Add VPC endpoints for CloudFormation, CodePipeline, Storage Gateway, AppMesh,...

Add VPC endpoints for CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog & SageMaker(Runtime & API) (#324) * add new endpoints * merge change from master

Add VPC endpoints for CloudFormation, CodePipeline, Storage Gateway, AppMesh,...
Add VPC endpoints for CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog & SageMaker(Runtime & API) (#324) * add new endpoints * merge change from master
de3d4e16 · Ilia Lazebnik · Anton Babenko · ee192c5d · de3d4e16 · de3d4e16
Commit de3d4e16 authored Sep 03, 2019 by Ilia Lazebnik Committed by Anton Babenko Sep 03, 2019
Show whitespace changes
Inline Side-by-side

Showing with 528 additions and 1 deletion

README.md README.md +61 -1

outputs.tf outputs.tf +113 -0

variables.tf variables.tf +185 -0

vpc-endpoints.tf vpc-endpoints.tf +169 -0

No files found.
--- a/README.md
+++ b/README.md
@@ -17,7 +17,11 @@ These types of resources are supported:
 * [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html):
  * Gateway: S3, DynamoDB
  * Interface: EC2, SSM, EC2 Messages, SSM Messages, SQS, ECR API, ECR DKR, API Gateway, KMS, 
-ECS, ECS Agent, ECS Telemetry, SNS, STS, Glue, CloudWatch(Monitoring, Logs, Events), Elastic Load Balancing, CloudTrail, Secrets Manager, Config, Codebuild, Codecommit, Git-Codecommit, Transfer Server, Kinesis Streams, Kinesis Firehose, Sagemaker Notebook
+ECS, ECS Agent, ECS Telemetry, SNS, STS, Glue, CloudWatch(Monitoring, Logs, Events), 
+Elastic Load Balancing, CloudTrail, Secrets Manager, Config, CodeBuild, CodeCommit, 
+Git-Codecommit, Transfer Server, Kinesis Streams, Kinesis Firehose, SageMaker(Notebook, Runtime, API), 
+CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog
+
 * [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html)
 * [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html)
 * [Redshift Subnet Group](https://www.terraform.io/docs/providers/aws/r/redshift_subnet_group.html)
@@ -209,9 +213,15 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | apigw\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for API GW endpoint | bool | `"false"` | no |
 | apigw\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for API GW  endpoint | list(string) | `[]` | no |
 | apigw\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for API GW endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
+| appmesh\_envoy\_management\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppMesh endpoint | bool | `"false"` | no |
+| appmesh\_envoy\_management\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppMesh endpoint | list(string) | `[]` | no |
+| appmesh\_envoy\_management\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppMesh endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
 | assign\_ipv6\_address\_on\_creation | Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch | bool | `"false"` | no |
 | azs | A list of availability zones in the region | list(string) | `[]` | no |
 | cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `"0.0.0.0/0"` | no |
+| cloudformation\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Cloudformation endpoint | bool | `"false"` | no |
+| cloudformation\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Cloudformation endpoint | list(string) | `[]` | no |
+| cloudformation\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Cloudformation endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
 | cloudtrail\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CloudTrail endpoint | bool | `"false"` | no |
 | cloudtrail\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CloudTrail endpoint | list(string) | `[]` | no |
 | cloudtrail\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CloudTrail endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
@@ -221,6 +231,9 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | codecommit\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Codecommit endpoint | string | `"false"` | no |
 | codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Codecommit endpoint | list | `[]` | no |
 | codecommit\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| codepipeline\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CodePipeline endpoint | bool | `"false"` | no |
+| codepipeline\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CodePipeline endpoint | list(string) | `[]` | no |
+| codepipeline\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CodePipeline endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
 | config\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for config endpoint | string | `"false"` | no |
 | config\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for config endpoint | list | `[]` | no |
 | config\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for config endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
@@ -294,11 +307,14 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | elasticloadbalancing\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Elastic Load Balancing endpoint | list(string) | `[]` | no |
 | elasticloadbalancing\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Elastic Load Balancing endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
 | enable\_apigw\_endpoint | Should be true if you want to provision an api gateway endpoint to the VPC | bool | `"false"` | no |
+| enable\_appmesh\_envoy\_management\_endpoint | Should be true if you want to provision a AppMesh endpoint to the VPC | bool | `"false"` | no |
 | enable\_classiclink | Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. | bool | `"null"` | no |
 | enable\_classiclink\_dns\_support | Should be true to enable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic. | bool | `"null"` | no |
+| enable\_cloudformation\_endpoint | Should be true if you want to provision a Cloudformation endpoint to the VPC | bool | `"false"` | no |
 | enable\_cloudtrail\_endpoint | Should be true if you want to provision a CloudTrail endpoint to the VPC | bool | `"false"` | no |
 | enable\_codebuild\_endpoint | Should be true if you want to provision an Codebuild endpoint to the VPC | string | `"false"` | no |
 | enable\_codecommit\_endpoint | Should be true if you want to provision an Codecommit endpoint to the VPC | string | `"false"` | no |
+| enable\_codepipeline\_endpoint | Should be true if you want to provision a CodePipeline endpoint to the VPC | bool | `"false"` | no |
 | enable\_config\_endpoint | Should be true if you want to provision an config endpoint to the VPC | string | `"false"` | no |
 | enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | bool | `"false"` | no |
 | enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | bool | `"false"` | no |
@@ -324,13 +340,18 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | bool | `"false"` | no |
 | enable\_public\_redshift | Controls if redshift should have public routing table | bool | `"false"` | no |
 | enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | bool | `"false"` | no |
+| enable\_sagemaker\_api\_endpoint | Should be true if you want to provision a SageMaker API endpoint to the VPC | bool | `"false"` | no |
 | enable\_sagemaker\_notebook\_endpoint | Should be true if you want to provision a Sagemaker Notebook endpoint to the VPC | bool | `"false"` | no |
+| enable\_sagemaker\_runtime\_endpoint | Should be true if you want to provision a SageMaker Runtime endpoint to the VPC | bool | `"false"` | no |
 | enable\_secretsmanager\_endpoint | Should be true if you want to provision an Secrets Manager endpoint to the VPC | bool | `"false"` | no |
+| enable\_servicecatalog\_endpoint | Should be true if you want to provision a Service Catalog endpoint to the VPC | bool | `"false"` | no |
 | enable\_sns\_endpoint | Should be true if you want to provision a SNS endpoint to the VPC | bool | `"false"` | no |
 | enable\_sqs\_endpoint | Should be true if you want to provision an SQS endpoint to the VPC | string | `"false"` | no |
 | enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | bool | `"false"` | no |
 | enable\_ssmmessages\_endpoint | Should be true if you want to provision a SSMMESSAGES endpoint to the VPC | bool | `"false"` | no |
+| enable\_storagegateway\_endpoint | Should be true if you want to provision a Storage Gateway endpoint to the VPC | bool | `"false"` | no |
 | enable\_sts\_endpoint | Should be true if you want to provision a STS endpoint to the VPC | bool | `"false"` | no |
+| enable\_transfer\_endpoint | Should be true if you want to provision a Transfer endpoint tothe VPC | bool | `"false"` | no |
 | enable\_transferserver\_endpoint | Should be true if you want to provision a Transer Server endpoint to the VPC | bool | `"false"` | no |
 | enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | bool | `"false"` | no |
 | events\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Events endpoint | bool | `"false"` | no |
@@ -411,14 +432,23 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | redshift\_subnet\_tags | Additional tags for the redshift subnets | map(string) | `{}` | no |
 | redshift\_subnets | A list of redshift subnets | list(string) | `[]` | no |
 | reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | bool | `"false"` | no |
+| sagemaker\_api\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SageMaker API endpoint | bool | `"false"` | no |
+| sagemaker\_api\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SageMaker API endpoint | list(string) | `[]` | no |
+| sagemaker\_api\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SageMaker API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
 | sagemaker\_notebook\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Sagemaker Notebook endpoint | bool | `"false"` | no |
 | sagemaker\_notebook\_endpoint\_region | Region to use for Sagemaker Notebook endpoint | string | `""` | no |
 | sagemaker\_notebook\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Sagemaker Notebook endpoint | list(string) | `[]` | no |
 | sagemaker\_notebook\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Sagemaker Notebook endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
+| sagemaker\_runtime\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SageMaker Runtime endpoint | bool | `"false"` | no |
+| sagemaker\_runtime\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SageMaker Runtime endpoint | list(string) | `[]` | no |
+| sagemaker\_runtime\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SageMaker Runtime endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
 | secondary\_cidr\_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list(string) | `[]` | no |
 | secretsmanager\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Secrets Manager endpoint | bool | `"false"` | no |
 | secretsmanager\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Secrets Manager endpoint | list(string) | `[]` | no |
 | secretsmanager\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Secrets Manager endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
+| servicecatalog\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Service Catalog endpoint | bool | `"false"` | no |
+| servicecatalog\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Service Catalog endpoint | list(string) | `[]` | no |
+| servicecatalog\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Service Catalog endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
 | single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | bool | `"false"` | no |
 | sns\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SNS endpoint | bool | `"false"` | no |
 | sns\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SNS endpoint | list(string) | `[]` | no |
@@ -432,10 +462,16 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | ssmmessages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint | bool | `"false"` | no |
 | ssmmessages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint | list(string) | `[]` | no |
 | ssmmessages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
+| storagegateway\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Storage Gateway endpoint | bool | `"false"` | no |
+| storagegateway\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Storage Gateway endpoint | list(string) | `[]` | no |
+| storagegateway\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Storage Gateway endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
 | sts\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for STS endpoint | bool | `"false"` | no |
 | sts\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for STS endpoint | list(string) | `[]` | no |
 | sts\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for STS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
 | tags | A map of tags to add to all resources | map(string) | `{}` | no |
+| transfer\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Transfer endpoint | bool | `"false"` | no |
+| transfer\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Transfer endpoint | list(string) | `[]` | no |
+| transfer\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Transfer endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | list(string) | `[]` | no |
 | transferserver\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Transfer Server endpoint | bool | `"false"` | no |
 | transferserver\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Transfer Server endpoint | list(string) | `[]` | no |
 | transferserver\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Transfer Server endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
@@ -515,6 +551,12 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | vpc\_endpoint\_apigw\_dns\_entry | The DNS entries for the VPC Endpoint for APIGW. |
 | vpc\_endpoint\_apigw\_id | The ID of VPC endpoint for APIGW |
 | vpc\_endpoint\_apigw\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for APIGW. |
+| vpc\_endpoint\_appmesh\_envoy\_management\_dns\_entry | The DNS entries for the VPC Endpoint for AppMesh. |
+| vpc\_endpoint\_appmesh\_envoy\_management\_id | The ID of VPC endpoint for AppMesh |
+| vpc\_endpoint\_appmesh\_envoy\_management\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppMesh. |
+| vpc\_endpoint\_cloudformation\_dns\_entry | The DNS entries for the VPC Endpoint for Cloudformation. |
+| vpc\_endpoint\_cloudformation\_id | The ID of VPC endpoint for Cloudformation |
+| vpc\_endpoint\_cloudformation\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Cloudformation. |
 | vpc\_endpoint\_cloudtrail\_dns\_entry | The DNS entries for the VPC Endpoint for CloudTrail. |
 | vpc\_endpoint\_cloudtrail\_id | The ID of VPC endpoint for CloudTrail |
 | vpc\_endpoint\_cloudtrail\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CloudTrail. |
@@ -524,6 +566,9 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | vpc\_endpoint\_codecommit\_dns\_entry | The DNS entries for the VPC Endpoint for codecommit. |
 | vpc\_endpoint\_codecommit\_id | The ID of VPC endpoint for codecommit |
 | vpc\_endpoint\_codecommit\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for codecommit. |
+| vpc\_endpoint\_codepipeline\_dns\_entry | The DNS entries for the VPC Endpoint for CodePipeline. |
+| vpc\_endpoint\_codepipeline\_id | The ID of VPC endpoint for CodePipeline |
+| vpc\_endpoint\_codepipeline\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CodePipeline. |
 | vpc\_endpoint\_config\_dns\_entry | The DNS entries for the VPC Endpoint for config. |
 | vpc\_endpoint\_config\_id | The ID of VPC endpoint for config |
 | vpc\_endpoint\_config\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for config. |
@@ -579,9 +624,18 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | vpc\_endpoint\_monitoring\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CloudWatch Monitoring. |
 | vpc\_endpoint\_s3\_id | The ID of VPC endpoint for S3 |
 | vpc\_endpoint\_s3\_pl\_id | The prefix list for the S3 VPC endpoint. |
+| vpc\_endpoint\_sagemaker\_api\_dns\_entry | The DNS entries for the VPC Endpoint for SageMaker API. |
+| vpc\_endpoint\_sagemaker\_api\_id | The ID of VPC endpoint for SageMaker API |
+| vpc\_endpoint\_sagemaker\_api\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SageMaker API. |
+| vpc\_endpoint\_sagemaker\_runtime\_dns\_entry | The DNS entries for the VPC Endpoint for SageMaker Runtime. |
+| vpc\_endpoint\_sagemaker\_runtime\_id | The ID of VPC endpoint for SageMaker Runtime |
+| vpc\_endpoint\_sagemaker\_runtime\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SageMaker Runtime. |
 | vpc\_endpoint\_secretsmanager\_dns\_entry | The DNS entries for the VPC Endpoint for secretsmanager. |
 | vpc\_endpoint\_secretsmanager\_id | The ID of VPC endpoint for secretsmanager |
 | vpc\_endpoint\_secretsmanager\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for secretsmanager. |
+| vpc\_endpoint\_servicecatalog\_dns\_entry | The DNS entries for the VPC Endpoint for Service Catalog. |
+| vpc\_endpoint\_servicecatalog\_id | The ID of VPC endpoint for Service Catalog |
+| vpc\_endpoint\_servicecatalog\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Service Catalog. |
 | vpc\_endpoint\_sns\_dns\_entry | The DNS entries for the VPC Endpoint for SNS. |
 | vpc\_endpoint\_sns\_id | The ID of VPC endpoint for SNS |
 | vpc\_endpoint\_sns\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SNS. |
@@ -594,9 +648,15 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 | vpc\_endpoint\_ssmmessages\_dns\_entry | The DNS entries for the VPC Endpoint for SSMMESSAGES. |
 | vpc\_endpoint\_ssmmessages\_id | The ID of VPC endpoint for SSMMESSAGES |
 | vpc\_endpoint\_ssmmessages\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSMMESSAGES. |
+| vpc\_endpoint\_storagegateway\_dns\_entry | The DNS entries for the VPC Endpoint for Storage Gateway. |
+| vpc\_endpoint\_storagegateway\_id | The ID of VPC endpoint for Storage Gateway |
+| vpc\_endpoint\_storagegateway\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Storage Gateway. |
 | vpc\_endpoint\_sts\_dns\_entry | The DNS entries for the VPC Endpoint for STS. |
 | vpc\_endpoint\_sts\_id | The ID of VPC endpoint for STS |
 | vpc\_endpoint\_sts\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for STS. |
+| vpc\_endpoint\_transfer\_dns\_entry | The DNS entries for the VPC Endpoint for Transfer. |
+| vpc\_endpoint\_transfer\_id | The ID of VPC endpoint for Transfer |
+| vpc\_endpoint\_transfer\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Transfer. |
 | vpc\_endpoint\_transferserver\_dns\_entry | The DNS entries for the VPC Endpoint for transferserver. |
 | vpc\_endpoint\_transferserver\_id | The ID of VPC endpoint for transferserver |
 | vpc\_endpoint\_transferserver\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for transferserver |

--- a/outputs.tf
+++ b/outputs.tf
@@ -803,6 +803,119 @@ output "vpc_endpoint_sts_dns_entry" {
  value       = flatten(aws_vpc_endpoint.sts.*.dns_entry)
 }

+output "vpc_endpoint_cloudformation_id" {
+  description = "The ID of VPC endpoint for Cloudformation"
+  value       = concat(aws_vpc_endpoint.cloudformation.*.id, [""])[0]
+}
+
+output "vpc_endpoint_cloudformation_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Cloudformation."
+  value       = flatten(aws_vpc_endpoint.cloudformation.*.network_interface_ids)
+}
+
+output "vpc_endpoint_cloudformation_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Cloudformation."
+  value       = flatten(aws_vpc_endpoint.cloudformation.*.dns_entry)
+}
+output "vpc_endpoint_codepipeline_id" {
+  description = "The ID of VPC endpoint for CodePipeline"
+  value       = concat(aws_vpc_endpoint.codepipeline.*.id, [""])[0]
+}
+
+output "vpc_endpoint_codepipeline_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for CodePipeline."
+  value       = flatten(aws_vpc_endpoint.codepipeline.*.network_interface_ids)
+}
+
+output "vpc_endpoint_codepipeline_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for CodePipeline."
+  value       = flatten(aws_vpc_endpoint.codepipeline.*.dns_entry)
+}
+output "vpc_endpoint_appmesh_envoy_management_id" {
+  description = "The ID of VPC endpoint for AppMesh"
+  value       = concat(aws_vpc_endpoint.appmesh_envoy_management.*.id, [""])[0]
+}
+
+output "vpc_endpoint_appmesh_envoy_management_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for AppMesh."
+  value       = flatten(aws_vpc_endpoint.appmesh_envoy_management.*.network_interface_ids)
+}
+
+output "vpc_endpoint_appmesh_envoy_management_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for AppMesh."
+  value       = flatten(aws_vpc_endpoint.appmesh_envoy_management.*.dns_entry)
+}
+output "vpc_endpoint_servicecatalog_id" {
+  description = "The ID of VPC endpoint for Service Catalog"
+  value       = concat(aws_vpc_endpoint.servicecatalog.*.id, [""])[0]
+}
+
+output "vpc_endpoint_servicecatalog_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Service Catalog."
+  value       = flatten(aws_vpc_endpoint.servicecatalog.*.network_interface_ids)
+}
+
+output "vpc_endpoint_servicecatalog_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Service Catalog."
+  value       = flatten(aws_vpc_endpoint.servicecatalog.*.dns_entry)
+}
+output "vpc_endpoint_storagegateway_id" {
+  description = "The ID of VPC endpoint for Storage Gateway"
+  value       = concat(aws_vpc_endpoint.storagegateway.*.id, [""])[0]
+}
+
+output "vpc_endpoint_storagegateway_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Storage Gateway."
+  value       = flatten(aws_vpc_endpoint.storagegateway.*.network_interface_ids)
+}
+
+output "vpc_endpoint_storagegateway_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Storage Gateway."
+  value       = flatten(aws_vpc_endpoint.storagegateway.*.dns_entry)
+}
+output "vpc_endpoint_transfer_id" {
+  description = "The ID of VPC endpoint for Transfer"
+  value       = concat(aws_vpc_endpoint.transfer.*.id, [""])[0]
+}
+
+output "vpc_endpoint_transfer_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Transfer."
+  value       = flatten(aws_vpc_endpoint.transfer.*.network_interface_ids)
+}
+
+output "vpc_endpoint_transfer_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Transfer."
+  value       = flatten(aws_vpc_endpoint.transfer.*.dns_entry)
+}
+output "vpc_endpoint_sagemaker_api_id" {
+  description = "The ID of VPC endpoint for SageMaker API"
+  value       = concat(aws_vpc_endpoint.sagemaker_api.*.id, [""])[0]
+}
+
+output "vpc_endpoint_sagemaker_api_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for SageMaker API."
+  value       = flatten(aws_vpc_endpoint.sagemaker_api.*.network_interface_ids)
+}
+
+output "vpc_endpoint_sagemaker_api_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for SageMaker API."
+  value       = flatten(aws_vpc_endpoint.sagemaker_api.*.dns_entry)
+}
+output "vpc_endpoint_sagemaker_runtime_id" {
+  description = "The ID of VPC endpoint for SageMaker Runtime"
+  value       = concat(aws_vpc_endpoint.sagemaker_runtime.*.id, [""])[0]
+}
+
+output "vpc_endpoint_sagemaker_runtime_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for SageMaker Runtime."
+  value       = flatten(aws_vpc_endpoint.sagemaker_runtime.*.network_interface_ids)
+}
+
+output "vpc_endpoint_sagemaker_runtime_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for SageMaker Runtime."
+  value       = flatten(aws_vpc_endpoint.sagemaker_runtime.*.dns_entry)
+}
+
 # Static values (arguments)
 output "azs" {
  description = "A list of availability zones specified as argument to this module"

--- a/variables.tf
+++ b/variables.tf
@@ -993,6 +993,191 @@ variable "sts_endpoint_private_dns_enabled" {
  default     = false
 }

+variable "enable_cloudformation_endpoint" {
+  description = "Should be true if you want to provision a Cloudformation endpoint to the VPC"
+  type        = bool
+  default     = false
+}
+
+variable "cloudformation_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Cloudformation endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "cloudformation_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Cloudformation endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "cloudformation_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Cloudformation endpoint"
+  type        = bool
+  default     = false
+}
+variable "enable_codepipeline_endpoint" {
+  description = "Should be true if you want to provision a CodePipeline endpoint to the VPC"
+  type        = bool
+  default     = false
+}
+
+variable "codepipeline_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for CodePipeline endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "codepipeline_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for CodePipeline endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "codepipeline_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for CodePipeline endpoint"
+  type        = bool
+  default     = false
+}
+variable "enable_appmesh_envoy_management_endpoint" {
+  description = "Should be true if you want to provision a AppMesh endpoint to the VPC"
+  type        = bool
+  default     = false
+}
+
+variable "appmesh_envoy_management_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for AppMesh endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "appmesh_envoy_management_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for AppMesh endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "appmesh_envoy_management_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for AppMesh endpoint"
+  type        = bool
+  default     = false
+}
+variable "enable_servicecatalog_endpoint" {
+  description = "Should be true if you want to provision a Service Catalog endpoint to the VPC"
+  type        = bool
+  default     = false
+}
+
+variable "servicecatalog_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Service Catalog endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "servicecatalog_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Service Catalog endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "servicecatalog_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Service Catalog endpoint"
+  type        = bool
+  default     = false
+}
+variable "enable_storagegateway_endpoint" {
+  description = "Should be true if you want to provision a Storage Gateway endpoint to the VPC"
+  type        = bool
+  default     = false
+}
+
+variable "storagegateway_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Storage Gateway endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "storagegateway_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Storage Gateway endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "storagegateway_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Storage Gateway endpoint"
+  type        = bool
+  default     = false
+}
+variable "enable_transfer_endpoint" {
+  description = "Should be true if you want to provision a Transfer endpoint tothe VPC"
+  type        = bool
+  default     = false
+}
+
+variable "transfer_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Transfer endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "transfer_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Transfer endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "transfer_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Transfer endpoint"
+  type        = bool
+  default     = false
+}
+variable "enable_sagemaker_api_endpoint" {
+  description = "Should be true if you want to provision a SageMaker API endpoint to the VPC"
+  type        = bool
+  default     = false
+}
+
+variable "sagemaker_api_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for SageMaker API endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "sagemaker_api_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for SageMaker API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "sagemaker_api_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for SageMaker API endpoint"
+  type        = bool
+  default     = false
+}
+variable "enable_sagemaker_runtime_endpoint" {
+  description = "Should be true if you want to provision a SageMaker Runtime endpoint to the VPC"
+  type        = bool
+  default     = false
+}
+
+variable "sagemaker_runtime_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for SageMaker Runtime endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "sagemaker_runtime_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for SageMaker Runtime endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "sagemaker_runtime_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for SageMaker Runtime endpoint"
+  type        = bool
+  default     = false
+}
+
 variable "map_public_ip_on_launch" {
  description = "Should be false if you do not want to auto-assign public IP on launch"
  type        = bool

--- a/vpc-endpoints.tf
+++ b/vpc-endpoints.tf
@@ -722,3 +722,172 @@ resource "aws_vpc_endpoint" "sts" {
  private_dns_enabled = var.sts_endpoint_private_dns_enabled
  tags                = local.vpce_tags
 }
+
+#############################
+# VPC Endpoint for Cloudformation
+#############################
+data "aws_vpc_endpoint_service" "cloudformation" {
+  count = var.create_vpc && var.enable_cloudformation_endpoint ? 1 : 0
+
+  service = "cloudformation"
+}
+
+resource "aws_vpc_endpoint" "cloudformation" {
+  count = var.create_vpc && var.enable_cloudformation_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.cloudformation[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.cloudformation_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.cloudformation_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.cloudformation_endpoint_private_dns_enabled
+  tags                = local.vpce_tags
+}
+#############################
+# VPC Endpoint for CodePipeline
+#############################
+data "aws_vpc_endpoint_service" "codepipeline" {
+  count = var.create_vpc && var.enable_codepipeline_endpoint ? 1 : 0
+
+  service = "codepipeline"
+}
+
+resource "aws_vpc_endpoint" "codepipeline" {
+  count = var.create_vpc && var.enable_codepipeline_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.codepipeline[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.codepipeline_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.codepipeline_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.codepipeline_endpoint_private_dns_enabled
+  tags                = local.vpce_tags
+}
+#############################
+# VPC Endpoint for AppMesh
+#############################
+data "aws_vpc_endpoint_service" "appmesh_envoy_management" {
+  count = var.create_vpc && var.enable_appmesh_envoy_management_endpoint ? 1 : 0
+
+  service = "appmesh-envoy-management"
+}
+
+resource "aws_vpc_endpoint" "appmesh_envoy_management" {
+  count = var.create_vpc && var.enable_appmesh_envoy_management_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.appmesh_envoy_management[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.appmesh_envoy_management_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.appmesh_envoy_management_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.appmesh_envoy_management_endpoint_private_dns_enabled
+  tags                = local.vpce_tags
+}
+#############################
+# VPC Endpoint for Service Catalog
+#############################
+data "aws_vpc_endpoint_service" "servicecatalog" {
+  count = var.create_vpc && var.enable_servicecatalog_endpoint ? 1 : 0
+
+  service = "servicecatalog"
+}
+
+resource "aws_vpc_endpoint" "servicecatalog" {
+  count = var.create_vpc && var.enable_servicecatalog_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.servicecatalog[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.servicecatalog_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.servicecatalog_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.servicecatalog_endpoint_private_dns_enabled
+  tags                = local.vpce_tags
+}
+#############################
+# VPC Endpoint for Storage Gateway
+#############################
+data "aws_vpc_endpoint_service" "storagegateway" {
+  count = var.create_vpc && var.enable_storagegateway_endpoint ? 1 : 0
+
+  service = "storagegateway"
+}
+
+resource "aws_vpc_endpoint" "storagegateway" {
+  count = var.create_vpc && var.enable_storagegateway_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.storagegateway[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.storagegateway_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.storagegateway_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.storagegateway_endpoint_private_dns_enabled
+  tags                = local.vpce_tags
+}
+#############################
+# VPC Endpoint for Transfer
+#############################
+data "aws_vpc_endpoint_service" "transfer" {
+  count = var.create_vpc && var.enable_transfer_endpoint ? 1 : 0
+
+  service = "transfer"
+}
+
+resource "aws_vpc_endpoint" "transfer" {
+  count = var.create_vpc && var.enable_transfer_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.transfer[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.transfer_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.transfer_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.transfer_endpoint_private_dns_enabled
+  tags                = local.vpce_tags
+}
+#############################
+# VPC Endpoint for SageMaker API
+#############################
+data "aws_vpc_endpoint_service" "sagemaker_api" {
+  count = var.create_vpc && var.enable_sagemaker_api_endpoint ? 1 : 0
+
+  service = "sagemaker.api"
+}
+
+resource "aws_vpc_endpoint" "sagemaker_api" {
+  count = var.create_vpc && var.enable_sagemaker_api_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.sagemaker_api[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.sagemaker_api_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.sagemaker_api_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.sagemaker_api_endpoint_private_dns_enabled
+  tags                = local.vpce_tags
+}
+#############################
+# VPC Endpoint for SageMaker Runtime
+#############################
+data "aws_vpc_endpoint_service" "sagemaker_runtime" {
+  count = var.create_vpc && var.enable_sagemaker_runtime_endpoint ? 1 : 0
+
+  service = "sagemaker.runtime"
+}
+
+resource "aws_vpc_endpoint" "sagemaker_runtime" {
+  count = var.create_vpc && var.enable_sagemaker_runtime_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.sagemaker_runtime[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.sagemaker_runtime_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.sagemaker_runtime_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.sagemaker_runtime_endpoint_private_dns_enabled
+  tags                = local.vpce_tags
+}