10.0.102.0/24"]
database_subnets = ["10.0.103.0/24", "10.0.104.0/24"] database_subnets = ["10.0.103.0/24", "10.0.104.0/24"]
......
examples/ipv6/versions.tf
View file @ a98422ba
terraform { terraform {
required_version = ">= 0.12.21" required_version = ">= 0.12.26"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = ">= 2.70" version = ">= 3.15"
} }
} }
} }
examples/issue-108-route-already-exists/README.md deleted 100644 → 0
View file @ 43edd440
# Issue 108 - VPC
Configuration in this directory creates set of VPC resources to cover issues reported on GitHub:
* https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/108#issue-308084655
* https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/102#issuecomment-374877706
* https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/44#issuecomment-378679404
## Usage
To run this example you need to execute:
```bash
$ terraform init
$ terraform plan
$ terraform apply
```
Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.21 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.70 |
## Providers
No providers.
## Modules
| Name | Source | Version |
|------|--------|---------|
| <a name="module_vpc"></a> [vpc](#module\_vpc) | ../../ | |
## Resources
No resources.
## Inputs
No inputs.
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_database_subnets"></a> [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
| <a name="output_elasticache_subnets"></a> [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
| <a name="output_nat_public_ips"></a> [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
| <a name="output_private_subnets"></a> [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
| <a name="output_public_subnets"></a> [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
examples/issue-108-route-already-exists/main.tf deleted 100644 → 0
View file @ 43edd440
provider "aws" {
region = "us-east-1"
}
module "vpc" {
source = "../../"
name = "route-already-exists"
cidr = "10.0.0.0/16"
azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
private_subnets = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"]
public_subnets = ["10.0.254.240/28", "10.0.254.224/28", "10.0.254.208/28"]
single_nat_gateway = true
enable_nat_gateway = true
enable_s3_endpoint = true
enable_dynamodb_endpoint = true
}
examples/issue-108-route-already-exists/outputs.tf deleted 100644 → 0
View file @ 43edd440
# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = module.vpc.vpc_id
}
# Subnets
output "private_subnets" {
description = "List of IDs of private subnets"
value = module.vpc.private_subnets
}
output "public_subnets" {
description = "List of IDs of public subnets"
value = module.vpc.public_subnets
}
output "database_subnets" {
description = "List of IDs of database subnets"
value = module.vpc.database_subnets
}
output "elasticache_subnets" {
description = "List of IDs of elasticache subnets"
value = module.vpc.elasticache_subnets
}
# NAT gateways
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = module.vpc.nat_public_ips
}
examples/issue-44-asymmetric-private-subnets/README.md deleted 100644 → 0
View file @ 43edd440
# Issue 44 - VPC
Configuration in this directory creates set of VPC resources to cover issues reported on GitHub:
* https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/44
## Usage
To run this example you need to execute:
```bash
$ terraform init
$ terraform plan
$ terraform apply
```
Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.21 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.70 |
## Providers
No providers.
## Modules
| Name | Source | Version |
|------|--------|---------|
| <a name="module_vpc"></a> [vpc](#module\_vpc) | ../../ | |
## Resources
No resources.
## Inputs
No inputs.
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_database_subnets"></a> [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
| <a name="output_elasticache_subnets"></a> [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
| <a name="output_nat_public_ips"></a> [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
| <a name="output_private_subnets"></a> [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
| <a name="output_public_subnets"></a> [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
examples/issue-44-asymmetric-private-subnets/main.tf deleted 100644 → 0
View file @ 43edd440
# List of AZs and private subnets are not of equal length
#
# This example creates resources which are not present in all AZs.
# This should be seldomly needed from architectural point of view,
# and it can also lead this module to some edge cases.
#
# Github issue: https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/44
module "vpc" {
source = "../../"
name = "asymmetrical"
cidr = "10.0.0.0/16"
azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
private_subnets = ["10.0.1.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24"]
database_subnets = ["10.0.21.0/24", "10.0.22.0/24", "10.0.23.0/24"]
create_database_subnet_group = true
enable_nat_gateway = true
tags = {
Issue = "44"
Name = "asymmetrical"
}
}
examples/issue-44-asymmetric-private-subnets/outputs.tf deleted 100644 → 0
View file @ 43edd440
# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = module.vpc.vpc_id
}
# Subnets
output "private_subnets" {
description = "List of IDs of private subnets"
value = module.vpc.private_subnets
}
output "public_subnets" {
description = "List of IDs of public subnets"
value = module.vpc.public_subnets
}
output "database_subnets" {
description = "List of IDs of database subnets"
value = module.vpc.database_subnets
}
output "elasticache_subnets" {
description = "List of IDs of elasticache subnets"
value = module.vpc.elasticache_subnets
}
# NAT gateways
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = module.vpc.nat_public_ips
}
examples/issue-46-no-private-subnets/README.md deleted 100644 → 0
View file @ 43edd440
# Issue 46 - VPC
Configuration in this directory creates set of VPC resources to cover issues reported on GitHub:
* https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/46
## Usage
To run this example you need to execute:
```bash
$ terraform init
$ terraform plan
$ terraform apply
```
Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.21 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.70 |
## Providers
No providers.
## Modules
| Name | Source | Version |
|------|--------|---------|
| <a name="module_vpc"></a> [vpc](#module\_vpc) | ../../ | |
## Resources
No resources.
## Inputs
No inputs.
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_database_subnets"></a> [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
| <a name="output_elasticache_subnets"></a> [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
| <a name="output_nat_public_ips"></a> [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
| <a name="output_private_subnets"></a> [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
| <a name="output_public_subnets"></a> [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
examples/issue-46-no-private-subnets/main.tf deleted 100644 → 0
View file @ 43edd440
# There are no private subnets in this VPC setup.
#
# Github issue: https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/46
module "vpc" {
source = "../../"
name = "no-private-subnets"
cidr = "10.0.0.0/16"
azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
public_subnets = ["10.0.0.0/22", "10.0.4.0/22", "10.0.8.0/22"]
private_subnets = []
database_subnets = ["10.0.128.0/24", "10.0.129.0/24"]
elasticache_subnets = ["10.0.131.0/24", "10.0.132.0/24", "10.0.133.0/24"]
enable_dns_support = true
enable_dns_hostnames = true
enable_nat_gateway = false
tags = {
Issue = "46"
Name = "no-private-subnets"
}
}
examples/issue-46-no-private-subnets/outputs.tf deleted 100644 → 0
View file @ 43edd440
# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = module.vpc.vpc_id
}
# Subnets
output "private_subnets" {
description = "List of IDs of private subnets"
value = module.vpc.private_subnets
}
output "public_subnets" {
description = "List of IDs of public subnets"
value = module.vpc.public_subnets
}
output "database_subnets" {
description = "List of IDs of database subnets"
value = module.vpc.database_subnets
}
output "elasticache_subnets" {
description = "List of IDs of elasticache subnets"
value = module.vpc.elasticache_subnets
}
# NAT gateways
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = module.vpc.nat_public_ips
}
examples/issue-46-no-private-subnets/versions.tf deleted 100644 → 0
View file @ 43edd440
terraform {
required_version = ">= 0.12.21"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 2.70"
}
}
}
examples/issues/README.md 0 → 100644
View file @ a98422ba
# Issues
Configuration in this directory creates set of VPC resources to cover issues reported on GitHub:
- https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/44
- https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/46
- https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/102
- https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/108
## Usage
To run this example you need to execute:
```bash
$ terraform init
$ terraform plan
$ terraform apply
```
Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.15 |
## Providers
No providers.
## Modules
| Name | Source | Version |
|------|--------|---------|
| <a name="module_vpc_issue_108"></a> [vpc\_issue\_108](#module\_vpc\_issue\_108) | ../../ | |
| <a name="module_vpc_issue_44"></a> [vpc\_issue\_44](#module\_vpc\_issue\_44) | ../../ | |
| <a name="module_vpc_issue_46"></a> [vpc\_issue\_46](#module\_vpc\_issue\_46) | ../../ | |
## Resources
No resources.
## Inputs
No inputs.
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_issue_108_database_subnets"></a> [issue\_108\_database\_subnets](#output\_issue\_108\_database\_subnets) | List of IDs of database subnets |
| <a name="output_issue_108_elasticache_subnets"></a> [issue\_108\_elasticache\_subnets](#output\_issue\_108\_elasticache\_subnets) | List of IDs of elasticache subnets |
| <a name="output_issue_108_nat_public_ips"></a> [issue\_108\_nat\_public\_ips](#output\_issue\_108\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
| <a name="output_issue_108_private_subnets"></a> [issue\_108\_private\_subnets](#output\_issue\_108\_private\_subnets) | List of IDs of private subnets |
| <a name="output_issue_108_public_subnets"></a> [issue\_108\_public\_subnets](#output\_issue\_108\_public\_subnets) | List of IDs of public subnets |
| <a name="output_issue_108_vpc_id"></a> [issue\_108\_vpc\_id](#output\_issue\_108\_vpc\_id) | The ID of the VPC |
| <a name="output_issue_44_database_subnets"></a> [issue\_44\_database\_subnets](#output\_issue\_44\_database\_subnets) | List of IDs of database subnets |
| <a name="output_issue_44_elasticache_subnets"></a> [issue\_44\_elasticache\_subnets](#output\_issue\_44\_elasticache\_subnets) | List of IDs of elasticache subnets |
| <a name="output_issue_44_nat_public_ips"></a> [issue\_44\_nat\_public\_ips](#output\_issue\_44\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
| <a name="output_issue_44_private_subnets"></a> [issue\_44\_private\_subnets](#output\_issue\_44\_private\_subnets) | List of IDs of private subnets |
| <a name="output_issue_44_public_subnets"></a> [issue\_44\_public\_subnets](#output\_issue\_44\_public\_subnets) | List of IDs of public subnets |
| <a name="output_issue_44_vpc_id"></a> [issue\_44\_vpc\_id](#output\_issue\_44\_vpc\_id) | The ID of the VPC |
| <a name="output_issue_46_database_subnets"></a> [issue\_46\_database\_subnets](#output\_issue\_46\_database\_subnets) | List of IDs of database subnets |
| <a name="output_issue_46_elasticache_subnets"></a> [issue\_46\_elasticache\_subnets](#output\_issue\_46\_elasticache\_subnets) | List of IDs of elasticache subnets |
| <a name="output_issue_46_nat_public_ips"></a> [issue\_46\_nat\_public\_ips](#output\_issue\_46\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
| <a name="output_issue_46_private_subnets"></a> [issue\_46\_private\_subnets](#output\_issue\_46\_private\_subnets) | List of IDs of private subnets |
| <a name="output_issue_46_public_subnets"></a> [issue\_46\_public\_subnets](#output\_issue\_46\_public\_subnets) | List of IDs of public subnets |
| <a name="output_issue_46_vpc_id"></a> [issue\_46\_vpc\_id](#output\_issue\_46\_vpc\_id) | The ID of the VPC |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
examples/issues/main.tf 0 → 100644
View file @ a98422ba
provider "aws" {
region = local.region
}
locals {
region = "eu-west-1"
}
################################################################################
# Issue 44 - https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/44
################################################################################
module "vpc_issue_44" {
source = "../../"
name = "asymmetrical"
cidr = "10.0.0.0/16"
azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
private_subnets = ["10.0.1.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24"]
database_subnets = ["10.0.21.0/24", "10.0.22.0/24", "10.0.23.0/24"]
create_database_subnet_group = true
enable_nat_gateway = true
tags = {
Issue = "44"
Name = "asymmetrical"
}
}
################################################################################
# Issue 46 - https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/46
################################################################################
module "vpc_issue_46" {
source = "../../"
name = "no-private-subnets"
cidr = "10.0.0.0/16"
azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
public_subnets = ["10.0.0.0/22", "10.0.4.0/22", "10.0.8.0/22"]
private_subnets = []
database_subnets = ["10.0.128.0/24", "10.0.129.0/24"]
elasticache_subnets = ["10.0.131.0/24", "10.0.132.0/24", "10.0.133.0/24"]
enable_dns_support = true
enable_dns_hostnames = true
enable_nat_gateway = false
tags = {
Issue = "46"
Name = "no-private-subnets"
}
}
################################################################################
# Issue 108 - https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/108
################################################################################
module "vpc_issue_108" {
source = "../../"
name = "route-already-exists"
cidr = "10.0.0.0/16"
azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
private_subnets = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"]
public_subnets = ["10.0.254.240/28", "10.0.254.224/28", "10.0.254.208/28"]
single_nat_gateway = true
enable_nat_gateway = true
tags = {
Issue = "108"
Name = "route-already-exists"
}
}
examples/issues/outputs.tf 0 → 100644
View file @ a98422ba
################################################################################
# Issue 44
################################################################################
# VPC
output "issue_44_vpc_id" {
description = "The ID of the VPC"
value = module.vpc_issue_44.vpc_id
}
# Subnets
output "issue_44_private_subnets" {
description = "List of IDs of private subnets"
value = module.vpc_issue_44.private_subnets
}
output "issue_44_public_subnets" {
description = "List of IDs of public subnets"
value = module.vpc_issue_44.public_subnets
}
output "issue_44_database_subnets" {
description = "List of IDs of database subnets"
value = module.vpc_issue_44.database_subnets
}
output "issue_44_elasticache_subnets" {
description = "List of IDs of elasticache subnets"
value = module.vpc_issue_44.elasticache_subnets
}
# NAT gateways
output "issue_44_nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = module.vpc_issue_44.nat_public_ips
}
################################################################################
# Issue 46
################################################################################
# VPC
output "issue_46_vpc_id" {
description = "The ID of the VPC"
value = module.vpc_issue_46.vpc_id
}
# Subnets
output "issue_46_private_subnets" {
description = "List of IDs of private subnets"
value = module.vpc_issue_46.private_subnets
}
output "issue_46_public_subnets" {
description = "List of IDs of public subnets"
value = module.vpc_issue_46.public_subnets
}
output "issue_46_database_subnets" {
description = "List of IDs of database subnets"
value = module.vpc_issue_46.database_subnets
}
output "issue_46_elasticache_subnets" {
description = "List of IDs of elasticache subnets"
value = module.vpc_issue_46.elasticache_subnets
}
# NAT gateways
output "issue_46_nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = module.vpc_issue_46.nat_public_ips
}
################################################################################
# Issue 108
################################################################################
# VPC
output "issue_108_vpc_id" {
description = "The ID of the VPC"
value = module.vpc_issue_108.vpc_id
}
# Subnets
output "issue_108_private_subnets" {
description = "List of IDs of private subnets"
value = module.vpc_issue_108.private_subnets
}
output "issue_108_public_subnets" {
description = "List of IDs of public subnets"
value = module.vpc_issue_108.public_subnets
}
output "issue_108_database_subnets" {
description = "List of IDs of database subnets"
value = module.vpc_issue_108.database_subnets
}
output "issue_108_elasticache_subnets" {
description = "List of IDs of elasticache subnets"
value = module.vpc_issue_108.elasticache_subnets
}
# NAT gateways
output "issue_108_nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = module.vpc_issue_108.nat_public_ips
}
examples/issue-108-route-already-exists/versions.tf examples/issues/versions.tf
View file @ a98422ba
terraform { terraform {
required_version = ">= 0.12.21" required_version = ">= 0.12.26"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = ">= 2.70" version = ">= 3.15"
} }
} }
} }
examples/manage-default-vpc/README.md
View file @ a98422ba
...@@ -21,8 +21,8 @@ Run `terraform destroy` when you don't need these resources. ...@@ -21,8 +21,8 @@ Run `terraform destroy` when you don't need these resources.
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.21 | | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.70 | | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.15 |
## Providers ## Providers
......
examples/manage-default-vpc/main.tf
View file @ a98422ba
provider "aws" { provider "aws" {
region = local.region
}
locals {
region = "eu-west-1" region = "eu-west-1"
} }
################################################################################
# VPC Module
################################################################################
module "vpc" { module "vpc" {
source = "../../" source = "../../"
......
examples/manage-default-vpc/versions.tf
View file @ a98422ba
terraform { terraform {
required_version = ">= 0.12.21" required_version = ">= 0.12.26"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = ">= 2.70" version = ">= 3.15"
} }
} }
} }
examples/network-acls/README.md
View file @ a98422ba
...@@ -23,8 +23,8 @@ Note that this example may create resources which can cost money (AWS Elastic IP ...@@ -23,8 +23,8 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.21 | | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.70 | | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.15 |
## Providers ## Providers
......
examples/network-acls/main.tf
View file @ a98422ba
provider "aws" { provider "aws" {
region = "eu-west-1" region = local.region
}
module "vpc" {
source = "../../"
name = "network-acls-example"
cidr = "10.0.0.0/16"
azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
elasticache_subnets = ["10.0.201.0/24", "10.0.202.0/24", "10.0.203.0/24"]
public_dedicated_network_acl = true
public_inbound_acl_rules = concat(
local.network_acls["default_inbound"],
local.network_acls["public_inbound"],
)
public_outbound_acl_rules = concat(
local.network_acls["default_outbound"],
local.network_acls["public_outbound"],
)
elasticache_outbound_acl_rules = concat(
local.network_acls["default_outbound"],
local.network_acls["elasticache_outbound"],
)
private_dedicated_network_acl = false
elasticache_dedicated_network_acl = true
manage_default_network_acl = true
enable_ipv6 = true
enable_nat_gateway = false
single_nat_gateway = true
public_subnet_tags = {
Name = "overridden-name-public"
}
tags = {
Owner = "user"
Environment = "dev"
}
vpc_tags = {
Name = "vpc-name"
}
} }
locals { locals {
region = "eu-west-1"
network_acls = { network_acls = {
default_inbound = [ default_inbound = [
{ {
...@@ -202,3 +154,47 @@ locals { ...@@ -202,3 +154,47 @@ locals {
] ]
} }
} }
################################################################################
# VPC Module
################################################################################
module "vpc" {
source = "../../"
name = "network-acls-example"
cidr = "10.0.0.0/16"
azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
elasticache_subnets = ["10.0.201.0/24", "10.0.202.0/24", "10.0.203.0/24"]
public_dedicated_network_acl = true
public_inbound_acl_rules = concat(local.network_acls["default_inbound"], local.network_acls["public_inbound"])
public_outbound_acl_rules = concat(local.network_acls["default_outbound"], local.network_acls["public_outbound"])
elasticache_outbound_acl_rules = concat(local.network_acls["default_outbound"], local.network_acls["elasticache_outbound"])
private_dedicated_network_acl = false
elasticache_dedicated_network_acl = true
manage_default_network_acl = true
enable_ipv6 = true
enable_nat_gateway = false
single_nat_gateway = true
public_subnet_tags = {
Name = "overridden-name-public"
}
tags = {
Owner = "user"
Environment = "dev"
}
vpc_tags = {
Name = "vpc-name"
}
}
examples/network-acls/versions.tf
View file @ a98422ba
terraform { terraform {
required_version = ">= 0.12.21" required_version = ">= 0.12.26"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = ">= 2.70" version = ">= 3.15"
} }
} }
} }
examples/outpost/README.md
View file @ a98422ba
...@@ -23,14 +23,14 @@ Note that this example may create resources which can cost money (AWS Elastic IP ...@@ -23,14 +23,14 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.21 | | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.5.0 | | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.15 |
## Providers ## Providers
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.5.0 | | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.15 |
## Modules ## Modules
......
examples/outpost/main.tf
View file @ a98422ba
provider "aws" { provider "aws" {
region = "us-west-2" region = local.region
assume_role { assume_role {
role_arn = "arn:aws:iam::562806027032:role/outpost-shared-anton" role_arn = "arn:aws:iam::562806027032:role/outpost-shared-anton"
} }
} }
data "aws_outposts_outpost" "shared" {
name = "SEA19.07"
}
data "aws_availability_zones" "available" {}
module "vpc" {
source = "../../"
name = "outpost-example"
cidr = "10.0.0.0/16"
azs = [
data.aws_availability_zones.available.names[0],
data.aws_availability_zones.available.names[1],
data.aws_availability_zones.available.names[2],
]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
# Outpost is using single AZ specified in `outpost_az`
outpost_subnets = ["10.0.50.0/24", "10.0.51.0/24"]
outpost_arn = data.aws_outposts_outpost.shared.arn
outpost_az = data.aws_outposts_outpost.shared.availability_zone
# IPv6
enable_ipv6 = true
outpost_subnet_assign_ipv6_address_on_creation = true
outpost_subnet_ipv6_prefixes = [2, 3, 4]
# NAT Gateway
enable_nat_gateway = true
single_nat_gateway = true
# Network ACLs
outpost_dedicated_network_acl = true
outpost_inbound_acl_rules = local.network_acls["outpost_inbound"]
outpost_outbound_acl_rules = local.network_acls["outpost_outbound"]
tags = {
Owner = "user"
Environment = "dev"
}
}
locals { locals {
region = "eu-west-1"
network_acls = { network_acls = {
outpost_inbound = [ outpost_inbound = [
{ {
...@@ -148,3 +104,56 @@ locals { ...@@ -148,3 +104,56 @@ locals {
] ]
} }
} }
################################################################################
# Supporting Resources
################################################################################
data "aws_outposts_outpost" "shared" {
name = "SEA19.07"
}
data "aws_availability_zones" "available" {}
################################################################################
# VPC Module
################################################################################
module "vpc" {
source = "../../"
name = "outpost-example"
cidr = "10.0.0.0/16"
azs = [
data.aws_availability_zones.available.names[0],
data.aws_availability_zones.available.names[1],
data.aws_availability_zones.available.names[2],
]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
# Outpost is using single AZ specified in `outpost_az`
outpost_subnets = ["10.0.50.0/24", "10.0.51.0/24"]
outpost_arn = data.aws_outposts_outpost.shared.arn
outpost_az = data.aws_outposts_outpost.shared.availability_zone
# IPv6
enable_ipv6 = true
outpost_subnet_assign_ipv6_address_on_creation = true
outpost_subnet_ipv6_prefixes = [2, 3, 4]
# NAT Gateway
enable_nat_gateway = true
single_nat_gateway = true
# Network ACLs
outpost_dedicated_network_acl = true
outpost_inbound_acl_rules = local.network_acls["outpost_inbound"]
outpost_outbound_acl_rules = local.network_acls["outpost_outbound"]
tags = {
Owner = "user"
Environment = "dev"
}
}
examples/outpost/versions.tf
View file @ a98422ba
terraform { terraform {
required_version = ">= 0.12.21" required_version = ">= 0.12.26"
required_providers { required_providers {
aws = ">= 3.5.0" aws = {
source = "hashicorp/aws"
version = ">= 3.15"
}
} }
} }
examples/secondary-cidr-blocks/README.md
View file @ a98422ba
...@@ -21,8 +21,8 @@ Note that this example may create resources which can cost money (AWS Elastic IP ...@@ -21,8 +21,8 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.21 | | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.70 | | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.15 |
## Providers ## Providers
......
examples/secondary-cidr-blocks/main.tf
View file @ a98422ba
provider "aws" { provider "aws" {
region = local.region
}
locals {
region = "eu-west-1" region = "eu-west-1"
} }
################################################################################
# VPC Module
################################################################################
module "vpc" { module "vpc" {
source = "../../" source = "../../"
...@@ -10,7 +18,7 @@ module "vpc" { ...@@ -10,7 +18,7 @@ module "vpc" {
cidr = "10.0.0.0/16" cidr = "10.0.0.0/16"
secondary_cidr_blocks = ["10.1.0.0/16", "10.2.0.0/16"] secondary_cidr_blocks = ["10.1.0.0/16", "10.2.0.0/16"]
azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
private_subnets = ["10.0.1.0/24", "10.1.2.0/24", "10.2.3.0/24"] private_subnets = ["10.0.1.0/24", "10.1.2.0/24", "10.2.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.1.102.0/24", "10.2.103.0/24"] public_subnets = ["10.0.101.0/24", "10.1.102.0/24", "10.2.103.0/24"]
...@@ -32,4 +40,3 @@ module "vpc" { ...@@ -32,4 +40,3 @@ module "vpc" {
Name = "vpc-name" Name = "vpc-name"
} }
} }
examples/secondary-cidr-blocks/versions.tf
View file @ a98422ba
terraform { terraform {
required_version = ">= 0.12.21" required_version = ">= 0.12.26"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = ">= 2.70" version = ">= 3.15"
} }
} }
} }
examples/simple-vpc/README.md
View file @ a98422ba
...@@ -25,8 +25,8 @@ Note that this example may create resources which can cost money (AWS Elastic IP ...@@ -25,8 +25,8 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.21 | | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.70 | | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.15 |
## Providers ## Providers
......
examples/simple-vpc/main.tf
View file @ a98422ba
provider "aws" { provider "aws" {
region = local.region
}
locals {
region = "eu-west-1" region = "eu-west-1"
} }
################################################################################
# VPC Module
################################################################################
module "vpc" { module "vpc" {
source = "../../" source = "../../"
name = "simple-example" name = "simple-example"
cidr = "10.0.0.0/16" cidr = "10.0.0.0/16"
azs = ["eu-west-1a", "eu-west-1b", "euw1-az3"] azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
...@@ -18,9 +25,6 @@ module "vpc" { ...@@ -18,9 +25,6 @@ module "vpc" {
enable_nat_gateway = false enable_nat_gateway = false
single_nat_gateway = true single_nat_gateway = true
enable_s3_endpoint = true
enable_dynamodb_endpoint = true
public_subnet_tags = { public_subnet_tags = {
Name = "overridden-name-public" Name = "overridden-name-public"
} }
...@@ -34,4 +38,3 @@ module "vpc" { ...@@ -34,4 +38,3 @@ module "vpc" {
Name = "vpc-name" Name = "vpc-name"
} }
} }
examples/simple-vpc/versions.tf
View file @ a98422ba
terraform { terraform {
required_version = ">= 0.12.21" required_version = ">= 0.12.26"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = ">= 2.70" version = ">= 3.15"
} }
} }
} }
examples/vpc-flow-logs/README.md
View file @ a98422ba
...@@ -24,14 +24,14 @@ Note that this example may create resources which can cost money (AWS Elastic IP ...@@ -24,14 +24,14 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 | | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.70 | | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.15 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2 | | <a name="requirement_random"></a> [random](#requirement\_random) | >= 2 |
## Providers ## Providers
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.70 | | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.15 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 2 | | <a name="provider_random"></a> [random](#provider\_random) | >= 2 |
## Modules ## Modules
......
examples/vpc-flow-logs/cloud-watch-logs.tf deleted 100644 → 0
View file @ 43edd440
###########################################################
# VPC flow logs => Cloudwatch logs (created automatically)
###########################################################
module "vpc_with_flow_logs_cloudwatch_logs_default" {
source = "../../"
name = "vpc-flow-logs-cloudwatch-logs-default"
cidr = "10.10.0.0/16"
azs = ["eu-west-1a"]
public_subnets = ["10.10.101.0/24"]
# Cloudwatch log group and IAM role will be created
enable_flow_log = true
create_flow_log_cloudwatch_log_group = true
create_flow_log_cloudwatch_iam_role = true
flow_log_max_aggregation_interval = 60
vpc_flow_log_tags = {
Name = "vpc-flow-logs-cloudwatch-logs-default"
}
}
########################################################
# VPC flow logs => Cloudwatch logs (CloudWatch Log Group and IAM role created separately)
########################################################
module "vpc_with_flow_logs_cloudwatch_logs" {
source = "../../"
name = "vpc-flow-logs-cloudwatch-logs"
cidr = "10.20.0.0/16"
azs = ["eu-west-1a"]
public_subnets = ["10.20.101.0/24"]
enable_flow_log = true
flow_log_destination_type = "cloud-watch-logs"
flow_log_destination_arn = aws_cloudwatch_log_group.flow_log.arn
flow_log_cloudwatch_iam_role_arn = aws_iam_role.vpc_flow_log_cloudwatch.arn
vpc_flow_log_tags = {
Name = "vpc-flow-logs-cloudwatch-logs"
}
}
#######################
# CloudWatch Log group
#######################
resource "aws_cloudwatch_log_group" "flow_log" {
name = local.cloudwatch_log_group_name
}
###########
# IAM Role
###########
resource "aws_iam_role" "vpc_flow_log_cloudwatch" {
name_prefix = "vpc-flow-log-role-"
assume_role_policy = data.aws_iam_policy_document.flow_log_cloudwatch_assume_role.json
}
data "aws_iam_policy_document" "flow_log_cloudwatch_assume_role" {
statement {
principals {
type = "Service"
identifiers = ["vpc-flow-logs.amazonaws.com"]
}
effect = "Allow"
actions = ["sts:AssumeRole"]
}
}
resource "aws_iam_role_policy_attachment" "vpc_flow_log_cloudwatch" {
role = aws_iam_role.vpc_flow_log_cloudwatch.name
policy_arn = aws_iam_policy.vpc_flow_log_cloudwatch.arn
}
resource "aws_iam_policy" "vpc_flow_log_cloudwatch" {
name_prefix = "vpc-flow-log-cloudwatch-"
policy = data.aws_iam_policy_document.vpc_flow_log_cloudwatch.json
}
data "aws_iam_policy_document" "vpc_flow_log_cloudwatch" {
statement {
sid = "AWSVPCFlowLogsPushToCloudWatch"
effect = "Allow"
actions = [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
]
resources = ["*"]
}
}
examples/vpc-flow-logs/main.tf
View file @ a98422ba
provider "aws" { provider "aws" {
region = "eu-west-1" region = local.region
} }
locals { locals {
region = "eu-west-1"
s3_bucket_name = "vpc-flow-logs-to-s3-${random_pet.this.id}" s3_bucket_name = "vpc-flow-logs-to-s3-${random_pet.this.id}"
cloudwatch_log_group_name = "vpc-flow-logs-to-cloudwatch-${random_pet.this.id}" cloudwatch_log_group_name = "vpc-flow-logs-to-cloudwatch-${random_pet.this.id}"
} }
################################################################################
# VPC Module
################################################################################
module "vpc_with_flow_logs_s3_bucket" {
source = "../../"
name = "vpc-flow-logs-s3-bucket"
cidr = "10.30.0.0/16"
azs = ["${local.region}a"]
public_subnets = ["10.30.101.0/24"]
enable_flow_log = true
flow_log_destination_type = "s3"
flow_log_destination_arn = module.s3_bucket.this_s3_bucket_arn
vpc_flow_log_tags = {
Name = "vpc-flow-logs-s3-bucket"
}
}
# CloudWatch Log Group and IAM role created automatically
module "vpc_with_flow_logs_cloudwatch_logs_default" {
source = "../../"
name = "vpc-flow-logs-cloudwatch-logs-default"
cidr = "10.10.0.0/16"
azs = ["${local.region}a"]
public_subnets = ["10.10.101.0/24"]
# Cloudwatch log group and IAM role will be created
enable_flow_log = true
create_flow_log_cloudwatch_log_group = true
create_flow_log_cloudwatch_iam_role = true
flow_log_max_aggregation_interval = 60
vpc_flow_log_tags = {
Name = "vpc-flow-logs-cloudwatch-logs-default"
}
}
# CloudWatch Log Group and IAM role created separately
module "vpc_with_flow_logs_cloudwatch_logs" {
source = "../../"
name = "vpc-flow-logs-cloudwatch-logs"
cidr = "10.20.0.0/16"
azs = ["${local.region}a"]
public_subnets = ["10.20.101.0/24"]
enable_flow_log = true
flow_log_destination_type = "cloud-watch-logs"
flow_log_destination_arn = aws_cloudwatch_log_group.flow_log.arn
flow_log_cloudwatch_iam_role_arn = aws_iam_role.vpc_flow_log_cloudwatch.arn
vpc_flow_log_tags = {
Name = "vpc-flow-logs-cloudwatch-logs"
}
}
################################################################################
# Supporting Resources
################################################################################
resource "random_pet" "this" { resource "random_pet" "this" {
length = 2 length = 2
} }
# S3 Bucket
module "s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
version = "~> 1.0"
bucket = local.s3_bucket_name
policy = data.aws_iam_policy_document.flow_log_s3.json
force_destroy = true
tags = {
Name = "vpc-flow-logs-s3-bucket"
}
}
data "aws_iam_policy_document" "flow_log_s3" {
statement {
sid = "AWSLogDeliveryWrite"
principals {
type = "Service"
identifiers = ["delivery.logs.amazonaws.com"]
}
actions = ["s3:PutObject"]
resources = ["arn:aws:s3:::${local.s3_bucket_name}/AWSLogs/*"]
}
statement {
sid = "AWSLogDeliveryAclCheck"
principals {
type = "Service"
identifiers = ["delivery.logs.amazonaws.com"]
}
actions = ["s3:GetBucketAcl"]
resources = ["arn:aws:s3:::${local.s3_bucket_name}"]
}
}
# Cloudwatch logs
resource "aws_cloudwatch_log_group" "flow_log" {
name = local.cloudwatch_log_group_name
}
resource "aws_iam_role" "vpc_flow_log_cloudwatch" {
name_prefix = "vpc-flow-log-role-"
assume_role_policy = data.aws_iam_policy_document.flow_log_cloudwatch_assume_role.json
}
data "aws_iam_policy_document" "flow_log_cloudwatch_assume_role" {
statement {
principals {
type = "Service"
identifiers = ["vpc-flow-logs.amazonaws.com"]
}
actions = ["sts:AssumeRole"]
}
}
resource "aws_iam_role_policy_attachment" "vpc_flow_log_cloudwatch" {
role = aws_iam_role.vpc_flow_log_cloudwatch.name
policy_arn = aws_iam_policy.vpc_flow_log_cloudwatch.arn
}
resource "aws_iam_policy" "vpc_flow_log_cloudwatch" {
name_prefix = "vpc-flow-log-cloudwatch-"
policy = data.aws_iam_policy_document.vpc_flow_log_cloudwatch.json
}
data "aws_iam_policy_document" "vpc_flow_log_cloudwatch" {
statement {
sid = "AWSVPCFlowLogsPushToCloudWatch"
actions = [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
]
resources = ["*"]
}
}
examples/vpc-flow-logs/s3.tf deleted 100644 → 0
View file @ 43edd440
#############################
# VPC flow logs => S3 bucket
#############################
module "vpc_with_flow_logs_s3_bucket" {
source = "../../"
name = "vpc-flow-logs-s3-bucket"
cidr = "10.30.0.0/16"
azs = ["eu-west-1a"]
public_subnets = ["10.30.101.0/24"]
enable_flow_log = true
flow_log_destination_type = "s3"
flow_log_destination_arn = module.s3_bucket.this_s3_bucket_arn
vpc_flow_log_tags = {
Name = "vpc-flow-logs-s3-bucket"
}
}
############
# S3 bucket
############
module "s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
version = "~> 1.0"
bucket = local.s3_bucket_name
policy = data.aws_iam_policy_document.flow_log_s3.json
force_destroy = true
tags = {
Name = "vpc-flow-logs-s3-bucket"
}
}
data "aws_iam_policy_document" "flow_log_s3" {
statement {
sid = "AWSLogDeliveryWrite"
principals {
type = "Service"
identifiers = ["delivery.logs.amazonaws.com"]
}
effect = "Allow"
actions = [
"s3:PutObject",
]
resources = ["arn:aws:s3:::${local.s3_bucket_name}/AWSLogs/*"]
}
statement {
sid = "AWSLogDeliveryAclCheck"
principals {
type = "Service"
identifiers = ["delivery.logs.amazonaws.com"]
}
effect = "Allow"
actions = [
"s3:GetBucketAcl",
]
resources = ["arn:aws:s3:::${local.s3_bucket_name}"]
}
}
examples/vpc-flow-logs/versions.tf
View file @ a98422ba
...@@ -4,7 +4,7 @@ terraform { ...@@ -4,7 +4,7 @@ terraform {
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = ">= 2.70" version = ">= 3.15"
} }
random = { random = {
......
examples/vpc-separate-private-route-tables/README.md
View file @ a98422ba
...@@ -21,8 +21,8 @@ Note that this example may create resources which can cost money (AWS Elastic IP ...@@ -21,8 +21,8 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.21 | | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.70 | | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.15 |
## Providers ## Providers
......
examples/vpc-separate-private-route-tables/main.tf
View file @ a98422ba
provider "aws" { provider "aws" {
region = local.region
}
locals {
region = "eu-west-1" region = "eu-west-1"
} }
################################################################################
# VPC Module
################################################################################
module "vpc" { module "vpc" {
source = "../../" source = "../../"
...@@ -9,7 +17,7 @@ module "vpc" { ...@@ -9,7 +17,7 @@ module "vpc" {
cidr = "10.10.0.0/16" cidr = "10.10.0.0/16"
azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"] private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
public_subnets = ["10.10.11.0/24", "10.10.12.0/24", "10.10.13.0/24"] public_subnets = ["10.10.11.0/24", "10.10.12.0/24", "10.10.13.0/24"]
database_subnets = ["10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24"] database_subnets = ["10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24"]
...@@ -29,4 +37,3 @@ module "vpc" { ...@@ -29,4 +37,3 @@ module "vpc" {
Name = "separate-private-route-tables" Name = "separate-private-route-tables"
} }
} }
examples/vpc-separate-private-route-tables/versions.tf
View file @ a98422ba
terraform { terraform {
required_version = ">= 0.12.21" required_version = ">= 0.12.26"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = ">= 2.70" version = ">= 3.15"
} }
} }
} }
main.tf
View file @ a98422ba
...@@ -16,16 +16,12 @@ locals { ...@@ -16,16 +16,12 @@ locals {
), ),
0, 0,
) )
vpce_tags = merge(
var.tags,
var.vpc_endpoint_tags,
)
} }
###### ################################################################################
# VPC # VPC
###### ################################################################################
resource "aws_vpc" "this" { resource "aws_vpc" "this" {
count = var.create_vpc ? 1 : 0 count = var.create_vpc ? 1 : 0
...@@ -98,9 +94,10 @@ resource "aws_default_security_group" "this" { ...@@ -98,9 +94,10 @@ resource "aws_default_security_group" "this" {
) )
} }
################### ################################################################################
# DHCP Options Set # DHCP Options Set
################### ################################################################################
resource "aws_vpc_dhcp_options" "this" { resource "aws_vpc_dhcp_options" "this" {
count = var.create_vpc && var.enable_dhcp_options ? 1 : 0 count = var.create_vpc && var.enable_dhcp_options ? 1 : 0
...@@ -119,9 +116,6 @@ resource "aws_vpc_dhcp_options" "this" { ...@@ -119,9 +116,6 @@ resource "aws_vpc_dhcp_options" "this" {
) )
} }
###############################
# DHCP Options Set Association
###############################
resource "aws_vpc_dhcp_options_association" "this" { resource "aws_vpc_dhcp_options_association" "this" {
count = var.create_vpc && var.enable_dhcp_options ? 1 : 0 count = var.create_vpc && var.enable_dhcp_options ? 1 : 0
...@@ -129,9 +123,10 @@ resource "aws_vpc_dhcp_options_association" "this" { ...@@ -129,9 +123,10 @@ resource "aws_vpc_dhcp_options_association" "this" {
dhcp_options_id = aws_vpc_dhcp_options.this[0].id dhcp_options_id = aws_vpc_dhcp_options.this[0].id
} }
################### ################################################################################
# Internet Gateway # Internet Gateway
################### ################################################################################
resource "aws_internet_gateway" "this" { resource "aws_internet_gateway" "this" {
count = var.create_vpc && var.create_igw && length(var.public_subnets) > 0 ? 1 : 0 count = var.create_vpc && var.create_igw && length(var.public_subnets) > 0 ? 1 : 0
...@@ -160,9 +155,9 @@ resource "aws_egress_only_internet_gateway" "this" { ...@@ -160,9 +155,9 @@ resource "aws_egress_only_internet_gateway" "this" {
) )
} }
############### ################################################################################
# Default route # Default route
############### ################################################################################
resource "aws_default_route_table" "default" { resource "aws_default_route_table" "default" {
count = var.create_vpc && var.manage_default_route_table ? 1 : 0 count = var.create_vpc && var.manage_default_route_table ? 1 : 0
...@@ -178,14 +173,13 @@ resource "aws_default_route_table" "default" { ...@@ -178,14 +173,13 @@ resource "aws_default_route_table" "default" {
ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null) ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null)
# One of the following targets must be provided # One of the following targets must be provided
egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null) egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null)
gateway_id = lookup(route.value, "gateway_id", null) gateway_id = lookup(route.value, "gateway_id", null)
instance_id = lookup(route.value, "instance_id", null) instance_id = lookup(route.value, "instance_id", null)
nat_gateway_id = lookup(route.value, "nat_gateway_id", null) nat_gateway_id = lookup(route.value, "nat_gateway_id", null)
network_interface_id = lookup(route.value, "network_interface_id", null) network_interface_id = lookup(route.value, "network_interface_id", null)
transit_gateway_id = lookup(route.value, "transit_gateway_id", null) transit_gateway_id = lookup(route.value, "transit_gateway_id", null)
# `vpc_endpoint_id` was recently added in v3.15.0 vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null)
# vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null)
vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null) vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null)
} }
} }
...@@ -197,9 +191,10 @@ resource "aws_default_route_table" "default" { ...@@ -197,9 +191,10 @@ resource "aws_default_route_table" "default" {
) )
} }
################ ################################################################################
# Publiс routes # Publiс routes
################ ################################################################################
resource "aws_route_table" "public" { resource "aws_route_table" "public" {
count = var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0 count = var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0
...@@ -234,10 +229,11 @@ resource "aws_route" "public_internet_gateway_ipv6" { ...@@ -234,10 +229,11 @@ resource "aws_route" "public_internet_gateway_ipv6" {
gateway_id = aws_internet_gateway.this[0].id gateway_id = aws_internet_gateway.this[0].id
} }
################# ################################################################################
# Private routes # Private routes
# There are as many routing tables as the number of NAT gateways # There are as many routing tables as the number of NAT gateways
################# ################################################################################
resource "aws_route_table" "private" { resource "aws_route_table" "private" {
count = var.create_vpc && local.max_subnet_length > 0 ? local.nat_gateway_count : 0 count = var.create_vpc && local.max_subnet_length > 0 ? local.nat_gateway_count : 0
...@@ -256,9 +252,10 @@ resource "aws_route_table" "private" { ...@@ -256,9 +252,10 @@ resource "aws_route_table" "private" {
) )
} }
################# ################################################################################
# Database routes # Database routes
################# ################################################################################
resource "aws_route_table" "database" { resource "aws_route_table" "database" {
count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 ? var.single_nat_gateway || var.create_database_internet_gateway_route ? 1 : length(var.database_subnets) : 0 count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 ? var.single_nat_gateway || var.create_database_internet_gateway_route ? 1 : length(var.database_subnets) : 0
...@@ -313,9 +310,10 @@ resource "aws_route" "database_ipv6_egress" { ...@@ -313,9 +310,10 @@ resource "aws_route" "database_ipv6_egress" {
} }
} }
################# ################################################################################
# Redshift routes # Redshift routes
################# ################################################################################
resource "aws_route_table" "redshift" { resource "aws_route_table" "redshift" {
count = var.create_vpc && var.create_redshift_subnet_route_table && length(var.redshift_subnets) > 0 ? 1 : 0 count = var.create_vpc && var.create_redshift_subnet_route_table && length(var.redshift_subnets) > 0 ? 1 : 0
...@@ -330,9 +328,10 @@ resource "aws_route_table" "redshift" { ...@@ -330,9 +328,10 @@ resource "aws_route_table" "redshift" {
) )
} }
################# ################################################################################
# Elasticache routes # Elasticache routes
################# ################################################################################
resource "aws_route_table" "elasticache" { resource "aws_route_table" "elasticache" {
count = var.create_vpc && var.create_elasticache_subnet_route_table && length(var.elasticache_subnets) > 0 ? 1 : 0 count = var.create_vpc && var.create_elasticache_subnet_route_table && length(var.elasticache_subnets) > 0 ? 1 : 0
...@@ -347,9 +346,10 @@ resource "aws_route_table" "elasticache" { ...@@ -347,9 +346,10 @@ resource "aws_route_table" "elasticache" {
) )
} }
################# ################################################################################
# Intra routes # Intra routes
################# ################################################################################
resource "aws_route_table" "intra" { resource "aws_route_table" "intra" {
count = var.create_vpc && length(var.intra_subnets) > 0 ? 1 : 0 count = var.create_vpc && length(var.intra_subnets) > 0 ? 1 : 0
...@@ -364,9 +364,10 @@ resource "aws_route_table" "intra" { ...@@ -364,9 +364,10 @@ resource "aws_route_table" "intra" {
) )
} }
################ ################################################################################
# Public subnet # Public subnet
################ ################################################################################
resource "aws_subnet" "public" { resource "aws_subnet" "public" {
count = var.create_vpc && length(var.public_subnets) > 0 && (false == var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs)) ? length(var.public_subnets) : 0 count = var.create_vpc && length(var.public_subnets) > 0 && (false == var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs)) ? length(var.public_subnets) : 0
...@@ -392,9 +393,10 @@ resource "aws_subnet" "public" { ...@@ -392,9 +393,10 @@ resource "aws_subnet" "public" {
) )
} }
################# ################################################################################
# Private subnet # Private subnet
################# ################################################################################
resource "aws_subnet" "private" { resource "aws_subnet" "private" {
count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0 count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0
...@@ -419,9 +421,10 @@ resource "aws_subnet" "private" { ...@@ -419,9 +421,10 @@ resource "aws_subnet" "private" {
) )
} }
################# ################################################################################
# Outpost subnet # Outpost subnet
################# ################################################################################
resource "aws_subnet" "outpost" { resource "aws_subnet" "outpost" {
count = var.create_vpc && length(var.outpost_subnets) > 0 ? length(var.outpost_subnets) : 0 count = var.create_vpc && length(var.outpost_subnets) > 0 ? length(var.outpost_subnets) : 0
...@@ -447,9 +450,10 @@ resource "aws_subnet" "outpost" { ...@@ -447,9 +450,10 @@ resource "aws_subnet" "outpost" {
) )
} }
################## ################################################################################
# Database subnet # Database subnet
################## ################################################################################
resource "aws_subnet" "database" { resource "aws_subnet" "database" {
count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0 count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0
...@@ -490,9 +494,10 @@ resource "aws_db_subnet_group" "database" { ...@@ -490,9 +494,10 @@ resource "aws_db_subnet_group" "database" {
) )
} }
################## ################################################################################
# Redshift subnet # Redshift subnet
################## ################################################################################
resource "aws_subnet" "redshift" { resource "aws_subnet" "redshift" {
count = var.create_vpc && length(var.redshift_subnets) > 0 ? length(var.redshift_subnets) : 0 count = var.create_vpc && length(var.redshift_subnets) > 0 ? length(var.redshift_subnets) : 0
...@@ -533,9 +538,10 @@ resource "aws_redshift_subnet_group" "redshift" { ...@@ -533,9 +538,10 @@ resource "aws_redshift_subnet_group" "redshift" {
) )
} }
##################### ################################################################################
# ElastiCache subnet # ElastiCache subnet
##################### ################################################################################
resource "aws_subnet" "elasticache" { resource "aws_subnet" "elasticache" {
count = var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0 count = var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0
...@@ -568,9 +574,10 @@ resource "aws_elasticache_subnet_group" "elasticache" { ...@@ -568,9 +574,10 @@ resource "aws_elasticache_subnet_group" "elasticache" {
subnet_ids = aws_subnet.elasticache.*.id subnet_ids = aws_subnet.elasticache.*.id
} }
##################################################### ################################################################################
# intra subnets - private subnet without NAT gateway # Intra subnets - private subnet without NAT gateway
##################################################### ################################################################################
resource "aws_subnet" "intra" { resource "aws_subnet" "intra" {
count = var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0 count = var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0
...@@ -595,9 +602,10 @@ resource "aws_subnet" "intra" { ...@@ -595,9 +602,10 @@ resource "aws_subnet" "intra" {
) )
} }
####################### ################################################################################
# Default Network ACLs # Default Network ACLs
####################### ################################################################################
resource "aws_default_network_acl" "this" { resource "aws_default_network_acl" "this" {
count = var.create_vpc && var.manage_default_network_acl ? 1 : 0 count = var.create_vpc && var.manage_default_network_acl ? 1 : 0
...@@ -664,9 +672,10 @@ resource "aws_default_network_acl" "this" { ...@@ -664,9 +672,10 @@ resource "aws_default_network_acl" "this" {
) )
} }
######################## ################################################################################
# Public Network ACLs # Public Network ACLs
######################## ################################################################################
resource "aws_network_acl" "public" { resource "aws_network_acl" "public" {
count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? 1 : 0 count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? 1 : 0
...@@ -716,9 +725,10 @@ resource "aws_network_acl_rule" "public_outbound" { ...@@ -716,9 +725,10 @@ resource "aws_network_acl_rule" "public_outbound" {
ipv6_cidr_block = lookup(var.public_outbound_acl_rules[count.index], "ipv6_cidr_block", null) ipv6_cidr_block = lookup(var.public_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
####################### ################################################################################
# Private Network ACLs # Private Network ACLs
####################### ################################################################################
resource "aws_network_acl" "private" { resource "aws_network_acl" "private" {
count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? 1 : 0 count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? 1 : 0
...@@ -768,9 +778,10 @@ resource "aws_network_acl_rule" "private_outbound" { ...@@ -768,9 +778,10 @@ resource "aws_network_acl_rule" "private_outbound" {
ipv6_cidr_block = lookup(var.private_outbound_acl_rules[count.index], "ipv6_cidr_block", null) ipv6_cidr_block = lookup(var.private_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
####################### ################################################################################
# Outpost Network ACLs # Outpost Network ACLs
####################### ################################################################################
resource "aws_network_acl" "outpost" { resource "aws_network_acl" "outpost" {
count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? 1 : 0 count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? 1 : 0
...@@ -820,9 +831,10 @@ resource "aws_network_acl_rule" "outpost_outbound" { ...@@ -820,9 +831,10 @@ resource "aws_network_acl_rule" "outpost_outbound" {
ipv6_cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "ipv6_cidr_block", null) ipv6_cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
######################## ################################################################################
# Intra Network ACLs # Intra Network ACLs
######################## ################################################################################
resource "aws_network_acl" "intra" { resource "aws_network_acl" "intra" {
count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? 1 : 0 count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? 1 : 0
...@@ -872,9 +884,10 @@ resource "aws_network_acl_rule" "intra_outbound" { ...@@ -872,9 +884,10 @@ resource "aws_network_acl_rule" "intra_outbound" {
ipv6_cidr_block = lookup(var.intra_outbound_acl_rules[count.index], "ipv6_cidr_block", null) ipv6_cidr_block = lookup(var.intra_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
######################## ################################################################################
# Database Network ACLs # Database Network ACLs
######################## ################################################################################
resource "aws_network_acl" "database" { resource "aws_network_acl" "database" {
count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? 1 : 0 count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? 1 : 0
...@@ -924,9 +937,10 @@ resource "aws_network_acl_rule" "database_outbound" { ...@@ -924,9 +937,10 @@ resource "aws_network_acl_rule" "database_outbound" {
ipv6_cidr_block = lookup(var.database_outbound_acl_rules[count.index], "ipv6_cidr_block", null) ipv6_cidr_block = lookup(var.database_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
######################## ################################################################################
# Redshift Network ACLs # Redshift Network ACLs
######################## ################################################################################
resource "aws_network_acl" "redshift" { resource "aws_network_acl" "redshift" {
count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? 1 : 0 count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? 1 : 0
...@@ -976,9 +990,10 @@ resource "aws_network_acl_rule" "redshift_outbound" { ...@@ -976,9 +990,10 @@ resource "aws_network_acl_rule" "redshift_outbound" {
ipv6_cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "ipv6_cidr_block", null) ipv6_cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
########################### ################################################################################
# Elasticache Network ACLs # Elasticache Network ACLs
########################### ################################################################################
resource "aws_network_acl" "elasticache" { resource "aws_network_acl" "elasticache" {
count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? 1 : 0 count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? 1 : 0
...@@ -1028,9 +1043,10 @@ resource "aws_network_acl_rule" "elasticache_outbound" { ...@@ -1028,9 +1043,10 @@ resource "aws_network_acl_rule" "elasticache_outbound" {
ipv6_cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "ipv6_cidr_block", null) ipv6_cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
############## ################################################################################
# NAT Gateway # NAT Gateway
############## ################################################################################
# Workaround for interpolation not being able to "short-circuit" the evaluation of the conditional branch that doesn't end up being used # Workaround for interpolation not being able to "short-circuit" the evaluation of the conditional branch that doesn't end up being used
# Source: https://github.com/hashicorp/terraform/issues/11566#issuecomment-289417805 # Source: https://github.com/hashicorp/terraform/issues/11566#issuecomment-289417805
# #
...@@ -1111,9 +1127,10 @@ resource "aws_route" "private_ipv6_egress" { ...@@ -1111,9 +1127,10 @@ resource "aws_route" "private_ipv6_egress" {
egress_only_gateway_id = element(aws_egress_only_internet_gateway.this.*.id, 0) egress_only_gateway_id = element(aws_egress_only_internet_gateway.this.*.id, 0)
} }
########################## ################################################################################
# Route table association # Route table association
########################## ################################################################################
resource "aws_route_table_association" "private" { resource "aws_route_table_association" "private" {
count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0 count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0
...@@ -1191,9 +1208,10 @@ resource "aws_route_table_association" "public" { ...@@ -1191,9 +1208,10 @@ resource "aws_route_table_association" "public" {
route_table_id = aws_route_table.public[0].id route_table_id = aws_route_table.public[0].id
} }
#################### ################################################################################
# Customer Gateways # Customer Gateways
#################### ################################################################################
resource "aws_customer_gateway" "this" { resource "aws_customer_gateway" "this" {
for_each = var.customer_gateways for_each = var.customer_gateways
...@@ -1210,9 +1228,10 @@ resource "aws_customer_gateway" "this" { ...@@ -1210,9 +1228,10 @@ resource "aws_customer_gateway" "this" {
) )
} }
############## ################################################################################
# VPN Gateway # VPN Gateway
############## ################################################################################
resource "aws_vpn_gateway" "this" { resource "aws_vpn_gateway" "this" {
count = var.create_vpc && var.enable_vpn_gateway ? 1 : 0 count = var.create_vpc && var.enable_vpn_gateway ? 1 : 0
...@@ -1275,9 +1294,10 @@ resource "aws_vpn_gateway_route_propagation" "intra" { ...@@ -1275,9 +1294,10 @@ resource "aws_vpn_gateway_route_propagation" "intra" {
) )
} }
########### ################################################################################
# Defaults # Defaults
########### ################################################################################
resource "aws_default_vpc" "this" { resource "aws_default_vpc" "this" {
count = var.manage_default_vpc ? 1 : 0 count = var.manage_default_vpc ? 1 : 0
...@@ -1293,4 +1313,3 @@ resource "aws_default_vpc" "this" { ...@@ -1293,4 +1313,3 @@ resource "aws_default_vpc" "this" {
var.default_vpc_tags, var.default_vpc_tags,
) )
} }
modules/vpc-endpoints/README.md 0 → 100644
View file @ a98422ba
# AWS VPC Endpoints Terraform sub-module
Terraform sub-module which creates VPC endpoint resources on AWS.
## Usage
See [`examples`](../../examples) directory for working examples to reference:
```hcl
module "endpoints" {
source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
vpc_id = "vpc-12345678"
security_group_ids = ["sg-12345678"]
endpoints = {
s3 = {
# interface endpoint
service = "s3"
private_dns_enabled = true
tags = { Name = "s3-vpc-endpoint" }
},
dynamodb = {
# gateway endpoint
service = "dynamodb"
route_table_ids = ["rt-12322456", "rt-43433343", "rt-11223344"]
tags = { Name = "dynamodb-vpc-endpoint" }
},
sns = {
service = "sns"
subnet_ids = ["subnet-12345678", "subnet-87654321"]
tags = { Name = "sns-vpc-endpoint" }
},
sqs = {
service = "sqs"
private_dns_enabled = true
security_group_ids = ["sg-987654321"]
subnet_ids = ["subnet-12345678", "subnet-87654321"]
tags = { Name = "sqs-vpc-endpoint" }
},
}
tags = {
Owner = "user"
Environment = "dev"
}
}
```
## Examples
- [Complete-VPC](../../examples/complete-vpc) with VPC Endpoints.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.15 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.15 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_vpc_endpoint.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |
| [aws_vpc_endpoint_service.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_create"></a> [create](#input\_create) | Determines whether resources will be created | `bool` | `true` | no |
| <a name="input_endpoints"></a> [endpoints](#input\_endpoints) | A map of interface and/or gateway endpoints containing their properties and configurations | `any` | `{}` | no |
| <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | Default security group IDs to associate with the VPC endpoints | `list(string)` | `[]` | no |
| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | Default subnets IDs to associate with the VPC endpoints | `list(string)` | `[]` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to use on all resources | `map(string)` | `{}` | no |
| <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting VPC endpoint resources | `map(string)` | `{}` | no |
| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which the endpoint will be used | `string` | `null` | no |
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_endpoints"></a> [endpoints](#output\_endpoints) | Array containing the full resource object and attributes for all endpoints created |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
modules/vpc-endpoints/main.tf 0 → 100644
View file @ a98422ba
locals {
endpoints = var.create ? var.endpoints : tomap({})
}
################################################################################
# Endpoint(s)
################################################################################
data "aws_vpc_endpoint_service" "this" {
for_each = local.endpoints
service = lookup(each.value, "service", null)
service_name = lookup(each.value, "service_name", null)
filter {
name = "service-type"
values = [lookup(each.value, "service_type", "Interface")]
}
}
resource "aws_vpc_endpoint" "this" {
for_each = local.endpoints
vpc_id = var.vpc_id
service_name = data.aws_vpc_endpoint_service.this[each.key].service_name
vpc_endpoint_type = lookup(each.value, "service_type", "Interface")
auto_accept = lookup(each.value, "auto_accept", null)
security_group_ids = lookup(each.value, "service_type", "Interface") == "Interface" ? distinct(concat(var.security_group_ids, lookup(each.value, "security_group_ids", []))) : null
subnet_ids = lookup(each.value, "service_type", "Interface") == "Interface" ? distinct(concat(var.subnet_ids, lookup(each.value, "subnet_ids", []))) : null
route_table_ids = lookup(each.value, "service_type", "Interface") == "Gateway" ? lookup(each.value, "route_table_ids", null) : null
policy = lookup(each.value, "policy", null)
private_dns_enabled = lookup(each.value, "service_type", "Interface") == "Interface" ? lookup(each.value, "private_dns_enabled", null) : null
tags = merge(var.tags, lookup(each.value, "tags", {}))
timeouts {
create = lookup(var.timeouts, "create", "10m")
update = lookup(var.timeouts, "update", "10m")
delete = lookup(var.timeouts, "delete", "10m")
}
}
modules/vpc-endpoints/outputs.tf 0 → 100644
View file @ a98422ba
output "endpoints" {
description = "Array containing the full resource object and attributes for all endpoints created"
value = aws_vpc_endpoint.this
}
modules/vpc-endpoints/variables.tf 0 → 100644
View file @ a98422ba
variable "create" {
description = "Determines whether resources will be created"
type = bool
default = true
}
variable "vpc_id" {
description = "The ID of the VPC in which the endpoint will be used"
type = string
default = null
}
variable "endpoints" {
description = "A map of interface and/or gateway endpoints containing their properties and configurations"
type = any
default = {}
}
variable "security_group_ids" {
description = "Default security group IDs to associate with the VPC endpoints"
type = list(string)
default = []
}
variable "subnet_ids" {
description = "Default subnets IDs to associate with the VPC endpoints"
type = list(string)
default = []
}
variable "tags" {
description = "A map of tags to use on all resources"
type = map(string)
default = {}
}
variable "timeouts" {
description = "Define maximum timeout for creating, updating, and deleting VPC endpoint resources"
type = map(string)
default = {}
}
examples/issue-44-asymmetric-private-subnets/versions.tf modules/vpc-endpoints/versions.tf
View file @ a98422ba
terraform { terraform {
required_version = ">= 0.12.21" required_version = ">= 0.12.26"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = ">= 2.70" version = ">= 3.15"
} }
} }
} }
outputs.tf
View file @ a98422ba
...@@ -380,11 +380,7 @@ output "this_customer_gateway" { ...@@ -380,11 +380,7 @@ output "this_customer_gateway" {
output "vgw_id" { output "vgw_id" {
description = "The ID of the VPN Gateway" description = "The ID of the VPN Gateway"
value = concat( value = concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id, [""])[0]
aws_vpn_gateway.this.*.id,
aws_vpn_gateway_attachment.this.*.vpn_gateway_id,
[""],
)[0]
} }
output "vgw_arn" { output "vgw_arn" {
...@@ -512,966 +508,6 @@ output "elasticache_network_acl_arn" { ...@@ -512,966 +508,6 @@ output "elasticache_network_acl_arn" {
value = concat(aws_network_acl.elasticache.*.arn, [""])[0] value = concat(aws_network_acl.elasticache.*.arn, [""])[0]
} }
# VPC Endpoints
output "vpc_endpoint_s3_id" {
description = "The ID of VPC endpoint for S3"
value = concat(aws_vpc_endpoint.s3.*.id, [""])[0]
}
output "vpc_endpoint_s3_pl_id" {
description = "The prefix list for the S3 VPC endpoint."
value = concat(aws_vpc_endpoint.s3.*.prefix_list_id, [""])[0]
}
output "vpc_endpoint_dynamodb_id" {
description = "The ID of VPC endpoint for DynamoDB"
value = concat(aws_vpc_endpoint.dynamodb.*.id, [""])[0]
}
output "vpc_endpoint_dynamodb_pl_id" {
description = "The prefix list for the DynamoDB VPC endpoint."
value = concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, [""])[0]
}
output "vpc_endpoint_sqs_id" {
description = "The ID of VPC endpoint for SQS"
value = concat(aws_vpc_endpoint.sqs.*.id, [""])[0]
}
output "vpc_endpoint_sqs_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SQS."
value = flatten(aws_vpc_endpoint.sqs.*.network_interface_ids)
}
output "vpc_endpoint_sqs_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SQS."
value = flatten(aws_vpc_endpoint.sqs.*.dns_entry)
}
output "vpc_endpoint_lambda_id" {
description = "The ID of VPC endpoint for Lambda"
value = concat(aws_vpc_endpoint.lambda.*.id, [""])[0]
}
output "vpc_endpoint_lambda_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Lambda."
value = flatten(aws_vpc_endpoint.lambda.*.network_interface_ids)
}
output "vpc_endpoint_lambda_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Lambda."
value = flatten(aws_vpc_endpoint.lambda.*.dns_entry)
}
output "vpc_endpoint_codebuild_id" {
description = "The ID of VPC endpoint for codebuild"
value = concat(aws_vpc_endpoint.codebuild.*.id, [""])[0]
}
output "vpc_endpoint_codebuild_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for codebuild."
value = flatten(aws_vpc_endpoint.codebuild.*.network_interface_ids)
}
output "vpc_endpoint_codebuild_dns_entry" {
description = "The DNS entries for the VPC Endpoint for codebuild."
value = flatten(aws_vpc_endpoint.codebuild.*.dns_entry)
}
output "vpc_endpoint_codecommit_id" {
description = "The ID of VPC endpoint for codecommit"
value = concat(aws_vpc_endpoint.codecommit.*.id, [""])[0]
}
output "vpc_endpoint_codecommit_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for codecommit."
value = flatten(aws_vpc_endpoint.codecommit.*.network_interface_ids)
}
output "vpc_endpoint_codecommit_dns_entry" {
description = "The DNS entries for the VPC Endpoint for codecommit."
value = flatten(aws_vpc_endpoint.codecommit.*.dns_entry)
}
output "vpc_endpoint_git_codecommit_id" {
description = "The ID of VPC endpoint for git_codecommit"
value = concat(aws_vpc_endpoint.git_codecommit.*.id, [""])[0]
}
output "vpc_endpoint_git_codecommit_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for git_codecommit."
value = flatten(aws_vpc_endpoint.git_codecommit.*.network_interface_ids)
}
output "vpc_endpoint_git_codecommit_dns_entry" {
description = "The DNS entries for the VPC Endpoint for git_codecommit."
value = flatten(aws_vpc_endpoint.git_codecommit.*.dns_entry)
}
output "vpc_endpoint_config_id" {
description = "The ID of VPC endpoint for config"
value = concat(aws_vpc_endpoint.config.*.id, [""])[0]
}
output "vpc_endpoint_config_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for config."
value = flatten(aws_vpc_endpoint.config.*.network_interface_ids)
}
output "vpc_endpoint_config_dns_entry" {
description = "The DNS entries for the VPC Endpoint for config."
value = flatten(aws_vpc_endpoint.config.*.dns_entry)
}
output "vpc_endpoint_secretsmanager_id" {
description = "The ID of VPC endpoint for secretsmanager"
value = concat(aws_vpc_endpoint.secretsmanager.*.id, [""])[0]
}
output "vpc_endpoint_secretsmanager_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for secretsmanager."
value = flatten(aws_vpc_endpoint.secretsmanager.*.network_interface_ids)
}
output "vpc_endpoint_secretsmanager_dns_entry" {
description = "The DNS entries for the VPC Endpoint for secretsmanager."
value = flatten(aws_vpc_endpoint.secretsmanager.*.dns_entry)
}
output "vpc_endpoint_ssm_id" {
description = "The ID of VPC endpoint for SSM"
value = concat(aws_vpc_endpoint.ssm.*.id, [""])[0]
}
output "vpc_endpoint_ssm_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SSM."
value = flatten(aws_vpc_endpoint.ssm.*.network_interface_ids)
}
output "vpc_endpoint_ssm_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SSM."
value = flatten(aws_vpc_endpoint.ssm.*.dns_entry)
}
output "vpc_endpoint_ssmmessages_id" {
description = "The ID of VPC endpoint for SSMMESSAGES"
value = concat(aws_vpc_endpoint.ssmmessages.*.id, [""])[0]
}
output "vpc_endpoint_ssmmessages_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SSMMESSAGES."
value = flatten(aws_vpc_endpoint.ssmmessages.*.network_interface_ids)
}
output "vpc_endpoint_ssmmessages_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SSMMESSAGES."
value = flatten(aws_vpc_endpoint.ssmmessages.*.dns_entry)
}
output "vpc_endpoint_ec2_id" {
description = "The ID of VPC endpoint for EC2"
value = concat(aws_vpc_endpoint.ec2.*.id, [""])[0]
}
output "vpc_endpoint_ec2_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for EC2"
value = flatten(aws_vpc_endpoint.ec2.*.network_interface_ids)
}
output "vpc_endpoint_ec2_dns_entry" {
description = "The DNS entries for the VPC Endpoint for EC2."
value = flatten(aws_vpc_endpoint.ec2.*.dns_entry)
}
output "vpc_endpoint_ec2messages_id" {
description = "The ID of VPC endpoint for EC2MESSAGES"
value = concat(aws_vpc_endpoint.ec2messages.*.id, [""])[0]
}
output "vpc_endpoint_ec2messages_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for EC2MESSAGES"
value = flatten(aws_vpc_endpoint.ec2messages.*.network_interface_ids)
}
output "vpc_endpoint_ec2messages_dns_entry" {
description = "The DNS entries for the VPC Endpoint for EC2MESSAGES."
value = flatten(aws_vpc_endpoint.ec2messages.*.dns_entry)
}
output "vpc_endpoint_ec2_autoscaling_id" {
description = "The ID of VPC endpoint for EC2 Autoscaling"
value = concat(aws_vpc_endpoint.ec2_autoscaling.*.id, [""])[0]
}
output "vpc_endpoint_ec2_autoscaling_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for EC2 Autoscaling"
value = flatten(aws_vpc_endpoint.ec2_autoscaling.*.network_interface_ids)
}
output "vpc_endpoint_ec2_autoscaling_dns_entry" {
description = "The DNS entries for the VPC Endpoint for EC2 Autoscaling."
value = flatten(aws_vpc_endpoint.ec2_autoscaling.*.dns_entry)
}
output "vpc_endpoint_transferserver_id" {
description = "The ID of VPC endpoint for transferserver"
value = concat(aws_vpc_endpoint.transferserver.*.id, [""])[0]
}
output "vpc_endpoint_transferserver_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for transferserver"
value = flatten(aws_vpc_endpoint.transferserver.*.network_interface_ids)
}
output "vpc_endpoint_transferserver_dns_entry" {
description = "The DNS entries for the VPC Endpoint for transferserver."
value = flatten(aws_vpc_endpoint.transferserver.*.dns_entry)
}
output "vpc_endpoint_glue_id" {
description = "The ID of VPC endpoint for Glue"
value = concat(aws_vpc_endpoint.glue.*.id, [""])[0]
}
output "vpc_endpoint_glue_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Glue."
value = flatten(aws_vpc_endpoint.glue.*.network_interface_ids)
}
output "vpc_endpoint_glue_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Glue."
value = flatten(aws_vpc_endpoint.glue.*.dns_entry)
}
output "vpc_endpoint_kms_id" {
description = "The ID of VPC endpoint for KMS"
value = concat(aws_vpc_endpoint.kms.*.id, [""])[0]
}
output "vpc_endpoint_kms_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for KMS."
value = flatten(aws_vpc_endpoint.kms.*.network_interface_ids)
}
output "vpc_endpoint_kms_dns_entry" {
description = "The DNS entries for the VPC Endpoint for KMS."
value = flatten(aws_vpc_endpoint.kms.*.dns_entry)
}
output "vpc_endpoint_kinesis_firehose_id" {
description = "The ID of VPC endpoint for Kinesis Firehose"
value = concat(aws_vpc_endpoint.kinesis_firehose.*.id, [""])[0]
}
output "vpc_endpoint_kinesis_firehose_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Kinesis Firehose."
value = flatten(aws_vpc_endpoint.kinesis_firehose.*.network_interface_ids)
}
output "vpc_endpoint_kinesis_firehose_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Kinesis Firehose."
value = flatten(aws_vpc_endpoint.kinesis_firehose.*.dns_entry)
}
output "vpc_endpoint_kinesis_streams_id" {
description = "The ID of VPC endpoint for Kinesis Streams"
value = concat(aws_vpc_endpoint.kinesis_streams.*.id, [""])[0]
}
output "vpc_endpoint_kinesis_streams_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Kinesis Streams."
value = flatten(aws_vpc_endpoint.kinesis_streams.*.network_interface_ids)
}
output "vpc_endpoint_kinesis_streams_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Kinesis Streams."
value = flatten(aws_vpc_endpoint.kinesis_streams.*.dns_entry)
}
output "vpc_endpoint_ecr_api_id" {
description = "The ID of VPC endpoint for ECR API"
value = concat(aws_vpc_endpoint.ecr_api.*.id, [""])[0]
}
output "vpc_endpoint_ecr_api_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECR API."
value = flatten(aws_vpc_endpoint.ecr_api.*.network_interface_ids)
}
output "vpc_endpoint_ecr_api_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECR API."
value = flatten(aws_vpc_endpoint.ecr_api.*.dns_entry)
}
output "vpc_endpoint_ecr_dkr_id" {
description = "The ID of VPC endpoint for ECR DKR"
value = concat(aws_vpc_endpoint.ecr_dkr.*.id, [""])[0]
}
output "vpc_endpoint_ecr_dkr_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECR DKR."
value = flatten(aws_vpc_endpoint.ecr_dkr.*.network_interface_ids)
}
output "vpc_endpoint_ecr_dkr_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECR DKR."
value = flatten(aws_vpc_endpoint.ecr_dkr.*.dns_entry)
}
output "vpc_endpoint_apigw_id" {
description = "The ID of VPC endpoint for APIGW"
value = concat(aws_vpc_endpoint.apigw.*.id, [""])[0]
}
output "vpc_endpoint_apigw_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for APIGW."
value = flatten(aws_vpc_endpoint.apigw.*.network_interface_ids)
}
output "vpc_endpoint_apigw_dns_entry" {
description = "The DNS entries for the VPC Endpoint for APIGW."
value = flatten(aws_vpc_endpoint.apigw.*.dns_entry)
}
output "vpc_endpoint_ecs_id" {
description = "The ID of VPC endpoint for ECS"
value = concat(aws_vpc_endpoint.ecs.*.id, [""])[0]
}
output "vpc_endpoint_ecs_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECS."
value = flatten(aws_vpc_endpoint.ecs.*.network_interface_ids)
}
output "vpc_endpoint_ecs_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECS."
value = flatten(aws_vpc_endpoint.ecs.*.dns_entry)
}
output "vpc_endpoint_ecs_agent_id" {
description = "The ID of VPC endpoint for ECS Agent"
value = concat(aws_vpc_endpoint.ecs_agent.*.id, [""])[0]
}
output "vpc_endpoint_ecs_agent_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECS Agent."
value = flatten(aws_vpc_endpoint.ecs_agent.*.network_interface_ids)
}
output "vpc_endpoint_ecs_agent_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECS Agent."
value = flatten(aws_vpc_endpoint.ecs_agent.*.dns_entry)
}
output "vpc_endpoint_ecs_telemetry_id" {
description = "The ID of VPC endpoint for ECS Telemetry"
value = concat(aws_vpc_endpoint.ecs_telemetry.*.id, [""])[0]
}
output "vpc_endpoint_ecs_telemetry_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECS Telemetry."
value = flatten(aws_vpc_endpoint.ecs_telemetry.*.network_interface_ids)
}
output "vpc_endpoint_ecs_telemetry_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECS Telemetry."
value = flatten(aws_vpc_endpoint.ecs_telemetry.*.dns_entry)
}
output "vpc_endpoint_sns_id" {
description = "The ID of VPC endpoint for SNS"
value = concat(aws_vpc_endpoint.sns.*.id, [""])[0]
}
output "vpc_endpoint_sns_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SNS."
value = flatten(aws_vpc_endpoint.sns.*.network_interface_ids)
}
output "vpc_endpoint_sns_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SNS."
value = flatten(aws_vpc_endpoint.sns.*.dns_entry)
}
output "vpc_endpoint_monitoring_id" {
description = "The ID of VPC endpoint for CloudWatch Monitoring"
value = concat(aws_vpc_endpoint.monitoring.*.id, [""])[0]
}
output "vpc_endpoint_monitoring_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for CloudWatch Monitoring."
value = flatten(aws_vpc_endpoint.monitoring.*.network_interface_ids)
}
output "vpc_endpoint_monitoring_dns_entry" {
description = "The DNS entries for the VPC Endpoint for CloudWatch Monitoring."
value = flatten(aws_vpc_endpoint.monitoring.*.dns_entry)
}
output "vpc_endpoint_logs_id" {
description = "The ID of VPC endpoint for CloudWatch Logs"
value = concat(aws_vpc_endpoint.logs.*.id, [""])[0]
}
output "vpc_endpoint_logs_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for CloudWatch Logs."
value = flatten(aws_vpc_endpoint.logs.*.network_interface_ids)
}
output "vpc_endpoint_logs_dns_entry" {
description = "The DNS entries for the VPC Endpoint for CloudWatch Logs."
value = flatten(aws_vpc_endpoint.logs.*.dns_entry)
}
output "vpc_endpoint_events_id" {
description = "The ID of VPC endpoint for CloudWatch Events"
value = concat(aws_vpc_endpoint.events.*.id, [""])[0]
}
output "vpc_endpoint_events_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for CloudWatch Events."
value = flatten(aws_vpc_endpoint.events.*.network_interface_ids)
}
output "vpc_endpoint_events_dns_entry" {
description = "The DNS entries for the VPC Endpoint for CloudWatch Events."
value = flatten(aws_vpc_endpoint.events.*.dns_entry)
}
output "vpc_endpoint_elasticloadbalancing_id" {
description = "The ID of VPC endpoint for Elastic Load Balancing"
value = concat(aws_vpc_endpoint.elasticloadbalancing.*.id, [""])[0]
}
output "vpc_endpoint_elasticloadbalancing_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Elastic Load Balancing."
value = flatten(aws_vpc_endpoint.elasticloadbalancing.*.network_interface_ids)
}
output "vpc_endpoint_elasticloadbalancing_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Elastic Load Balancing."
value = flatten(aws_vpc_endpoint.elasticloadbalancing.*.dns_entry)
}
output "vpc_endpoint_cloudtrail_id" {
description = "The ID of VPC endpoint for CloudTrail"
value = concat(aws_vpc_endpoint.cloudtrail.*.id, [""])[0]
}
output "vpc_endpoint_cloudtrail_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for CloudTrail."
value = flatten(aws_vpc_endpoint.cloudtrail.*.network_interface_ids)
}
output "vpc_endpoint_cloudtrail_dns_entry" {
description = "The DNS entries for the VPC Endpoint for CloudTrail."
value = flatten(aws_vpc_endpoint.cloudtrail.*.dns_entry)
}
output "vpc_endpoint_sts_id" {
description = "The ID of VPC endpoint for STS"
value = concat(aws_vpc_endpoint.sts.*.id, [""])[0]
}
output "vpc_endpoint_sts_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for STS."
value = flatten(aws_vpc_endpoint.sts.*.network_interface_ids)
}
output "vpc_endpoint_sts_dns_entry" {
description = "The DNS entries for the VPC Endpoint for STS."
value = flatten(aws_vpc_endpoint.sts.*.dns_entry)
}
output "vpc_endpoint_cloudformation_id" {
description = "The ID of VPC endpoint for Cloudformation"
value = concat(aws_vpc_endpoint.cloudformation.*.id, [""])[0]
}
output "vpc_endpoint_cloudformation_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Cloudformation."
value = flatten(aws_vpc_endpoint.cloudformation.*.network_interface_ids)
}
output "vpc_endpoint_cloudformation_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Cloudformation."
value = flatten(aws_vpc_endpoint.cloudformation.*.dns_entry)
}
output "vpc_endpoint_codepipeline_id" {
description = "The ID of VPC endpoint for CodePipeline"
value = concat(aws_vpc_endpoint.codepipeline.*.id, [""])[0]
}
output "vpc_endpoint_codepipeline_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for CodePipeline."
value = flatten(aws_vpc_endpoint.codepipeline.*.network_interface_ids)
}
output "vpc_endpoint_codepipeline_dns_entry" {
description = "The DNS entries for the VPC Endpoint for CodePipeline."
value = flatten(aws_vpc_endpoint.codepipeline.*.dns_entry)
}
output "vpc_endpoint_appmesh_envoy_management_id" {
description = "The ID of VPC endpoint for AppMesh"
value = concat(aws_vpc_endpoint.appmesh_envoy_management.*.id, [""])[0]
}
output "vpc_endpoint_appmesh_envoy_management_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for AppMesh."
value = flatten(aws_vpc_endpoint.appmesh_envoy_management.*.network_interface_ids)
}
output "vpc_endpoint_appmesh_envoy_management_dns_entry" {
description = "The DNS entries for the VPC Endpoint for AppMesh."
value = flatten(aws_vpc_endpoint.appmesh_envoy_management.*.dns_entry)
}
output "vpc_endpoint_servicecatalog_id" {
description = "The ID of VPC endpoint for Service Catalog"
value = concat(aws_vpc_endpoint.servicecatalog.*.id, [""])[0]
}
output "vpc_endpoint_servicecatalog_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Service Catalog."
value = flatten(aws_vpc_endpoint.servicecatalog.*.network_interface_ids)
}
output "vpc_endpoint_servicecatalog_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Service Catalog."
value = flatten(aws_vpc_endpoint.servicecatalog.*.dns_entry)
}
output "vpc_endpoint_storagegateway_id" {
description = "The ID of VPC endpoint for Storage Gateway"
value = concat(aws_vpc_endpoint.storagegateway.*.id, [""])[0]
}
output "vpc_endpoint_storagegateway_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Storage Gateway."
value = flatten(aws_vpc_endpoint.storagegateway.*.network_interface_ids)
}
output "vpc_endpoint_storagegateway_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Storage Gateway."
value = flatten(aws_vpc_endpoint.storagegateway.*.dns_entry)
}
output "vpc_endpoint_transfer_id" {
description = "The ID of VPC endpoint for Transfer"
value = concat(aws_vpc_endpoint.transfer.*.id, [""])[0]
}
output "vpc_endpoint_transfer_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Transfer."
value = flatten(aws_vpc_endpoint.transfer.*.network_interface_ids)
}
output "vpc_endpoint_transfer_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Transfer."
value = flatten(aws_vpc_endpoint.transfer.*.dns_entry)
}
output "vpc_endpoint_sagemaker_api_id" {
description = "The ID of VPC endpoint for SageMaker API"
value = concat(aws_vpc_endpoint.sagemaker_api.*.id, [""])[0]
}
output "vpc_endpoint_sagemaker_api_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SageMaker API."
value = flatten(aws_vpc_endpoint.sagemaker_api.*.network_interface_ids)
}
output "vpc_endpoint_sagemaker_api_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SageMaker API."
value = flatten(aws_vpc_endpoint.sagemaker_api.*.dns_entry)
}
output "vpc_endpoint_sagemaker_runtime_id" {
description = "The ID of VPC endpoint for SageMaker Runtime"
value = concat(aws_vpc_endpoint.sagemaker_runtime.*.id, [""])[0]
}
output "vpc_endpoint_sagemaker_runtime_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SageMaker Runtime."
value = flatten(aws_vpc_endpoint.sagemaker_runtime.*.network_interface_ids)
}
output "vpc_endpoint_sagemaker_runtime_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SageMaker Runtime."
value = flatten(aws_vpc_endpoint.sagemaker_runtime.*.dns_entry)
}
output "vpc_endpoint_appstream_api_id" {
description = "The ID of VPC endpoint for AppStream API"
value = concat(aws_vpc_endpoint.appstream_api.*.id, [""])[0]
}
output "vpc_endpoint_appstream_api_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for AppStream API."
value = flatten(aws_vpc_endpoint.appstream_api.*.network_interface_ids)
}
output "vpc_endpoint_appstream_api_dns_entry" {
description = "The DNS entries for the VPC Endpoint for AppStream API."
value = flatten(aws_vpc_endpoint.appstream_api.*.dns_entry)
}
output "vpc_endpoint_appstream_streaming_id" {
description = "The ID of VPC endpoint for AppStream Streaming"
value = concat(aws_vpc_endpoint.appstream_streaming.*.id, [""])[0]
}
output "vpc_endpoint_appstream_streaming_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for AppStream Streaming."
value = flatten(aws_vpc_endpoint.appstream_streaming.*.network_interface_ids)
}
output "vpc_endpoint_appstream_streaming_dns_entry" {
description = "The DNS entries for the VPC Endpoint for AppStream Streaming."
value = flatten(aws_vpc_endpoint.appstream_streaming.*.dns_entry)
}
output "vpc_endpoint_athena_id" {
description = "The ID of VPC endpoint for Athena"
value = concat(aws_vpc_endpoint.athena.*.id, [""])[0]
}
output "vpc_endpoint_athena_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Athena."
value = flatten(aws_vpc_endpoint.athena.*.network_interface_ids)
}
output "vpc_endpoint_athena_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Athena."
value = flatten(aws_vpc_endpoint.athena.*.dns_entry)
}
output "vpc_endpoint_rekognition_id" {
description = "The ID of VPC endpoint for Rekognition"
value = concat(aws_vpc_endpoint.rekognition.*.id, [""])[0]
}
output "vpc_endpoint_rekognition_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Rekognition."
value = flatten(aws_vpc_endpoint.rekognition.*.network_interface_ids)
}
output "vpc_endpoint_rekognition_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Rekognition."
value = flatten(aws_vpc_endpoint.rekognition.*.dns_entry)
}
output "vpc_endpoint_efs_id" {
description = "The ID of VPC endpoint for EFS"
value = concat(aws_vpc_endpoint.efs.*.id, [""])[0]
}
output "vpc_endpoint_efs_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for EFS."
value = flatten(aws_vpc_endpoint.efs.*.network_interface_ids)
}
output "vpc_endpoint_efs_dns_entry" {
description = "The DNS entries for the VPC Endpoint for EFS."
value = flatten(aws_vpc_endpoint.efs.*.dns_entry)
}
output "vpc_endpoint_cloud_directory_id" {
description = "The ID of VPC endpoint for Cloud Directory"
value = concat(aws_vpc_endpoint.cloud_directory.*.id, [""])[0]
}
output "vpc_endpoint_cloud_directory_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Cloud Directory."
value = flatten(aws_vpc_endpoint.cloud_directory.*.network_interface_ids)
}
output "vpc_endpoint_cloud_directory_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Cloud Directory."
value = flatten(aws_vpc_endpoint.cloud_directory.*.dns_entry)
}
output "vpc_endpoint_elasticmapreduce_id" {
description = "The ID of VPC endpoint for EMR"
value = concat(aws_vpc_endpoint.emr.*.id, [""])[0]
}
output "vpc_endpoint_elasticmapreduce_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for EMR."
value = flatten(aws_vpc_endpoint.emr.*.network_interface_ids)
}
output "vpc_endpoint_elasticmapreduce_dns_entry" {
description = "The DNS entries for the VPC Endpoint for EMR."
value = flatten(aws_vpc_endpoint.emr.*.dns_entry)
}
output "vpc_endpoint_sms_id" {
description = "The ID of VPC endpoint for SMS"
value = concat(aws_vpc_endpoint.sms.*.id, [""])[0]
}
output "vpc_endpoint_sms_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SMS."
value = flatten(aws_vpc_endpoint.sms.*.network_interface_ids)
}
output "vpc_endpoint_sms_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SMS."
value = flatten(aws_vpc_endpoint.sms.*.dns_entry)
}
output "vpc_endpoint_states_id" {
description = "The ID of VPC endpoint for Step Function"
value = concat(aws_vpc_endpoint.states.*.id, [""])[0]
}
output "vpc_endpoint_states_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Step Function."
value = flatten(aws_vpc_endpoint.states.*.network_interface_ids)
}
output "vpc_endpoint_states_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Step Function."
value = flatten(aws_vpc_endpoint.states.*.dns_entry)
}
output "vpc_endpoint_elastic_inference_runtime_id" {
description = "The ID of VPC endpoint for Elastic Inference Runtime"
value = concat(aws_vpc_endpoint.elastic_inference_runtime.*.id, [""])[0]
}
output "vpc_endpoint_elastic_inference_runtime_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Elastic Inference Runtime."
value = flatten(aws_vpc_endpoint.elastic_inference_runtime.*.network_interface_ids)
}
output "vpc_endpoint_elastic_inference_runtime_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Elastic Inference Runtime."
value = flatten(aws_vpc_endpoint.elastic_inference_runtime.*.dns_entry)
}
output "vpc_endpoint_elasticbeanstalk_id" {
description = "The ID of VPC endpoint for Elastic Beanstalk"
value = concat(aws_vpc_endpoint.elasticbeanstalk.*.id, [""])[0]
}
output "vpc_endpoint_elasticbeanstalk_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Elastic Beanstalk."
value = flatten(aws_vpc_endpoint.elasticbeanstalk.*.network_interface_ids)
}
output "vpc_endpoint_elasticbeanstalk_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Elastic Beanstalk."
value = flatten(aws_vpc_endpoint.elasticbeanstalk.*.dns_entry)
}
output "vpc_endpoint_elasticbeanstalk_health_id" {
description = "The ID of VPC endpoint for Elastic Beanstalk Health"
value = concat(aws_vpc_endpoint.elasticbeanstalk_health.*.id, [""])[0]
}
output "vpc_endpoint_elasticbeanstalk_health_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Elastic Beanstalk Health."
value = flatten(aws_vpc_endpoint.elasticbeanstalk_health.*.network_interface_ids)
}
output "vpc_endpoint_elasticbeanstalk_health_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Elastic Beanstalk Health."
value = flatten(aws_vpc_endpoint.elasticbeanstalk_health.*.dns_entry)
}
output "vpc_endpoint_workspaces_id" {
description = "The ID of VPC endpoint for Workspaces"
value = concat(aws_vpc_endpoint.workspaces.*.id, [""])[0]
}
output "vpc_endpoint_workspaces_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Workspaces."
value = flatten(aws_vpc_endpoint.workspaces.*.network_interface_ids)
}
output "vpc_endpoint_workspaces_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Workspaces."
value = flatten(aws_vpc_endpoint.workspaces.*.dns_entry)
}
output "vpc_endpoint_auto_scaling_plans_id" {
description = "The ID of VPC endpoint for Auto Scaling Plans"
value = concat(aws_vpc_endpoint.auto_scaling_plans.*.id, [""])[0]
}
output "vpc_endpoint_auto_scaling_plans_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Auto Scaling Plans."
value = flatten(aws_vpc_endpoint.auto_scaling_plans.*.network_interface_ids)
}
output "vpc_endpoint_auto_scaling_plans_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Auto Scaling Plans."
value = flatten(aws_vpc_endpoint.auto_scaling_plans.*.dns_entry)
}
output "vpc_endpoint_ebs_id" {
description = "The ID of VPC endpoint for EBS"
value = concat(aws_vpc_endpoint.ebs.*.id, [""])[0]
}
output "vpc_endpoint_ebs_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for EBS."
value = flatten(aws_vpc_endpoint.ebs.*.network_interface_ids)
}
output "vpc_endpoint_ebs_dns_entry" {
description = "The DNS entries for the VPC Endpoint for EBS."
value = flatten(aws_vpc_endpoint.ebs.*.dns_entry)
}
output "vpc_endpoint_qldb_session_id" {
description = "The ID of VPC endpoint for QLDB Session"
value = concat(aws_vpc_endpoint.qldb_session.*.id, [""])[0]
}
output "vpc_endpoint_qldb_session_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for QLDB Session."
value = flatten(aws_vpc_endpoint.qldb_session.*.network_interface_ids)
}
output "vpc_endpoint_qldb_session_dns_entry" {
description = "The DNS entries for the VPC Endpoint for QLDB Session."
value = flatten(aws_vpc_endpoint.qldb_session.*.dns_entry)
}
output "vpc_endpoint_datasync_id" {
description = "The ID of VPC endpoint for DataSync"
value = concat(aws_vpc_endpoint.datasync.*.id, [""])[0]
}
output "vpc_endpoint_datasync_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for DataSync."
value = flatten(aws_vpc_endpoint.datasync.*.network_interface_ids)
}
output "vpc_endpoint_datasync_dns_entry" {
description = "The DNS entries for the VPC Endpoint for DataSync."
value = flatten(aws_vpc_endpoint.datasync.*.dns_entry)
}
output "vpc_endpoint_access_analyzer_id" {
description = "The ID of VPC endpoint for Access Analyzer"
value = concat(aws_vpc_endpoint.access_analyzer.*.id, [""])[0]
}
output "vpc_endpoint_access_analyzer_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Access Analyzer."
value = flatten(aws_vpc_endpoint.access_analyzer.*.network_interface_ids)
}
output "vpc_endpoint_access_analyzer_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Access Analyzer."
value = flatten(aws_vpc_endpoint.access_analyzer.*.dns_entry)
}
output "vpc_endpoint_acm_pca_id" {
description = "The ID of VPC endpoint for ACM PCA"
value = concat(aws_vpc_endpoint.acm_pca.*.id, [""])[0]
}
output "vpc_endpoint_acm_pca_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ACM PCA."
value = flatten(aws_vpc_endpoint.acm_pca.*.network_interface_ids)
}
output "vpc_endpoint_acm_pca_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ACM PCA."
value = flatten(aws_vpc_endpoint.acm_pca.*.dns_entry)
}
output "vpc_endpoint_ses_id" {
description = "The ID of VPC endpoint for SES"
value = concat(aws_vpc_endpoint.ses.*.id, [""])[0]
}
output "vpc_endpoint_ses_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SES."
value = flatten(aws_vpc_endpoint.ses.*.network_interface_ids)
}
output "vpc_endpoint_ses_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SES."
value = flatten(aws_vpc_endpoint.ses.*.dns_entry)
}
output "vpc_endpoint_textract_id" {
description = "The ID of VPC endpoint for Textract"
value = concat(aws_vpc_endpoint.textract.*.id, [""])[0]
}
output "vpc_endpoint_textract_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Textract."
value = flatten(aws_vpc_endpoint.textract.*.network_interface_ids)
}
output "vpc_endpoint_textract_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Textract."
value = flatten(aws_vpc_endpoint.textract.*.dns_entry)
}
output "vpc_endpoint_codeartifact_api_id" {
description = "The ID of VPC endpoint for Codeartifact API"
value = concat(aws_vpc_endpoint.codeartifact_api.*.id, [""])[0]
}
output "vpc_endpoint_codeartifact_api_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Codeartifact API."
value = flatten(aws_vpc_endpoint.codeartifact_api.*.network_interface_ids)
}
output "vpc_endpoint_codeartifact_api_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Codeartifact API."
value = flatten(aws_vpc_endpoint.codeartifact_api.*.dns_entry)
}
output "vpc_endpoint_codeartifact_repositories_id" {
description = "The ID of VPC endpoint for Codeartifact repositories"
value = concat(aws_vpc_endpoint.codeartifact_repositories.*.id, [""])[0]
}
output "vpc_endpoint_codeartifact_repositories_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for Codeartifact repositories."
value = flatten(aws_vpc_endpoint.codeartifact_repositories.*.network_interface_ids)
}
output "vpc_endpoint_codeartifact_repositories_dns_entry" {
description = "The DNS entries for the VPC Endpoint for Codeartifact repositories."
value = flatten(aws_vpc_endpoint.codeartifact_repositories.*.dns_entry)
}
output "vpc_endpoint_dms_id" {
description = "The ID of VPC endpoint for DMS"
value = concat(aws_vpc_endpoint.sns.*.id, [""])[0]
}
output "vpc_endpoint_dms_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for DMS."
value = flatten(aws_vpc_endpoint.sns.*.network_interface_ids)
}
output "vpc_endpoint_dms_dns_entry" {
description = "The DNS entries for the VPC Endpoint for DMS."
value = flatten(aws_vpc_endpoint.sns.*.dns_entry)
}
output "vpc_endpoint_rds_id" {
description = "The ID of VPC endpoint for RDS"
value = concat(aws_vpc_endpoint.rds.*.id, [""])[0]
}
output "vpc_endpoint_rds_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for RDS."
value = flatten(aws_vpc_endpoint.rds.*.network_interface_ids)
}
output "vpc_endpoint_rds_dns_entry" {
description = "The DNS entries for the VPC Endpoint for RDS."
value = flatten(aws_vpc_endpoint.rds.*.dns_entry)
}
# VPC flow log # VPC flow log
output "vpc_flow_log_id" { output "vpc_flow_log_id" {
description = "The ID of the Flow Log resource" description = "The ID of the Flow Log resource"
......
variables.tf
View file @ a98422ba
...@@ -328,1861 +328,6 @@ variable "external_nat_ips" { ...@@ -328,1861 +328,6 @@ variable "external_nat_ips" {
default = [] default = []
} }
variable "enable_public_s3_endpoint" {
description = "Whether to enable S3 VPC Endpoint for public subnets"
default = true
type = bool
}
variable "enable_dynamodb_endpoint" {
description = "Should be true if you want to provision a DynamoDB endpoint to the VPC"
type = bool
default = false
}
variable "dynamodb_endpoint_type" {
description = "DynamoDB VPC endpoint type. Note - DynamoDB Interface type support is not yet available"
type = string
default = "Gateway"
}
variable "dynamodb_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for DynamoDB interface endpoint"
type = list(string)
default = []
}
variable "dynamodb_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for DynamoDB interface endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "dynamodb_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for DynamoDB interface endpoint"
type = bool
default = false
}
variable "dynamodb_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "enable_s3_endpoint" {
description = "Should be true if you want to provision an S3 endpoint to the VPC"
type = bool
default = false
}
variable "s3_endpoint_type" {
description = "S3 VPC endpoint type. Note - S3 Interface type support is only available on AWS provider 3.10 and later"
type = string
default = "Gateway"
}
variable "s3_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for S3 interface endpoint"
type = list(string)
default = []
}
variable "s3_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for S3 interface endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "s3_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for S3 interface endpoint"
type = bool
default = false
}
variable "s3_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "enable_codeartifact_api_endpoint" {
description = "Should be true if you want to provision an Codeartifact API endpoint to the VPC"
type = bool
default = false
}
variable "codeartifact_api_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Codeartifact API endpoint"
type = list(string)
default = []
}
variable "codeartifact_api_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Codeartifact API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "codeartifact_api_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Codeartifact API endpoint"
type = bool
default = false
}
variable "enable_codeartifact_repositories_endpoint" {
description = "Should be true if you want to provision an Codeartifact repositories endpoint to the VPC"
type = bool
default = false
}
variable "codeartifact_repositories_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Codeartifact repositories endpoint"
type = list(string)
default = []
}
variable "codeartifact_repositories_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Codeartifact repositories endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "codeartifact_repositories_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Codeartifact repositories endpoint"
type = bool
default = false
}
variable "enable_codebuild_endpoint" {
description = "Should be true if you want to provision an Codebuild endpoint to the VPC"
type = bool
default = false
}
variable "codebuild_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Codebuild endpoint"
type = list(string)
default = []
}
variable "codebuild_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Codebuilt endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "codebuild_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "codebuild_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Codebuild endpoint"
type = bool
default = false
}
variable "enable_codecommit_endpoint" {
description = "Should be true if you want to provision an Codecommit endpoint to the VPC"
type = bool
default = false
}
variable "codecommit_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Codecommit endpoint"
type = list(string)
default = []
}
variable "codecommit_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "codecommit_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "codecommit_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Codecommit endpoint"
type = bool
default = false
}
variable "enable_git_codecommit_endpoint" {
description = "Should be true if you want to provision an Git Codecommit endpoint to the VPC"
type = bool
default = false
}
variable "git_codecommit_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint"
type = list(string)
default = []
}
variable "git_codecommit_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Git Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "git_codecommit_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint"
type = bool
default = false
}
variable "enable_config_endpoint" {
description = "Should be true if you want to provision an config endpoint to the VPC"
type = bool
default = false
}
variable "config_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for config endpoint"
type = list(string)
default = []
}
variable "config_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for config endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "config_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for config endpoint"
type = bool
default = false
}
variable "enable_sqs_endpoint" {
description = "Should be true if you want to provision an SQS endpoint to the VPC"
type = bool
default = false
}
variable "sqs_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SQS endpoint"
type = list(string)
default = []
}
variable "sqs_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SQS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "sqs_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "sqs_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SQS endpoint"
type = bool
default = false
}
variable "enable_lambda_endpoint" {
description = "Should be true if you want to provision a Lambda endpoint to the VPC"
type = bool
default = false
}
variable "lambda_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Lambda endpoint"
type = list(string)
default = []
}
variable "lambda_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Lambda endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "lambda_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Lambda endpoint"
type = bool
default = false
}
variable "enable_ssm_endpoint" {
description = "Should be true if you want to provision an SSM endpoint to the VPC"
type = bool
default = false
}
variable "ssm_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SSM endpoint"
type = list(string)
default = []
}
variable "ssm_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ssm_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint"
type = bool
default = false
}
variable "enable_secretsmanager_endpoint" {
description = "Should be true if you want to provision an Secrets Manager endpoint to the VPC"
type = bool
default = false
}
variable "secretsmanager_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Secrets Manager endpoint"
type = list(string)
default = []
}
variable "secretsmanager_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Secrets Manager endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "secretsmanager_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "secretsmanager_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Secrets Manager endpoint"
type = bool
default = false
}
variable "enable_apigw_endpoint" {
description = "Should be true if you want to provision an api gateway endpoint to the VPC"
type = bool
default = false
}
variable "apigw_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for API GW endpoint"
type = list(string)
default = []
}
variable "apigw_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "apigw_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for API GW endpoint"
type = bool
default = false
}
variable "apigw_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for API GW endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "enable_ssmmessages_endpoint" {
description = "Should be true if you want to provision a SSMMESSAGES endpoint to the VPC"
type = bool
default = false
}
variable "ssmmessages_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint"
type = list(string)
default = []
}
variable "ssmmessages_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ssmmessages_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint"
type = bool
default = false
}
variable "enable_textract_endpoint" {
description = "Should be true if you want to provision an Textract endpoint to the VPC"
type = bool
default = false
}
variable "textract_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Textract endpoint"
type = list(string)
default = []
}
variable "textract_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Textract endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "textract_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Textract endpoint"
type = bool
default = false
}
variable "enable_transferserver_endpoint" {
description = "Should be true if you want to provision a Transfer Server endpoint to the VPC"
type = bool
default = false
}
variable "transferserver_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Transfer Server endpoint"
type = list(string)
default = []
}
variable "transferserver_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Transfer Server endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "transferserver_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Transfer Server endpoint"
type = bool
default = false
}
variable "enable_ec2_endpoint" {
description = "Should be true if you want to provision an EC2 endpoint to the VPC"
type = bool
default = false
}
variable "ec2_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for EC2 endpoint"
type = list(string)
default = []
}
variable "ec2_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "ec2_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint"
type = bool
default = false
}
variable "ec2_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "enable_ec2messages_endpoint" {
description = "Should be true if you want to provision an EC2MESSAGES endpoint to the VPC"
type = bool
default = false
}
variable "ec2messages_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint"
type = list(string)
default = []
}
variable "ec2messages_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint"
type = bool
default = false
}
variable "ec2messages_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "enable_ec2_autoscaling_endpoint" {
description = "Should be true if you want to provision an EC2 Autoscaling endpoint to the VPC"
type = bool
default = false
}
variable "ec2_autoscaling_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for EC2 Autoscaling endpoint"
type = list(string)
default = []
}
variable "ec2_autoscaling_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "ec2_autoscaling_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 Autoscaling endpoint"
type = bool
default = false
}
variable "ec2_autoscaling_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for EC2 Autoscaling endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "enable_ecr_api_endpoint" {
description = "Should be true if you want to provision an ecr api endpoint to the VPC"
type = bool
default = false
}
variable "ecr_api_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECR api endpoint. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ecr_api_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "ecr_api_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint"
type = bool
default = false
}
variable "ecr_api_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECR API endpoint"
type = list(string)
default = []
}
variable "enable_ecr_dkr_endpoint" {
description = "Should be true if you want to provision an ecr dkr endpoint to the VPC"
type = bool
default = false
}
variable "ecr_dkr_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ecr_dkr_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "ecr_dkr_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint"
type = bool
default = false
}
variable "ecr_dkr_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECR DKR endpoint"
type = list(string)
default = []
}
variable "enable_kms_endpoint" {
description = "Should be true if you want to provision a KMS endpoint to the VPC"
type = bool
default = false
}
variable "kms_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for KMS endpoint"
type = list(string)
default = []
}
variable "kms_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for KMS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "kms_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "kms_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for KMS endpoint"
type = bool
default = false
}
variable "enable_ecs_endpoint" {
description = "Should be true if you want to provision a ECS endpoint to the VPC"
type = bool
default = false
}
variable "ecs_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECS endpoint"
type = list(string)
default = []
}
variable "ecs_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ecs_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECS endpoint"
type = bool
default = false
}
variable "enable_ecs_agent_endpoint" {
description = "Should be true if you want to provision a ECS Agent endpoint to the VPC"
type = bool
default = false
}
variable "ecs_agent_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECS Agent endpoint"
type = list(string)
default = []
}
variable "ecs_agent_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECS Agent endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ecs_agent_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Agent endpoint"
type = bool
default = false
}
variable "enable_ecs_telemetry_endpoint" {
description = "Should be true if you want to provision a ECS Telemetry endpoint to the VPC"
type = bool
default = false
}
variable "ecs_telemetry_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECS Telemetry endpoint"
type = list(string)
default = []
}
variable "ecs_telemetry_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECS Telemetry endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ecs_telemetry_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Telemetry endpoint"
type = bool
default = false
}
variable "enable_sns_endpoint" {
description = "Should be true if you want to provision a SNS endpoint to the VPC"
type = bool
default = false
}
variable "sns_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SNS endpoint"
type = list(string)
default = []
}
variable "sns_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SNS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "sns_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "sns_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SNS endpoint"
type = bool
default = false
}
variable "enable_monitoring_endpoint" {
description = "Should be true if you want to provision a CloudWatch Monitoring endpoint to the VPC"
type = bool
default = false
}
variable "monitoring_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for CloudWatch Monitoring endpoint"
type = list(string)
default = []
}
variable "monitoring_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for CloudWatch Monitoring endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "monitoring_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "monitoring_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Monitoring endpoint"
type = bool
default = false
}
variable "enable_elasticloadbalancing_endpoint" {
description = "Should be true if you want to provision a Elastic Load Balancing endpoint to the VPC"
type = bool
default = false
}
variable "elasticloadbalancing_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Elastic Load Balancing endpoint"
type = list(string)
default = []
}
variable "elasticloadbalancing_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Elastic Load Balancing endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "elasticloadbalancing_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "elasticloadbalancing_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Load Balancing endpoint"
type = bool
default = false
}
variable "enable_events_endpoint" {
description = "Should be true if you want to provision a CloudWatch Events endpoint to the VPC"
type = bool
default = false
}
variable "events_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for CloudWatch Events endpoint"
type = list(string)
default = []
}
variable "events_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for CloudWatch Events endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "events_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "events_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Events endpoint"
type = bool
default = false
}
variable "enable_logs_endpoint" {
description = "Should be true if you want to provision a CloudWatch Logs endpoint to the VPC"
type = bool
default = false
}
variable "logs_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for CloudWatch Logs endpoint"
type = list(string)
default = []
}
variable "logs_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for CloudWatch Logs endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "logs_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "logs_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Logs endpoint"
type = bool
default = false
}
variable "enable_cloudtrail_endpoint" {
description = "Should be true if you want to provision a CloudTrail endpoint to the VPC"
type = bool
default = false
}
variable "cloudtrail_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for CloudTrail endpoint"
type = list(string)
default = []
}
variable "cloudtrail_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for CloudTrail endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "cloudtrail_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for CloudTrail endpoint"
type = bool
default = false
}
variable "enable_kinesis_streams_endpoint" {
description = "Should be true if you want to provision a Kinesis Streams endpoint to the VPC"
type = bool
default = false
}
variable "kinesis_streams_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Kinesis Streams endpoint"
type = list(string)
default = []
}
variable "kinesis_streams_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Kinesis Streams endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "kinesis_streams_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "kinesis_streams_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Kinesis Streams endpoint"
type = bool
default = false
}
variable "enable_kinesis_firehose_endpoint" {
description = "Should be true if you want to provision a Kinesis Firehose endpoint to the VPC"
type = bool
default = false
}
variable "kinesis_firehose_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Kinesis Firehose endpoint"
type = list(string)
default = []
}
variable "kinesis_firehose_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Kinesis Firehose endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "kinesis_firehose_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "kinesis_firehose_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Kinesis Firehose endpoint"
type = bool
default = false
}
variable "enable_glue_endpoint" {
description = "Should be true if you want to provision a Glue endpoint to the VPC"
type = bool
default = false
}
variable "glue_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Glue endpoint"
type = list(string)
default = []
}
variable "glue_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Glue endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "glue_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Glue endpoint"
type = bool
default = false
}
variable "enable_sagemaker_notebook_endpoint" {
description = "Should be true if you want to provision a Sagemaker Notebook endpoint to the VPC"
type = bool
default = false
}
variable "sagemaker_notebook_endpoint_region" {
description = "Region to use for Sagemaker Notebook endpoint"
type = string
default = ""
}
variable "sagemaker_notebook_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Sagemaker Notebook endpoint"
type = list(string)
default = []
}
variable "sagemaker_notebook_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Sagemaker Notebook endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "sagemaker_notebook_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "sagemaker_notebook_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Sagemaker Notebook endpoint"
type = bool
default = false
}
variable "enable_sts_endpoint" {
description = "Should be true if you want to provision a STS endpoint to the VPC"
type = bool
default = false
}
variable "sts_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for STS endpoint"
type = list(string)
default = []
}
variable "sts_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for STS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "sts_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "sts_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for STS endpoint"
type = bool
default = false
}
variable "enable_cloudformation_endpoint" {
description = "Should be true if you want to provision a Cloudformation endpoint to the VPC"
type = bool
default = false
}
variable "cloudformation_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Cloudformation endpoint"
type = list(string)
default = []
}
variable "cloudformation_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Cloudformation endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "cloudformation_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Cloudformation endpoint"
type = bool
default = false
}
variable "enable_codepipeline_endpoint" {
description = "Should be true if you want to provision a CodePipeline endpoint to the VPC"
type = bool
default = false
}
variable "codepipeline_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for CodePipeline endpoint"
type = list(string)
default = []
}
variable "codepipeline_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for CodePipeline endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "codepipeline_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for CodePipeline endpoint"
type = bool
default = false
}
variable "enable_appmesh_envoy_management_endpoint" {
description = "Should be true if you want to provision a AppMesh endpoint to the VPC"
type = bool
default = false
}
variable "appmesh_envoy_management_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for AppMesh endpoint"
type = list(string)
default = []
}
variable "appmesh_envoy_management_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for AppMesh endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "appmesh_envoy_management_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for AppMesh endpoint"
type = bool
default = false
}
variable "enable_servicecatalog_endpoint" {
description = "Should be true if you want to provision a Service Catalog endpoint to the VPC"
type = bool
default = false
}
variable "servicecatalog_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Service Catalog endpoint"
type = list(string)
default = []
}
variable "servicecatalog_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Service Catalog endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "servicecatalog_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Service Catalog endpoint"
type = bool
default = false
}
variable "enable_storagegateway_endpoint" {
description = "Should be true if you want to provision a Storage Gateway endpoint to the VPC"
type = bool
default = false
}
variable "storagegateway_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Storage Gateway endpoint"
type = list(string)
default = []
}
variable "storagegateway_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Storage Gateway endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "storagegateway_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Storage Gateway endpoint"
type = bool
default = false
}
variable "enable_transfer_endpoint" {
description = "Should be true if you want to provision a Transfer endpoint to the VPC"
type = bool
default = false
}
variable "transfer_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Transfer endpoint"
type = list(string)
default = []
}
variable "transfer_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Transfer endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "transfer_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Transfer endpoint"
type = bool
default = false
}
variable "enable_sagemaker_api_endpoint" {
description = "Should be true if you want to provision a SageMaker API endpoint to the VPC"
type = bool
default = false
}
variable "sagemaker_api_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SageMaker API endpoint"
type = list(string)
default = []
}
variable "sagemaker_api_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SageMaker API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "sagemaker_api_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "sagemaker_api_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SageMaker API endpoint"
type = bool
default = false
}
variable "enable_sagemaker_runtime_endpoint" {
description = "Should be true if you want to provision a SageMaker Runtime endpoint to the VPC"
type = bool
default = false
}
variable "sagemaker_runtime_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SageMaker Runtime endpoint"
type = list(string)
default = []
}
variable "sagemaker_runtime_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SageMaker Runtime endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "sagemaker_runtime_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "sagemaker_runtime_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SageMaker Runtime endpoint"
type = bool
default = false
}
variable "enable_appstream_api_endpoint" {
description = "Should be true if you want to provision a AppStream API endpoint to the VPC"
type = bool
default = false
}
variable "appstream_api_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for AppStream API endpoint"
type = list(string)
default = []
}
variable "appstream_api_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for AppStream API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "appstream_api_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream API endpoint"
type = bool
default = false
}
variable "enable_appstream_streaming_endpoint" {
description = "Should be true if you want to provision a AppStream Streaming endpoint to the VPC"
type = bool
default = false
}
variable "appstream_streaming_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for AppStream Streaming endpoint"
type = list(string)
default = []
}
variable "appstream_streaming_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for AppStream Streaming endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "appstream_streaming_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream Streaming endpoint"
type = bool
default = false
}
variable "enable_athena_endpoint" {
description = "Should be true if you want to provision a Athena endpoint to the VPC"
type = bool
default = false
}
variable "athena_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Athena endpoint"
type = list(string)
default = []
}
variable "athena_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Athena endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "athena_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "athena_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Athena endpoint"
type = bool
default = false
}
variable "enable_rekognition_endpoint" {
description = "Should be true if you want to provision a Rekognition endpoint to the VPC"
type = bool
default = false
}
variable "rekognition_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Rekognition endpoint"
type = list(string)
default = []
}
variable "rekognition_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Rekognition endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "rekognition_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "rekognition_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Rekognition endpoint"
type = bool
default = false
}
variable "enable_efs_endpoint" {
description = "Should be true if you want to provision an EFS endpoint to the VPC"
type = bool
default = false
}
variable "efs_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for EFS endpoint"
type = list(string)
default = []
}
variable "efs_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for EFS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
type = list(string)
default = []
}
variable "efs_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "efs_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for EFS endpoint"
type = bool
default = false
}
variable "enable_cloud_directory_endpoint" {
description = "Should be true if you want to provision an Cloud Directory endpoint to the VPC"
type = bool
default = false
}
variable "cloud_directory_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Cloud Directory endpoint"
type = list(string)
default = []
}
variable "cloud_directory_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Cloud Directory endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
type = list(string)
default = []
}
variable "cloud_directory_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "cloud_directory_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Cloud Directory endpoint"
type = bool
default = false
}
variable "enable_ses_endpoint" {
description = "Should be true if you want to provision an SES endpoint to the VPC"
type = bool
default = false
}
variable "ses_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SES endpoint"
type = list(string)
default = []
}
variable "ses_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "enable_auto_scaling_plans_endpoint" {
description = "Should be true if you want to provision an Auto Scaling Plans endpoint to the VPC"
type = bool
default = false
}
variable "auto_scaling_plans_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Auto Scaling Plans endpoint"
type = list(string)
default = []
}
variable "auto_scaling_plans_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Auto Scaling Plans endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
type = list(string)
default = []
}
variable "auto_scaling_plans_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "auto_scaling_plans_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Auto Scaling Plans endpoint"
type = bool
default = false
}
variable "ses_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SES endpoint"
type = bool
default = false
}
variable "enable_workspaces_endpoint" {
description = "Should be true if you want to provision an Workspaces endpoint to the VPC"
type = bool
default = false
}
variable "workspaces_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Workspaces endpoint"
type = list(string)
default = []
}
variable "workspaces_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Workspaces endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
type = list(string)
default = []
}
variable "workspaces_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "workspaces_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Workspaces endpoint"
type = bool
default = false
}
variable "enable_access_analyzer_endpoint" {
description = "Should be true if you want to provision an Access Analyzer endpoint to the VPC"
type = bool
default = false
}
variable "access_analyzer_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Access Analyzer endpoint"
type = list(string)
default = []
}
variable "access_analyzer_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Access Analyzer endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
type = list(string)
default = []
}
variable "access_analyzer_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "access_analyzer_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Access Analyzer endpoint"
type = bool
default = false
}
variable "enable_ebs_endpoint" {
description = "Should be true if you want to provision an EBS endpoint to the VPC"
type = bool
default = false
}
variable "ebs_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for EBS endpoint"
type = list(string)
default = []
}
variable "ebs_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for EBS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
type = list(string)
default = []
}
variable "ebs_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for EBS endpoint"
type = bool
default = false
}
variable "enable_datasync_endpoint" {
description = "Should be true if you want to provision an Data Sync endpoint to the VPC"
type = bool
default = false
}
variable "datasync_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Data Sync endpoint"
type = list(string)
default = []
}
variable "datasync_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Data Sync endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
type = list(string)
default = []
}
variable "datasync_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Data Sync endpoint"
type = bool
default = false
}
variable "enable_elastic_inference_runtime_endpoint" {
description = "Should be true if you want to provision an Elastic Inference Runtime endpoint to the VPC"
type = bool
default = false
}
variable "elastic_inference_runtime_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Elastic Inference Runtime endpoint"
type = list(string)
default = []
}
variable "elastic_inference_runtime_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Elastic Inference Runtime endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
type = list(string)
default = []
}
variable "elastic_inference_runtime_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Inference Runtime endpoint"
type = bool
default = false
}
variable "enable_sms_endpoint" {
description = "Should be true if you want to provision an SMS endpoint to the VPC"
type = bool
default = false
}
variable "sms_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SMS endpoint"
type = list(string)
default = []
}
variable "sms_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SMS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
type = list(string)
default = []
}
variable "sms_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SMS endpoint"
type = bool
default = false
}
variable "enable_emr_endpoint" {
description = "Should be true if you want to provision an EMR endpoint to the VPC"
type = bool
default = false
}
variable "emr_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for EMR endpoint"
type = list(string)
default = []
}
variable "emr_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for EMR endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
type = list(string)
default = []
}
variable "emr_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "emr_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for EMR endpoint"
type = bool
default = false
}
variable "enable_qldb_session_endpoint" {
description = "Should be true if you want to provision an QLDB Session endpoint to the VPC"
type = bool
default = false
}
variable "qldb_session_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for QLDB Session endpoint"
type = list(string)
default = []
}
variable "qldb_session_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for QLDB Session endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
type = list(string)
default = []
}
variable "qldb_session_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for QLDB Session endpoint"
type = bool
default = false
}
variable "enable_elasticbeanstalk_endpoint" {
description = "Should be true if you want to provision a Elastic Beanstalk endpoint to the VPC"
type = bool
default = false
}
variable "elasticbeanstalk_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Elastic Beanstalk endpoint"
type = list(string)
default = []
}
variable "elasticbeanstalk_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Elastic Beanstalk endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "elasticbeanstalk_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "elasticbeanstalk_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk endpoint"
type = bool
default = false
}
variable "enable_elasticbeanstalk_health_endpoint" {
description = "Should be true if you want to provision a Elastic Beanstalk Health endpoint to the VPC"
type = bool
default = false
}
variable "elasticbeanstalk_health_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Elastic Beanstalk Health endpoint"
type = list(string)
default = []
}
variable "elasticbeanstalk_health_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Elastic Beanstalk Health endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "elasticbeanstalk_health_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk Health endpoint"
type = bool
default = false
}
variable "enable_states_endpoint" {
description = "Should be true if you want to provision a Step Function endpoint to the VPC"
type = bool
default = false
}
variable "states_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for Step Function endpoint"
type = list(string)
default = []
}
variable "states_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for Step Function endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "states_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "states_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for Step Function endpoint"
type = bool
default = false
}
variable "enable_rds_endpoint" {
description = "Should be true if you want to provision an RDS endpoint to the VPC"
type = bool
default = false
}
variable "rds_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for RDS endpoint"
type = list(string)
default = []
}
variable "rds_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for RDS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "rds_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for RDS endpoint"
type = bool
default = false
}
variable "enable_codedeploy_endpoint" {
description = "Should be true if you want to provision an CodeDeploy endpoint to the VPC"
type = bool
default = false
}
variable "codedeploy_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for CodeDeploy endpoint"
type = list(string)
default = []
}
variable "codedeploy_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for CodeDeploy endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "codedeploy_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for CodeDeploy endpoint"
type = bool
default = false
}
variable "enable_codedeploy_commands_secure_endpoint" {
description = "Should be true if you want to provision an CodeDeploy Commands Secure endpoint to the VPC"
type = bool
default = false
}
variable "codedeploy_commands_secure_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for CodeDeploy Commands Secure endpoint"
type = list(string)
default = []
}
variable "codedeploy_commands_secure_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for CodeDeploy Commands Secure endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "codedeploy_commands_secure_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for CodeDeploy Commands Secure endpoint"
type = bool
default = false
}
variable "enable_acm_pca_endpoint" {
description = "Should be true if you want to provision an ACM PCA endpoint to the VPC"
type = bool
default = false
}
variable "acm_pca_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ACM PCA endpoint"
type = list(string)
default = []
}
variable "acm_pca_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ACM PCA endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "acm_pca_endpoint_policy" {
description = "A policy to attach to the endpoint that controls access to the service. Defaults to full access"
type = string
default = null
}
variable "acm_pca_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ACM PCA endpoint"
type = bool
default = false
}
variable "enable_dms_endpoint" {
description = "Should be true if you want to provision a DMS endpoint to the VPC"
type = bool
default = false
}
variable "dms_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for DMS endpoint"
type = list(string)
default = []
}
variable "dms_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for DMS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "dms_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for DMS endpoint"
type = bool
default = false
}
variable "map_public_ip_on_launch" { variable "map_public_ip_on_launch" {
description = "Should be false if you do not want to auto-assign public IP on launch" description = "Should be false if you do not want to auto-assign public IP on launch"
type = bool type = bool
...@@ -2441,12 +586,6 @@ variable "vpn_gateway_tags" { ...@@ -2441,12 +586,6 @@ variable "vpn_gateway_tags" {
default = {} default = {}
} }
variable "vpc_endpoint_tags" {
description = "Additional tags for the VPC Endpoints"
type = map(string)
default = {}
}
variable "vpc_flow_log_tags" { variable "vpc_flow_log_tags" {
description = "Additional tags for the VPC Flow Logs" description = "Additional tags for the VPC Flow Logs"
type = map(string) type = map(string)
......
versions.tf
View file @ a98422ba
terraform { terraform {
required_version = ">= 0.12.21" required_version = ">= 0.12.26"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = ">= 2.70" version = ">= 3.15"
} }
} }
} }
vpc-endpoints.tf deleted 100644 → 0
View file @ 43edd440
######################
# VPC Endpoint for S3
######################
data "aws_vpc_endpoint_service" "s3" {
count = var.create_vpc && var.enable_s3_endpoint ? 1 : 0
service = "s3"
# Used for backwards compatability where `service_type` is not yet available in the provider used
filter {
name = "service-type"
values = [var.s3_endpoint_type]
}
}
resource "aws_vpc_endpoint" "s3" {
count = var.create_vpc && var.enable_s3_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.s3[0].service_name
vpc_endpoint_type = var.s3_endpoint_type
security_group_ids = var.s3_endpoint_type == "Interface" ? var.s3_endpoint_security_group_ids : null
subnet_ids = var.s3_endpoint_type == "Interface" ? coalescelist(var.s3_endpoint_subnet_ids, aws_subnet.private.*.id) : null
policy = var.s3_endpoint_policy
private_dns_enabled = var.s3_endpoint_type == "Interface" ? var.s3_endpoint_private_dns_enabled : null
tags = local.vpce_tags
}
resource "aws_vpc_endpoint_route_table_association" "private_s3" {
count = var.create_vpc && var.enable_s3_endpoint && var.s3_endpoint_type == "Gateway" ? local.nat_gateway_count : 0
vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
route_table_id = element(aws_route_table.private.*.id, count.index)
}
resource "aws_vpc_endpoint_route_table_association" "intra_s3" {
count = var.create_vpc && var.enable_s3_endpoint && length(var.intra_subnets) > 0 && var.s3_endpoint_type == "Gateway" ? 1 : 0
vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
route_table_id = element(aws_route_table.intra.*.id, 0)
}
resource "aws_vpc_endpoint_route_table_association" "public_s3" {
count = var.create_vpc && var.enable_s3_endpoint && var.enable_public_s3_endpoint && length(var.public_subnets) > 0 && var.s3_endpoint_type == "Gateway" ? 1 : 0
vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
route_table_id = aws_route_table.public[0].id
}
############################
# VPC Endpoint for DynamoDB
############################
data "aws_vpc_endpoint_service" "dynamodb" {
count = var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0
service = "dynamodb"
# Used for backwards compatability where `service_type` is not yet available in the provider used
filter {
name = "service-type"
values = [var.dynamodb_endpoint_type]
}
}
resource "aws_vpc_endpoint" "dynamodb" {
count = var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.dynamodb[0].service_name
vpc_endpoint_type = var.dynamodb_endpoint_type
security_group_ids = var.dynamodb_endpoint_type == "Interface" ? var.dynamodb_endpoint_security_group_ids : null
subnet_ids = var.dynamodb_endpoint_type == "Interface" ? coalescelist(var.dynamodb_endpoint_subnet_ids, aws_subnet.private.*.id) : null
policy = var.dynamodb_endpoint_policy
private_dns_enabled = var.dynamodb_endpoint_type == "Interface" ? var.dynamodb_endpoint_private_dns_enabled : null
tags = local.vpce_tags
}
resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" {
count = var.create_vpc && var.enable_dynamodb_endpoint && var.dynamodb_endpoint_type == "Gateway" ? local.nat_gateway_count : 0
vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
route_table_id = element(aws_route_table.private.*.id, count.index)
}
resource "aws_vpc_endpoint_route_table_association" "intra_dynamodb" {
count = var.create_vpc && var.enable_dynamodb_endpoint && length(var.intra_subnets) > 0 && var.dynamodb_endpoint_type == "Gateway" ? 1 : 0
vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
route_table_id = element(aws_route_table.intra.*.id, 0)
}
resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
count = var.create_vpc && var.enable_dynamodb_endpoint && length(var.public_subnets) > 0 && var.dynamodb_endpoint_type == "Gateway" ? 1 : 0
vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
route_table_id = aws_route_table.public[0].id
}
#############################
# VPC Endpoint for Codebuild
#############################
data "aws_vpc_endpoint_service" "codebuild" {
count = var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0
service = "codebuild"
}
resource "aws_vpc_endpoint" "codebuild" {
count = var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.codebuild[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.codebuild_endpoint_security_group_ids
subnet_ids = coalescelist(var.codebuild_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.codebuild_endpoint_policy
private_dns_enabled = var.codebuild_endpoint_private_dns_enabled
tags = local.vpce_tags
}
###############################
# VPC Endpoint for Code Commit
###############################
data "aws_vpc_endpoint_service" "codecommit" {
count = var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0
service = "codecommit"
}
resource "aws_vpc_endpoint" "codecommit" {
count = var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.codecommit[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.codecommit_endpoint_security_group_ids
subnet_ids = coalescelist(var.codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.codecommit_endpoint_policy
private_dns_enabled = var.codecommit_endpoint_private_dns_enabled
tags = local.vpce_tags
}
###################################
# VPC Endpoint for Git Code Commit
###################################
data "aws_vpc_endpoint_service" "git_codecommit" {
count = var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0
service = "git-codecommit"
}
resource "aws_vpc_endpoint" "git_codecommit" {
count = var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.git_codecommit[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.git_codecommit_endpoint_security_group_ids
subnet_ids = coalescelist(var.git_codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.git_codecommit_endpoint_private_dns_enabled
tags = local.vpce_tags
}
##########################
# VPC Endpoint for Config
##########################
data "aws_vpc_endpoint_service" "config" {
count = var.create_vpc && var.enable_config_endpoint ? 1 : 0
service = "config"
}
resource "aws_vpc_endpoint" "config" {
count = var.create_vpc && var.enable_config_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.config[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.config_endpoint_security_group_ids
subnet_ids = coalescelist(var.config_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.config_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for SQS
#######################
data "aws_vpc_endpoint_service" "sqs" {
count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
service = "sqs"
}
resource "aws_vpc_endpoint" "sqs" {
count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.sqs[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.sqs_endpoint_security_group_ids
subnet_ids = coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.sqs_endpoint_policy
private_dns_enabled = var.sqs_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#########################
# VPC Endpoint for Lambda
#########################
data "aws_vpc_endpoint_service" "lambda" {
count = var.create_vpc && var.enable_lambda_endpoint ? 1 : 0
service = "lambda"
}
resource "aws_vpc_endpoint" "lambda" {
count = var.create_vpc && var.enable_lambda_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.lambda[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.lambda_endpoint_security_group_ids
subnet_ids = coalescelist(var.lambda_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.lambda_endpoint_private_dns_enabled
tags = local.vpce_tags
}
###################################
# VPC Endpoint for Secrets Manager
###################################
data "aws_vpc_endpoint_service" "secretsmanager" {
count = var.create_vpc && var.enable_secretsmanager_endpoint ? 1 : 0
service = "secretsmanager"
}
resource "aws_vpc_endpoint" "secretsmanager" {
count = var.create_vpc && var.enable_secretsmanager_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.secretsmanager[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.secretsmanager_endpoint_security_group_ids
subnet_ids = coalescelist(var.secretsmanager_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.secretsmanager_endpoint_policy
private_dns_enabled = var.secretsmanager_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for SSM
#######################
data "aws_vpc_endpoint_service" "ssm" {
count = var.create_vpc && var.enable_ssm_endpoint ? 1 : 0
service = "ssm"
}
resource "aws_vpc_endpoint" "ssm" {
count = var.create_vpc && var.enable_ssm_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ssm[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ssm_endpoint_security_group_ids
subnet_ids = coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ssm_endpoint_private_dns_enabled
tags = local.vpce_tags
}
###############################
# VPC Endpoint for SSMMESSAGES
###############################
data "aws_vpc_endpoint_service" "ssmmessages" {
count = var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0
service = "ssmmessages"
}
resource "aws_vpc_endpoint" "ssmmessages" {
count = var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ssmmessages[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ssmmessages_endpoint_security_group_ids
subnet_ids = coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ssmmessages_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for EC2
#######################
data "aws_vpc_endpoint_service" "ec2" {
count = var.create_vpc && var.enable_ec2_endpoint ? 1 : 0
service = "ec2"
}
resource "aws_vpc_endpoint" "ec2" {
count = var.create_vpc && var.enable_ec2_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ec2[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ec2_endpoint_security_group_ids
subnet_ids = coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.ec2_endpoint_policy
private_dns_enabled = var.ec2_endpoint_private_dns_enabled
tags = local.vpce_tags
}
###############################
# VPC Endpoint for EC2MESSAGES
###############################
data "aws_vpc_endpoint_service" "ec2messages" {
count = var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0
service = "ec2messages"
}
resource "aws_vpc_endpoint" "ec2messages" {
count = var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ec2messages[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ec2messages_endpoint_security_group_ids
subnet_ids = coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ec2messages_endpoint_private_dns_enabled
tags = local.vpce_tags
}
###############################
# VPC Endpoint for EC2 Autoscaling
###############################
data "aws_vpc_endpoint_service" "ec2_autoscaling" {
count = var.create_vpc && var.enable_ec2_autoscaling_endpoint ? 1 : 0
service = "autoscaling"
}
resource "aws_vpc_endpoint" "ec2_autoscaling" {
count = var.create_vpc && var.enable_ec2_autoscaling_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ec2_autoscaling[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ec2_autoscaling_endpoint_security_group_ids
subnet_ids = coalescelist(var.ec2_autoscaling_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.ec2_autoscaling_endpoint_policy
private_dns_enabled = var.ec2_autoscaling_endpoint_private_dns_enabled
tags = local.vpce_tags
}
###################################
# VPC Endpoint for Transfer Server
###################################
data "aws_vpc_endpoint_service" "transferserver" {
count = var.create_vpc && var.enable_transferserver_endpoint ? 1 : 0
service = "transfer.server"
}
resource "aws_vpc_endpoint" "transferserver" {
count = var.create_vpc && var.enable_transferserver_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.transferserver[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.transferserver_endpoint_security_group_ids
subnet_ids = coalescelist(var.transferserver_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.transferserver_endpoint_private_dns_enabled
tags = local.vpce_tags
}
###########################
# VPC Endpoint for ECR API
###########################
data "aws_vpc_endpoint_service" "ecr_api" {
count = var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0
service = "ecr.api"
}
resource "aws_vpc_endpoint" "ecr_api" {
count = var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ecr_api[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ecr_api_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.ecr_api_endpoint_policy
private_dns_enabled = var.ecr_api_endpoint_private_dns_enabled
tags = local.vpce_tags
}
###########################
# VPC Endpoint for ECR DKR
###########################
data "aws_vpc_endpoint_service" "ecr_dkr" {
count = var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0
service = "ecr.dkr"
}
resource "aws_vpc_endpoint" "ecr_dkr" {
count = var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ecr_dkr[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ecr_dkr_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.ecr_dkr_endpoint_policy
private_dns_enabled = var.ecr_dkr_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for API Gateway
#######################
data "aws_vpc_endpoint_service" "apigw" {
count = var.create_vpc && var.enable_apigw_endpoint ? 1 : 0
service = "execute-api"
}
resource "aws_vpc_endpoint" "apigw" {
count = var.create_vpc && var.enable_apigw_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.apigw[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.apigw_endpoint_security_group_ids
subnet_ids = coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.apigw_endpoint_policy
private_dns_enabled = var.apigw_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for KMS
#######################
data "aws_vpc_endpoint_service" "kms" {
count = var.create_vpc && var.enable_kms_endpoint ? 1 : 0
service = "kms"
}
resource "aws_vpc_endpoint" "kms" {
count = var.create_vpc && var.enable_kms_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.kms[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.kms_endpoint_security_group_ids
subnet_ids = coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.kms_endpoint_policy
private_dns_enabled = var.kms_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for ECS
#######################
data "aws_vpc_endpoint_service" "ecs" {
count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
service = "ecs"
}
resource "aws_vpc_endpoint" "ecs" {
count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ecs[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ecs_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecs_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for ECS Agent
#######################
data "aws_vpc_endpoint_service" "ecs_agent" {
count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
service = "ecs-agent"
}
resource "aws_vpc_endpoint" "ecs_agent" {
count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ecs_agent[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ecs_agent_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecs_agent_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for ECS Telemetry
#######################
data "aws_vpc_endpoint_service" "ecs_telemetry" {
count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
service = "ecs-telemetry"
}
resource "aws_vpc_endpoint" "ecs_telemetry" {
count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ecs_telemetry[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ecs_telemetry_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecs_telemetry_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for SNS
#######################
data "aws_vpc_endpoint_service" "sns" {
count = var.create_vpc && var.enable_sns_endpoint ? 1 : 0
service = "sns"
}
resource "aws_vpc_endpoint" "sns" {
count = var.create_vpc && var.enable_sns_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.sns[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.sns_endpoint_security_group_ids
subnet_ids = coalescelist(var.sns_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.sns_endpoint_policy
private_dns_enabled = var.sns_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for CloudWatch Monitoring
#######################
data "aws_vpc_endpoint_service" "monitoring" {
count = var.create_vpc && var.enable_monitoring_endpoint ? 1 : 0
service = "monitoring"
}
resource "aws_vpc_endpoint" "monitoring" {
count = var.create_vpc && var.enable_monitoring_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.monitoring[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.monitoring_endpoint_security_group_ids
subnet_ids = coalescelist(var.monitoring_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.monitoring_endpoint_policy
private_dns_enabled = var.monitoring_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for CloudWatch Logs
#######################
data "aws_vpc_endpoint_service" "logs" {
count = var.create_vpc && var.enable_logs_endpoint ? 1 : 0
service = "logs"
}
resource "aws_vpc_endpoint" "logs" {
count = var.create_vpc && var.enable_logs_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.logs[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.logs_endpoint_security_group_ids
subnet_ids = coalescelist(var.logs_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.logs_endpoint_policy
private_dns_enabled = var.logs_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for CloudWatch Events
#######################
data "aws_vpc_endpoint_service" "events" {
count = var.create_vpc && var.enable_events_endpoint ? 1 : 0
service = "events"
}
resource "aws_vpc_endpoint" "events" {
count = var.create_vpc && var.enable_events_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.events[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.events_endpoint_security_group_ids
subnet_ids = coalescelist(var.events_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.events_endpoint_policy
private_dns_enabled = var.events_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for Elastic Load Balancing
#######################
data "aws_vpc_endpoint_service" "elasticloadbalancing" {
count = var.create_vpc && var.enable_elasticloadbalancing_endpoint ? 1 : 0
service = "elasticloadbalancing"
}
resource "aws_vpc_endpoint" "elasticloadbalancing" {
count = var.create_vpc && var.enable_elasticloadbalancing_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.elasticloadbalancing[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.elasticloadbalancing_endpoint_security_group_ids
subnet_ids = coalescelist(var.elasticloadbalancing_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.elasticloadbalancing_endpoint_policy
private_dns_enabled = var.elasticloadbalancing_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for CloudTrail
#######################
data "aws_vpc_endpoint_service" "cloudtrail" {
count = var.create_vpc && var.enable_cloudtrail_endpoint ? 1 : 0
service = "cloudtrail"
}
resource "aws_vpc_endpoint" "cloudtrail" {
count = var.create_vpc && var.enable_cloudtrail_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.cloudtrail[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.cloudtrail_endpoint_security_group_ids
subnet_ids = coalescelist(var.cloudtrail_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.cloudtrail_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for Kinesis Streams
#######################
data "aws_vpc_endpoint_service" "kinesis_streams" {
count = var.create_vpc && var.enable_kinesis_streams_endpoint ? 1 : 0
service = "kinesis-streams"
}
resource "aws_vpc_endpoint" "kinesis_streams" {
count = var.create_vpc && var.enable_kinesis_streams_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.kinesis_streams[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.kinesis_streams_endpoint_security_group_ids
subnet_ids = coalescelist(var.kinesis_streams_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.kinesis_streams_endpoint_policy
private_dns_enabled = var.kinesis_streams_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for Kinesis Firehose
#######################
data "aws_vpc_endpoint_service" "kinesis_firehose" {
count = var.create_vpc && var.enable_kinesis_firehose_endpoint ? 1 : 0
service = "kinesis-firehose"
}
resource "aws_vpc_endpoint" "kinesis_firehose" {
count = var.create_vpc && var.enable_kinesis_firehose_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.kinesis_firehose[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.kinesis_firehose_endpoint_security_group_ids
subnet_ids = coalescelist(var.kinesis_firehose_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.kinesis_firehose_endpoint_policy
private_dns_enabled = var.kinesis_firehose_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for Glue
#######################
data "aws_vpc_endpoint_service" "glue" {
count = var.create_vpc && var.enable_glue_endpoint ? 1 : 0
service = "glue"
}
resource "aws_vpc_endpoint" "glue" {
count = var.create_vpc && var.enable_glue_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.glue[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.glue_endpoint_security_group_ids
subnet_ids = coalescelist(var.glue_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.glue_endpoint_private_dns_enabled
tags = local.vpce_tags
}
######################################
# VPC Endpoint for Sagemaker Notebooks
######################################
data "aws_vpc_endpoint_service" "sagemaker_notebook" {
count = var.create_vpc && var.enable_sagemaker_notebook_endpoint ? 1 : 0
service_name = "aws.sagemaker.${var.sagemaker_notebook_endpoint_region}.notebook"
}
resource "aws_vpc_endpoint" "sagemaker_notebook" {
count = var.create_vpc && var.enable_sagemaker_notebook_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.sagemaker_notebook[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.sagemaker_notebook_endpoint_security_group_ids
subnet_ids = coalescelist(var.sagemaker_notebook_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.sagemaker_notebook_endpoint_policy
private_dns_enabled = var.sagemaker_notebook_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for STS
#######################
data "aws_vpc_endpoint_service" "sts" {
count = var.create_vpc && var.enable_sts_endpoint ? 1 : 0
service = "sts"
}
resource "aws_vpc_endpoint" "sts" {
count = var.create_vpc && var.enable_sts_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.sts[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.sts_endpoint_security_group_ids
subnet_ids = coalescelist(var.sts_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.sts_endpoint_policy
private_dns_enabled = var.sts_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for Cloudformation
#############################
data "aws_vpc_endpoint_service" "cloudformation" {
count = var.create_vpc && var.enable_cloudformation_endpoint ? 1 : 0
service = "cloudformation"
}
resource "aws_vpc_endpoint" "cloudformation" {
count = var.create_vpc && var.enable_cloudformation_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.cloudformation[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.cloudformation_endpoint_security_group_ids
subnet_ids = coalescelist(var.cloudformation_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.cloudformation_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for CodePipeline
#############################
data "aws_vpc_endpoint_service" "codepipeline" {
count = var.create_vpc && var.enable_codepipeline_endpoint ? 1 : 0
service = "codepipeline"
}
resource "aws_vpc_endpoint" "codepipeline" {
count = var.create_vpc && var.enable_codepipeline_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.codepipeline[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.codepipeline_endpoint_security_group_ids
subnet_ids = coalescelist(var.codepipeline_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.codepipeline_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for AppMesh
#############################
data "aws_vpc_endpoint_service" "appmesh_envoy_management" {
count = var.create_vpc && var.enable_appmesh_envoy_management_endpoint ? 1 : 0
service = "appmesh-envoy-management"
}
resource "aws_vpc_endpoint" "appmesh_envoy_management" {
count = var.create_vpc && var.enable_appmesh_envoy_management_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.appmesh_envoy_management[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.appmesh_envoy_management_endpoint_security_group_ids
subnet_ids = coalescelist(var.appmesh_envoy_management_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.appmesh_envoy_management_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for Service Catalog
#############################
data "aws_vpc_endpoint_service" "servicecatalog" {
count = var.create_vpc && var.enable_servicecatalog_endpoint ? 1 : 0
service = "servicecatalog"
}
resource "aws_vpc_endpoint" "servicecatalog" {
count = var.create_vpc && var.enable_servicecatalog_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.servicecatalog[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.servicecatalog_endpoint_security_group_ids
subnet_ids = coalescelist(var.servicecatalog_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.servicecatalog_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for Storage Gateway
#############################
data "aws_vpc_endpoint_service" "storagegateway" {
count = var.create_vpc && var.enable_storagegateway_endpoint ? 1 : 0
service = "storagegateway"
}
resource "aws_vpc_endpoint" "storagegateway" {
count = var.create_vpc && var.enable_storagegateway_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.storagegateway[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.storagegateway_endpoint_security_group_ids
subnet_ids = coalescelist(var.storagegateway_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.storagegateway_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for Transfer
#############################
data "aws_vpc_endpoint_service" "transfer" {
count = var.create_vpc && var.enable_transfer_endpoint ? 1 : 0
service = "transfer"
}
resource "aws_vpc_endpoint" "transfer" {
count = var.create_vpc && var.enable_transfer_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.transfer[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.transfer_endpoint_security_group_ids
subnet_ids = coalescelist(var.transfer_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.transfer_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for SageMaker API
#############################
data "aws_vpc_endpoint_service" "sagemaker_api" {
count = var.create_vpc && var.enable_sagemaker_api_endpoint ? 1 : 0
service = "sagemaker.api"
}
resource "aws_vpc_endpoint" "sagemaker_api" {
count = var.create_vpc && var.enable_sagemaker_api_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.sagemaker_api[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.sagemaker_api_endpoint_security_group_ids
subnet_ids = coalescelist(var.sagemaker_api_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.sagemaker_api_endpoint_policy
private_dns_enabled = var.sagemaker_api_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for SageMaker Runtime
#############################
data "aws_vpc_endpoint_service" "sagemaker_runtime" {
count = var.create_vpc && var.enable_sagemaker_runtime_endpoint ? 1 : 0
service = "sagemaker.runtime"
}
resource "aws_vpc_endpoint" "sagemaker_runtime" {
count = var.create_vpc && var.enable_sagemaker_runtime_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.sagemaker_runtime[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.sagemaker_runtime_endpoint_security_group_ids
subnet_ids = coalescelist(var.sagemaker_runtime_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.sagemaker_runtime_endpoint_policy
private_dns_enabled = var.sagemaker_runtime_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for AppStream API
#############################
data "aws_vpc_endpoint_service" "appstream_api" {
count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0
service = "appstream.api"
}
resource "aws_vpc_endpoint" "appstream_api" {
count = var.create_vpc && var.enable_appstream_api_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.appstream_api[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.appstream_api_endpoint_security_group_ids
subnet_ids = coalescelist(var.appstream_api_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.appstream_api_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for AppStream STREAMING
#############################
data "aws_vpc_endpoint_service" "appstream_streaming" {
count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0
service = "appstream.streaming"
}
resource "aws_vpc_endpoint" "appstream_streaming" {
count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.appstream_streaming[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.appstream_streaming_endpoint_security_group_ids
subnet_ids = coalescelist(var.appstream_streaming_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.appstream_streaming_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for Athena
#############################
data "aws_vpc_endpoint_service" "athena" {
count = var.create_vpc && var.enable_athena_endpoint ? 1 : 0
service = "athena"
}
resource "aws_vpc_endpoint" "athena" {
count = var.create_vpc && var.enable_athena_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.athena[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.athena_endpoint_security_group_ids
subnet_ids = coalescelist(var.athena_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.athena_endpoint_policy
private_dns_enabled = var.athena_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for Rekognition
#############################
data "aws_vpc_endpoint_service" "rekognition" {
count = var.create_vpc && var.enable_rekognition_endpoint ? 1 : 0
service = "rekognition"
}
resource "aws_vpc_endpoint" "rekognition" {
count = var.create_vpc && var.enable_rekognition_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.rekognition[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.rekognition_endpoint_security_group_ids
subnet_ids = coalescelist(var.rekognition_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.rekognition_endpoint_policy
private_dns_enabled = var.rekognition_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for EFS
#######################
data "aws_vpc_endpoint_service" "efs" {
count = var.create_vpc && var.enable_efs_endpoint ? 1 : 0
service = "elasticfilesystem"
}
resource "aws_vpc_endpoint" "efs" {
count = var.create_vpc && var.enable_efs_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.efs[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.efs_endpoint_security_group_ids
subnet_ids = coalescelist(var.efs_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.efs_endpoint_policy
private_dns_enabled = var.efs_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for Cloud Directory
#######################
data "aws_vpc_endpoint_service" "cloud_directory" {
count = var.create_vpc && var.enable_cloud_directory_endpoint ? 1 : 0
service = "clouddirectory"
}
resource "aws_vpc_endpoint" "cloud_directory" {
count = var.create_vpc && var.enable_cloud_directory_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.cloud_directory[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.cloud_directory_endpoint_security_group_ids
subnet_ids = coalescelist(var.cloud_directory_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.cloud_directory_endpoint_policy
private_dns_enabled = var.cloud_directory_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for Auto Scaling Plans
#######################
data "aws_vpc_endpoint_service" "auto_scaling_plans" {
count = var.create_vpc && var.enable_auto_scaling_plans_endpoint ? 1 : 0
service = "autoscaling-plans"
}
resource "aws_vpc_endpoint" "auto_scaling_plans" {
count = var.create_vpc && var.enable_auto_scaling_plans_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.auto_scaling_plans[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.auto_scaling_plans_endpoint_security_group_ids
subnet_ids = coalescelist(var.auto_scaling_plans_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.auto_scaling_plans_endpoint_policy
private_dns_enabled = var.auto_scaling_plans_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for Workspaces
#######################
data "aws_vpc_endpoint_service" "workspaces" {
count = var.create_vpc && var.enable_workspaces_endpoint ? 1 : 0
service = "workspaces"
}
resource "aws_vpc_endpoint" "workspaces" {
count = var.create_vpc && var.enable_workspaces_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.workspaces[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.workspaces_endpoint_security_group_ids
subnet_ids = coalescelist(var.workspaces_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.workspaces_endpoint_policy
private_dns_enabled = var.workspaces_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for Access Analyzer
#######################
data "aws_vpc_endpoint_service" "access_analyzer" {
count = var.create_vpc && var.enable_access_analyzer_endpoint ? 1 : 0
service = "access-analyzer"
}
resource "aws_vpc_endpoint" "access_analyzer" {
count = var.create_vpc && var.enable_access_analyzer_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.access_analyzer[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.access_analyzer_endpoint_security_group_ids
subnet_ids = coalescelist(var.access_analyzer_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.access_analyzer_endpoint_policy
private_dns_enabled = var.access_analyzer_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for EBS
#######################
data "aws_vpc_endpoint_service" "ebs" {
count = var.create_vpc && var.enable_ebs_endpoint ? 1 : 0
service = "ebs"
}
resource "aws_vpc_endpoint" "ebs" {
count = var.create_vpc && var.enable_ebs_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ebs[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ebs_endpoint_security_group_ids
subnet_ids = coalescelist(var.ebs_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ebs_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for Data Sync
#######################
data "aws_vpc_endpoint_service" "datasync" {
count = var.create_vpc && var.enable_datasync_endpoint ? 1 : 0
service = "datasync"
}
resource "aws_vpc_endpoint" "datasync" {
count = var.create_vpc && var.enable_datasync_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.datasync[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.datasync_endpoint_security_group_ids
subnet_ids = coalescelist(var.datasync_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.datasync_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for Elastic Inference Runtime
#######################
data "aws_vpc_endpoint_service" "elastic_inference_runtime" {
count = var.create_vpc && var.enable_elastic_inference_runtime_endpoint ? 1 : 0
service = "elastic-inference.runtime"
}
resource "aws_vpc_endpoint" "elastic_inference_runtime" {
count = var.create_vpc && var.enable_elastic_inference_runtime_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.elastic_inference_runtime[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.elastic_inference_runtime_endpoint_security_group_ids
subnet_ids = coalescelist(var.elastic_inference_runtime_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.elastic_inference_runtime_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for SMS
#######################
data "aws_vpc_endpoint_service" "sms" {
count = var.create_vpc && var.enable_sms_endpoint ? 1 : 0
service = "sms"
}
resource "aws_vpc_endpoint" "sms" {
count = var.create_vpc && var.enable_sms_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.sms[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.sms_endpoint_security_group_ids
subnet_ids = coalescelist(var.sms_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.sms_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for EMR
#######################
data "aws_vpc_endpoint_service" "emr" {
count = var.create_vpc && var.enable_emr_endpoint ? 1 : 0
service = "elasticmapreduce"
}
resource "aws_vpc_endpoint" "emr" {
count = var.create_vpc && var.enable_emr_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.emr[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.emr_endpoint_security_group_ids
subnet_ids = coalescelist(var.emr_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.emr_endpoint_policy
private_dns_enabled = var.emr_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for QLDB Session
#######################
data "aws_vpc_endpoint_service" "qldb_session" {
count = var.create_vpc && var.enable_qldb_session_endpoint ? 1 : 0
service = "qldb.session"
}
resource "aws_vpc_endpoint" "qldb_session" {
count = var.create_vpc && var.enable_qldb_session_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.qldb_session[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.qldb_session_endpoint_security_group_ids
subnet_ids = coalescelist(var.qldb_session_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.qldb_session_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for Step Function
#############################
data "aws_vpc_endpoint_service" "states" {
count = var.create_vpc && var.enable_states_endpoint ? 1 : 0
service = "states"
}
resource "aws_vpc_endpoint" "states" {
count = var.create_vpc && var.enable_states_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.states[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.states_endpoint_security_group_ids
subnet_ids = coalescelist(var.states_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.states_endpoint_policy
private_dns_enabled = var.states_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for Elastic Beanstalk
#############################
data "aws_vpc_endpoint_service" "elasticbeanstalk" {
count = var.create_vpc && var.enable_elasticbeanstalk_endpoint ? 1 : 0
service = "elasticbeanstalk"
}
resource "aws_vpc_endpoint" "elasticbeanstalk" {
count = var.create_vpc && var.enable_elasticbeanstalk_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.elasticbeanstalk[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.elasticbeanstalk_endpoint_security_group_ids
subnet_ids = coalescelist(var.elasticbeanstalk_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.elasticbeanstalk_endpoint_policy
private_dns_enabled = var.elasticbeanstalk_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for Elastic Beanstalk Health
#############################
data "aws_vpc_endpoint_service" "elasticbeanstalk_health" {
count = var.create_vpc && var.enable_elasticbeanstalk_health_endpoint ? 1 : 0
service = "elasticbeanstalk-health"
}
resource "aws_vpc_endpoint" "elasticbeanstalk_health" {
count = var.create_vpc && var.enable_elasticbeanstalk_health_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.elasticbeanstalk_health[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.elasticbeanstalk_health_endpoint_security_group_ids
subnet_ids = coalescelist(var.elasticbeanstalk_health_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.elasticbeanstalk_health_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for ACM PCA
#############################
data "aws_vpc_endpoint_service" "acm_pca" {
count = var.create_vpc && var.enable_acm_pca_endpoint ? 1 : 0
service = "acm-pca"
}
resource "aws_vpc_endpoint" "acm_pca" {
count = var.create_vpc && var.enable_acm_pca_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.acm_pca[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.acm_pca_endpoint_security_group_ids
subnet_ids = coalescelist(var.acm_pca_endpoint_subnet_ids, aws_subnet.private.*.id)
policy = var.acm_pca_endpoint_policy
private_dns_enabled = var.acm_pca_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#######################
# VPC Endpoint for SES
#######################
data "aws_vpc_endpoint_service" "ses" {
count = var.create_vpc && var.enable_ses_endpoint ? 1 : 0
service = "email-smtp"
}
resource "aws_vpc_endpoint" "ses" {
count = var.create_vpc && var.enable_ses_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ses[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ses_endpoint_security_group_ids
subnet_ids = coalescelist(var.ses_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ses_endpoint_private_dns_enabled
tags = local.vpce_tags
}
######################
# VPC Endpoint for RDS
######################
data "aws_vpc_endpoint_service" "rds" {
count = var.create_vpc && var.enable_rds_endpoint ? 1 : 0
service = "rds"
}
resource "aws_vpc_endpoint" "rds" {
count = var.create_vpc && var.enable_rds_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.rds[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.rds_endpoint_security_group_ids
subnet_ids = coalescelist(var.rds_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.rds_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for CodeDeploy
#############################
data "aws_vpc_endpoint_service" "codedeploy" {
count = var.create_vpc && var.enable_codedeploy_endpoint ? 1 : 0
service = "codedeploy"
}
resource "aws_vpc_endpoint" "codedeploy" {
count = var.create_vpc && var.enable_codedeploy_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.codedeploy[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.codedeploy_endpoint_security_group_ids
subnet_ids = coalescelist(var.codedeploy_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.codedeploy_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################################
# VPC Endpoint for CodeDeploy Commands Secure
#############################################
data "aws_vpc_endpoint_service" "codedeploy_commands_secure" {
count = var.create_vpc && var.enable_codedeploy_commands_secure_endpoint ? 1 : 0
service = "codedeploy-commands-secure"
}
resource "aws_vpc_endpoint" "codedeploy_commands_secure" {
count = var.create_vpc && var.enable_codedeploy_commands_secure_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.codedeploy_commands_secure[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.codedeploy_commands_secure_endpoint_security_group_ids
subnet_ids = coalescelist(var.codedeploy_commands_secure_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.codedeploy_commands_secure_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################################
# VPC Endpoint for Textract
#############################################
data "aws_vpc_endpoint_service" "textract" {
count = var.create_vpc && var.enable_textract_endpoint ? 1 : 0
service = "textract"
}
resource "aws_vpc_endpoint" "textract" {
count = var.create_vpc && var.enable_textract_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.textract[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.textract_endpoint_security_group_ids
subnet_ids = coalescelist(var.textract_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.textract_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################################
# VPC Endpoint for Codeartifact API
#############################################
data "aws_vpc_endpoint_service" "codeartifact_api" {
count = var.create_vpc && var.enable_codeartifact_api_endpoint ? 1 : 0
service = "codeartifact.api"
}
resource "aws_vpc_endpoint" "codeartifact_api" {
count = var.create_vpc && var.enable_codeartifact_api_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.codeartifact_api[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.codeartifact_api_endpoint_security_group_ids
subnet_ids = coalescelist(var.codeartifact_api_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.codeartifact_api_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################################
# VPC Endpoint for Codeartifact repositories
#############################################
data "aws_vpc_endpoint_service" "codeartifact_repositories" {
count = var.create_vpc && var.enable_codeartifact_repositories_endpoint ? 1 : 0
service = "codeartifact.repositories"
}
resource "aws_vpc_endpoint" "codeartifact_repositories" {
count = var.create_vpc && var.enable_codeartifact_repositories_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.codeartifact_repositories[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.codeartifact_repositories_endpoint_security_group_ids
subnet_ids = coalescelist(var.codeartifact_repositories_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.codeartifact_repositories_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################################
# VPC Endpoint for Database Migration Service
#############################################
data "aws_vpc_endpoint_service" "dms" {
count = var.create_vpc && var.enable_dms_endpoint ? 1 : 0
service = "dms"
}
resource "aws_vpc_endpoint" "dms" {
count = var.create_vpc && var.enable_dms_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.dms[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.dms_endpoint_security_group_ids
subnet_ids = coalescelist(var.dms_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.dms_endpoint_private_dns_enabled
tags = local.vpce_tags
}
vpc-flow-logs.tf
View file @ a98422ba
...@@ -9,9 +9,10 @@ locals { ...@@ -9,9 +9,10 @@ locals {
flow_log_iam_role_arn = var.flow_log_destination_type != "s3" && local.create_flow_log_cloudwatch_iam_role ? aws_iam_role.vpc_flow_log_cloudwatch[0].arn : var.flow_log_cloudwatch_iam_role_arn flow_log_iam_role_arn = var.flow_log_destination_type != "s3" && local.create_flow_log_cloudwatch_iam_role ? aws_iam_role.vpc_flow_log_cloudwatch[0].arn : var.flow_log_cloudwatch_iam_role_arn
} }
################### ################################################################################
# Flow Log # Flow Log
################### ################################################################################
resource "aws_flow_log" "this" { resource "aws_flow_log" "this" {
count = local.enable_flow_log ? 1 : 0 count = local.enable_flow_log ? 1 : 0
...@@ -26,9 +27,10 @@ resource "aws_flow_log" "this" { ...@@ -26,9 +27,10 @@ resource "aws_flow_log" "this" {
tags = merge(var.tags, var.vpc_flow_log_tags) tags = merge(var.tags, var.vpc_flow_log_tags)
} }
##################### ################################################################################
# Flow Log CloudWatch # Flow Log CloudWatch
##################### ################################################################################
resource "aws_cloudwatch_log_group" "flow_log" { resource "aws_cloudwatch_log_group" "flow_log" {
count = local.create_flow_log_cloudwatch_log_group ? 1 : 0 count = local.create_flow_log_cloudwatch_log_group ? 1 : 0
...@@ -39,9 +41,6 @@ resource "aws_cloudwatch_log_group" "flow_log" { ...@@ -39,9 +41,6 @@ resource "aws_cloudwatch_log_group" "flow_log" {
tags = merge(var.tags, var.vpc_flow_log_tags) tags = merge(var.tags, var.vpc_flow_log_tags)
} }
#########################
# Flow Log CloudWatch IAM
#########################
resource "aws_iam_role" "vpc_flow_log_cloudwatch" { resource "aws_iam_role" "vpc_flow_log_cloudwatch" {
count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment