search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.11k stars 56 forks source link

AWS::EC2::VPCEndpoint return ENI IP address #109

Open hoegertn opened 5 years ago

hoegertn commented 5 years ago

For interface typed VPC endpoints it would be good to have the private IPs of the ENIs as an attribute accessible via !GetAtt.

For several use cases, DNS names are not enough and you need the IP of the ENI.

Currently, this can only be solved by a custom resource that takes the ENIs (!GetAtt VPCE.NetworkInterfaceIds) and resolves them to IPs.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html

Category: Networking & Content (VPC, Route53, API GW,...)

sc-pulsion commented 4 years ago

@hoegertn I dont suppose you have an example of that custom resource to save me re-inventing the wheel? Thanks.

moqrin3 commented 4 years ago

@sc-pulsion https://dev.classmethod.jp/cloud/aws/transfer-for-sftp-restrict-ip-cloudformation/

dkavanagh commented 4 years ago

Yes, being able to get these IPs easily and throw them in an NLB TargetGroup would be very handy. Off to write a custom resource to look them up. sigh

hunyhabib commented 3 years ago

I am also facing the same issue, I am trying to create a IP Target group to include VPC endpoint ENI IPs using cloud formation. with the GetAtt i could get the DNS but as mentioned above there is some scenarios we need the IPs.

anubhav-jhalani commented 3 years ago

For interface typed VPC endpoints it would be good to have the private IPs of the ENIs as an attribute accessible via !GetAtt.

For several use cases, DNS names are not enough and you need the IP of the ENI.

Currently, this can only be solved by a custom resource that takes the ENIs (!GetAtt VPCE.NetworkInterfaceIds) and resolves them to IPs.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html

Category: Networking & Content (VPC, Route53, API GW,...)

@hoegertn Could you please specify that custom resource? I am also looking for a solution of this problem

tnsardesai commented 2 years ago

Our use case would be using the VPCE private ip for a subnet NACL rules.

zindello commented 2 years ago

+1 I would also like to see this as I'm attaching an NLB in front of an IOT Core MQTT endpoint that's accessed over a direct connect (because reasons)

jasonrichardsmith commented 1 year ago

The diagram of your architecture here. https://docs.aws.amazon.com/whitepapers/latest/best-practices-api-gateway-private-apis-integration/rest-api.html#private-integration Would require a return of IP addresses. Otherwise it is done with a Custom Resource.

pblitz-pg commented 1 year ago

+1 would also love to have this!

ghost commented 1 year ago

+1

dkasten79 commented 1 year ago

+1

DonthineniSagar commented 1 year ago

+1

yuriihavryliuk-dev commented 1 year ago

+1

Landerstraeten commented 11 months ago

+1

chufgard commented 10 months ago

Four years and no progress at all? I want to connect a NLB to an API Gateway ( https://docs.aws.amazon.com/whitepapers/latest/best-practices-api-gateway-private-apis-integration/rest-api.html#private-integration ) and it seems that I must use a Custom Resource.