Skip to content

T
terraform-aws-vpc
Commit b874b384 authored by Hao CHEN's avatar Hao CHEN Committed by GitHub
Browse files
Options

fix: Split appstream to appstream_api and appstream_streaming (#508)

parent 4d506075
Hide whitespace changes
Inline Side-by-side
Showing with 103 additions and 35 deletions
README.md
View file @ b874b384
...@@ -23,7 +23,7 @@ These types of resources are supported: ...@@ -23,7 +23,7 @@ These types of resources are supported:
ECS, ECS Agent, ECS Telemetry, SES, SNS, STS, Glue, CloudWatch(Monitoring, Logs, Events), ECS, ECS Agent, ECS Telemetry, SES, SNS, STS, Glue, CloudWatch(Monitoring, Logs, Events),
Elastic Load Balancing, CloudTrail, Secrets Manager, Config, CodeBuild, CodeCommit, Elastic Load Balancing, CloudTrail, Secrets Manager, Config, CodeBuild, CodeCommit,
Git-Codecommit, Transfer Server, Kinesis Streams, Kinesis Firehose, SageMaker(Notebook, Runtime, API), Git-Codecommit, Transfer Server, Kinesis Streams, Kinesis Firehose, SageMaker(Notebook, Runtime, API),
CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog, AppStream, CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog, AppStream API, AppStream Streaming,
Athena, Rekognition, Elastic File System (EFS), Cloud Directory, Elastic Beanstalk (+ Health), Elastic Map Reduce(EMR), Athena, Rekognition, Elastic File System (EFS), Cloud Directory, Elastic Beanstalk (+ Health), Elastic Map Reduce(EMR),
DataSync, EBS, SMS, Elastic Inference Runtime, QLDB Session, Step Functions, Access Analyzer, Auto Scaling Plans, DataSync, EBS, SMS, Elastic Inference Runtime, QLDB Session, Step Functions, Access Analyzer, Auto Scaling Plans,
Application Auto Scaling, Workspaces, ACM PCA, RDS, CodeDeploy, CodeDeploy Commands Secure Application Auto Scaling, Workspaces, ACM PCA, RDS, CodeDeploy, CodeDeploy Commands Secure
...@@ -250,9 +250,12 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway ...@@ -250,9 +250,12 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| appmesh\_envoy\_management\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppMesh endpoint | `bool` | `false` | no | | appmesh\_envoy\_management\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppMesh endpoint | `bool` | `false` | no |
| appmesh\_envoy\_management\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppMesh endpoint | `list(string)` | `[]` | no | | appmesh\_envoy\_management\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppMesh endpoint | `list(string)` | `[]` | no |
| appmesh\_envoy\_management\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppMesh endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no | | appmesh\_envoy\_management\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppMesh endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
| appstream\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppStream endpoint | `bool` | `false` | no | | appstream\_api\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppStream API endpoint | `bool` | `false` | no |
| appstream\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppStream endpoint | `list(string)` | `[]` | no | | appstream\_api\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppStream API endpoint | `list(string)` | `[]` | no |
| appstream\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppStream endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no | | appstream\_api\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppStream API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
| appstream\_streaming\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppStream Streaming endpoint | `bool` | `false` | no |
| appstream\_streaming\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppStream Streaming endpoint | `list(string)` | `[]` | no |
| appstream\_streaming\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppStream Streaming endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
| assign\_ipv6\_address\_on\_creation | Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `false` | no | | assign\_ipv6\_address\_on\_creation | Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `false` | no |
| athena\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Athena endpoint | `bool` | `false` | no | | athena\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Athena endpoint | `bool` | `false` | no |
| athena\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Athena endpoint | `list(string)` | `[]` | no | | athena\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Athena endpoint | `list(string)` | `[]` | no |
...@@ -396,7 +399,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway ...@@ -396,7 +399,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| enable\_acm\_pca\_endpoint | Should be true if you want to provision an ACM PCA endpoint to the VPC | `bool` | `false` | no | | enable\_acm\_pca\_endpoint | Should be true if you want to provision an ACM PCA endpoint to the VPC | `bool` | `false` | no |
| enable\_apigw\_endpoint | Should be true if you want to provision an api gateway endpoint to the VPC | `bool` | `false` | no | | enable\_apigw\_endpoint | Should be true if you want to provision an api gateway endpoint to the VPC | `bool` | `false` | no |
| enable\_appmesh\_envoy\_management\_endpoint | Should be true if you want to provision a AppMesh endpoint to the VPC | `bool` | `false` | no | | enable\_appmesh\_envoy\_management\_endpoint | Should be true if you want to provision a AppMesh endpoint to the VPC | `bool` | `false` | no |
| enable\_appstream\_endpoint | Should be true if you want to provision a AppStream endpoint to the VPC | `bool` | `false` | no | | enable\_appstream\_api\_endpoint | Should be true if you want to provision a AppStream API endpoint to the VPC | `bool` | `false` | no |
| enable\_appstream\_streaming\_endpoint | Should be true if you want to provision a AppStream Streaming endpoint to the VPC | `bool` | `false` | no |
| enable\_athena\_endpoint | Should be true if you want to provision a Athena endpoint to the VPC | `bool` | `false` | no | | enable\_athena\_endpoint | Should be true if you want to provision a Athena endpoint to the VPC | `bool` | `false` | no |
| enable\_auto\_scaling\_plans\_endpoint | Should be true if you want to provision an Auto Scaling Plans endpoint to the VPC | `bool` | `false` | no | | enable\_auto\_scaling\_plans\_endpoint | Should be true if you want to provision an Auto Scaling Plans endpoint to the VPC | `bool` | `false` | no |
| enable\_classiclink | Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. | `bool` | `null` | no | | enable\_classiclink | Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. | `bool` | `null` | no |
...@@ -732,9 +736,12 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway ...@@ -732,9 +736,12 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| vpc\_endpoint\_appmesh\_envoy\_management\_dns\_entry | The DNS entries for the VPC Endpoint for AppMesh. | | vpc\_endpoint\_appmesh\_envoy\_management\_dns\_entry | The DNS entries for the VPC Endpoint for AppMesh. |
| vpc\_endpoint\_appmesh\_envoy\_management\_id | The ID of VPC endpoint for AppMesh | | vpc\_endpoint\_appmesh\_envoy\_management\_id | The ID of VPC endpoint for AppMesh |
| vpc\_endpoint\_appmesh\_envoy\_management\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppMesh. | | vpc\_endpoint\_appmesh\_envoy\_management\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppMesh. |
| vpc\_endpoint\_appstream\_dns\_entry | The DNS entries for the VPC Endpoint for AppStream. | | vpc\_endpoint\_appstream\_api\_dns\_entry | The DNS entries for the VPC Endpoint for AppStream API. |
| vpc\_endpoint\_appstream\_id | The ID of VPC endpoint for AppStream | | vpc\_endpoint\_appstream\_api\_id | The ID of VPC endpoint for AppStream API |
| vpc\_endpoint\_appstream\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppStream. | | vpc\_endpoint\_appstream\_api\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppStream API. |
| vpc\_endpoint\_appstream\_streaming\_dns\_entry | The DNS entries for the VPC Endpoint for AppStream Streaming. |
| vpc\_endpoint\_appstream\_streaming\_id | The ID of VPC endpoint for AppStream Streaming |
| vpc\_endpoint\_appstream\_streaming\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppStream Streaming. |
| vpc\_endpoint\_athena\_dns\_entry | The DNS entries for the VPC Endpoint for Athena. | | vpc\_endpoint\_athena\_dns\_entry | The DNS entries for the VPC Endpoint for Athena. |
| vpc\_endpoint\_athena\_id | The ID of VPC endpoint for Athena | | vpc\_endpoint\_athena\_id | The ID of VPC endpoint for Athena |
| vpc\_endpoint\_athena\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Athena. | | vpc\_endpoint\_athena\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Athena. |
......
outputs.tf
View file @ b874b384
...@@ -1047,19 +1047,34 @@ output "vpc_endpoint_sagemaker_runtime_dns_entry" { ...@@ -1047,19 +1047,34 @@ output "vpc_endpoint_sagemaker_runtime_dns_entry" {
value = flatten(aws_vpc_endpoint.sagemaker_runtime.*.dns_entry) value = flatten(aws_vpc_endpoint.sagemaker_runtime.*.dns_entry)
} }
output "vpc_endpoint_appstream_id" { output "vpc_endpoint_appstream_api_id" {
description = "The ID of VPC endpoint for AppStream" description = "The ID of VPC endpoint for AppStream API"
value = concat(aws_vpc_endpoint.appstream.*.id, [""])[0] value = concat(aws_vpc_endpoint.appstream_api.*.id, [""])[0]
} }
output "vpc_endpoint_appstream_network_interface_ids" { output "vpc_endpoint_appstream_api_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for AppStream." description = "One or more network interfaces for the VPC Endpoint for AppStream API."
value = flatten(aws_vpc_endpoint.appstream.*.network_interface_ids) value = flatten(aws_vpc_endpoint.appstream_api.*.network_interface_ids)
} }
output "vpc_endpoint_appstream_dns_entry" { output "vpc_endpoint_appstream_api_dns_entry" {
description = "The DNS entries for the VPC Endpoint for AppStream." description = "The DNS entries for the VPC Endpoint for AppStream API."
value = flatten(aws_vpc_endpoint.appstream.*.dns_entry) value = flatten(aws_vpc_endpoint.appstream_api.*.dns_entry)
}
output "vpc_endpoint_appstream_streaming_id" {
description = "The ID of VPC endpoint for AppStream Streaming"
value = concat(aws_vpc_endpoint.appstream_streaming.*.id, [""])[0]
}
output "vpc_endpoint_appstream_streaming_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for AppStream Streaming."
value = flatten(aws_vpc_endpoint.appstream_streaming.*.network_interface_ids)
}
output "vpc_endpoint_appstream_streaming_dns_entry" {
description = "The DNS entries for the VPC Endpoint for AppStream Streaming."
value = flatten(aws_vpc_endpoint.appstream_streaming.*.dns_entry)
} }
output "vpc_endpoint_athena_id" { output "vpc_endpoint_athena_id" {
......
variables.tf
View file @ b874b384
...@@ -1235,26 +1235,50 @@ variable "sagemaker_runtime_endpoint_private_dns_enabled" { ...@@ -1235,26 +1235,50 @@ variable "sagemaker_runtime_endpoint_private_dns_enabled" {
default = false default = false
} }
variable "enable_appstream_endpoint" { variable "enable_appstream_api_endpoint" {
description = "Should be true if you want to provision a AppStream endpoint to the VPC" description = "Should be true if you want to provision a AppStream API endpoint to the VPC"
type = bool type = bool
default = false default = false
} }
variable "appstream_endpoint_security_group_ids" { variable "appstream_api_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for AppStream endpoint" description = "The ID of one or more security groups to associate with the network interface for AppStream API endpoint"
type = list(string) type = list(string)
default = [] default = []
} }
variable "appstream_endpoint_subnet_ids" { variable "appstream_api_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for AppStream endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." description = "The ID of one or more subnets in which to create a network interface for AppStream API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string) type = list(string)
default = [] default = []
} }
variable "appstream_endpoint_private_dns_enabled" { variable "appstream_api_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream endpoint" description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream API endpoint"
type = bool
default = false
}
variable "enable_appstream_streaming_endpoint" {
description = "Should be true if you want to provision a AppStream Streaming endpoint to the VPC"
type = bool
default = false
}
variable "appstream_streaming_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for AppStream Streaming endpoint"
type = list(string)
default = []
}
variable "appstream_streaming_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for AppStream Streaming endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "appstream_streaming_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream Streaming endpoint"
type = bool type = bool
default = false default = false
} }
......
vpc-endpoints.tf
View file @ b874b384
...@@ -916,24 +916,46 @@ resource "aws_vpc_endpoint" "sagemaker_runtime" { ...@@ -916,24 +916,46 @@ resource "aws_vpc_endpoint" "sagemaker_runtime" {
} }
############################# #############################
# VPC Endpoint for AppStream # VPC Endpoint for AppStream API
############################# #############################
data "aws_vpc_endpoint_service" "appstream" { data "aws_vpc_endpoint_service" "appstream_api" {
count = var.create_vpc && var.enable_appstream_endpoint ? 1 : 0 count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0
service = "appstream" service = "appstream.api"
} }
resource "aws_vpc_endpoint" "appstream" { resource "aws_vpc_endpoint" "appstream_api" {
count = var.create_vpc && var.enable_appstream_endpoint ? 1 : 0 count = var.create_vpc && var.enable_appstream_api_endpoint ? 1 : 0
vpc_id = local.vpc_id vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.appstream[0].service_name service_name = data.aws_vpc_endpoint_service.appstream_api[0].service_name
vpc_endpoint_type = "Interface" vpc_endpoint_type = "Interface"
security_group_ids = var.appstream_endpoint_security_group_ids security_group_ids = var.appstream_api_endpoint_security_group_ids
subnet_ids = coalescelist(var.appstream_endpoint_subnet_ids, aws_subnet.private.*.id) subnet_ids = coalescelist(var.appstream_api_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.appstream_endpoint_private_dns_enabled private_dns_enabled = var.appstream_api_endpoint_private_dns_enabled
tags = local.vpce_tags
}
#############################
# VPC Endpoint for AppStream STREAMING
#############################
data "aws_vpc_endpoint_service" "appstream_streaming" {
count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0
service = "appstream.streaming"
}
resource "aws_vpc_endpoint" "appstream_streaming" {
count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.appstream_streaming[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.appstream_streaming_endpoint_security_group_ids
subnet_ids = coalescelist(var.appstream_streaming_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.appstream_streaming_endpoint_private_dns_enabled
tags = local.vpce_tags tags = local.vpce_tags
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment