Add tags to VPC Endpoints (#293)

* Add tags to VPC Endpoints - terraform 0.11.x * centralize vpce tag param

Add tags to VPC Endpoints (#293)
* Add tags to VPC Endpoints - terraform 0.11.x * centralize vpce tag param
be22272c · Ilia Lazebnik · Anton Babenko · d7236054 · be22272c · be22272c
Commit be22272c authored Sep 02, 2019 by Ilia Lazebnik Committed by Anton Babenko Sep 02, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 48 additions and 1 deletion

README.md README.md +1 -0

main.tf main.tf +42 -1

variables.tf variables.tf +5 -0

No files found.
--- a/README.md
+++ b/README.md
@@ -377,6 +377,7 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | ssmmessages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint | list | `[]` | no |
 | ssmmessages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | tags | A map of tags to add to all resources | map | `{}` | no |
+| vpc\_endpoint\_tags | Additional tags for the VPC Endpoints | map | `{}` | no |
 | vpc\_tags | Additional tags for the VPC | map | `{}` | no |
 | vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `""` | no |
 | vpn\_gateway\_tags | Additional tags for the VPN gateway | map | `{}` | no |

--- a/main.tf
+++ b/main.tf
@@ -7,7 +7,8 @@ locals {
  nat_gateway_count = "${var.single_nat_gateway ? 1 : (var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length)}"
  # Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free!
-  vpc_id = "${element(concat(aws_vpc_ipv4_cidr_block_association.this.*.vpc_id, aws_vpc.this.*.id, list("")), 0)}"
+  vpc_id    = "${element(concat(aws_vpc_ipv4_cidr_block_association.this.*.vpc_id, aws_vpc.this.*.id, list("")), 0)}"
+  vpce_tags = "${merge(var.tags, var.vpc_endpoint_tags)}"
 }
 ######
@@ -602,6 +603,8 @@ resource "aws_vpc_endpoint" "s3" {
  vpc_id       = "${local.vpc_id}"
  service_name = "${data.aws_vpc_endpoint_service.s3.service_name}"
+  tags = "${local.vpce_tags}"
 }
 resource "aws_vpc_endpoint_route_table_association" "private_s3" {
@@ -639,6 +642,8 @@ resource "aws_vpc_endpoint" "dynamodb" {
  vpc_id       = "${local.vpc_id}"
  service_name = "${data.aws_vpc_endpoint_service.dynamodb.service_name}"
+  tags = "${local.vpce_tags}"
 }
 resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" {
@@ -681,6 +686,8 @@ resource "aws_vpc_endpoint" "sqs" {
  security_group_ids  = ["${var.sqs_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.sqs_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 #######################
@@ -702,6 +709,8 @@ resource "aws_vpc_endpoint" "ssm" {
  security_group_ids  = ["${var.ssm_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.ssm_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 ###############################
@@ -723,6 +732,8 @@ resource "aws_vpc_endpoint" "ssmmessages" {
  security_group_ids  = ["${var.ssmmessages_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.ssmmessages_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 #######################
@@ -744,6 +755,8 @@ resource "aws_vpc_endpoint" "ec2" {
  security_group_ids  = ["${var.ec2_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.ec2_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 ###############################
@@ -765,6 +778,8 @@ resource "aws_vpc_endpoint" "ec2messages" {
  security_group_ids  = ["${var.ec2messages_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.ec2messages_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 ###########################
@@ -786,6 +801,8 @@ resource "aws_vpc_endpoint" "ecr_api" {
  security_group_ids  = ["${var.ecr_api_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.ecr_api_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 ###########################
@@ -807,6 +824,8 @@ resource "aws_vpc_endpoint" "ecr_dkr" {
  security_group_ids  = ["${var.ecr_dkr_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 #######################
@@ -828,6 +847,8 @@ resource "aws_vpc_endpoint" "apigw" {
  security_group_ids  = ["${var.apigw_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.apigw_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 #######################
@@ -849,6 +870,8 @@ resource "aws_vpc_endpoint" "kms" {
  security_group_ids  = ["${var.kms_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.kms_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 #######################
@@ -870,6 +893,8 @@ resource "aws_vpc_endpoint" "ecs" {
  security_group_ids  = ["${var.ecs_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.ecs_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 #######################
@@ -891,6 +916,8 @@ resource "aws_vpc_endpoint" "ecs_agent" {
  security_group_ids  = ["${var.ecs_agent_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.ecs_agent_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 #######################
@@ -912,6 +939,8 @@ resource "aws_vpc_endpoint" "ecs_telemetry" {
  security_group_ids  = ["${var.ecs_telemetry_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.ecs_telemetry_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 #######################
@@ -933,6 +962,8 @@ resource "aws_vpc_endpoint" "elasticloadbalancing" {
  security_group_ids  = ["${var.elasticloadbalancing_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.elasticloadbalancing_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.elasticloadbalancing_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 #######################
@@ -954,6 +985,8 @@ resource "aws_vpc_endpoint" "sns" {
  security_group_ids  = ["${var.sns_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.sns_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.sns_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 #######################
@@ -975,6 +1008,8 @@ resource "aws_vpc_endpoint" "logs" {
  security_group_ids  = ["${var.logs_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.logs_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.logs_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 #######################
@@ -996,6 +1031,8 @@ resource "aws_vpc_endpoint" "cloudtrail" {
  security_group_ids  = ["${var.cloudtrail_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.cloudtrail_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.cloudtrail_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 #######################
@@ -1017,6 +1054,8 @@ resource "aws_vpc_endpoint" "monitoring" {
  security_group_ids  = ["${var.monitoring_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.monitoring_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.monitoring_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 #######################
@@ -1038,6 +1077,8 @@ resource "aws_vpc_endpoint" "events" {
  security_group_ids  = ["${var.events_endpoint_security_group_ids}"]
  subnet_ids          = ["${coalescelist(var.events_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
  private_dns_enabled = "${var.events_endpoint_private_dns_enabled}"
+  tags = "${local.vpce_tags}"
 }
 ##########################

--- a/variables.tf
+++ b/variables.tf
@@ -709,6 +709,11 @@ variable "vpn_gateway_tags" {
  default     = {}
 }
+variable "vpc_endpoint_tags" {
+  description = "Additional tags for the VPC Endpoints"
+  default     = {}
+}
 variable "enable_dhcp_options" {
  description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type"
  default     = false