search

aws-ia / terraform-aws-vpc_endpoints

Terraform AWS VPC endpoints module
Apache License 2.0
4 stars 5 forks source link

readme

Terraform AWS VPC endpoints module

Enables adding AWS VPC endpoints to an existing VPC.

Note: This module is in alpha state and is likely to contain bugs and updates may introduce breaking changes. It is not recommended for production use at this time.

The module is generated by a python script that queries AWS api's for available endpoints, their types, and what they support. this module aims to improve over using the aws provider directly in the following ways:

TODO:

Requirements

Name Version
terraform >= 1.0.5
aws >= 3.49.0

Providers

Name Version
aws >= 3.49.0

Modules

No modules.

Resources

Name Type
aws_security_group.endpoints resource
aws_security_group_rule.endpoints_allow_ingress_tcp443_from_vpc_cidr resource
aws_vpc_endpoint.access_analyzer_interface resource
aws_vpc_endpoint.account_interface resource
aws_vpc_endpoint.acm_pca_interface resource
aws_vpc_endpoint.airflow_api_interface resource
aws_vpc_endpoint.airflow_env_interface resource
aws_vpc_endpoint.airflow_ops_interface resource
aws_vpc_endpoint.app_integrations_interface resource
aws_vpc_endpoint.application_autoscaling_interface resource
aws_vpc_endpoint.appmesh_envoy_management_interface resource
aws_vpc_endpoint.apprunner_interface resource
aws_vpc_endpoint.appstream_api_interface resource
aws_vpc_endpoint.appstream_streaming_interface resource
aws_vpc_endpoint.aps_interface resource
aws_vpc_endpoint.aps_workspaces_interface resource
aws_vpc_endpoint.athena_interface resource
aws_vpc_endpoint.auditmanager_interface resource
aws_vpc_endpoint.autoscaling_interface resource
aws_vpc_endpoint.autoscaling_plans_interface resource
aws_vpc_endpoint.awsconnector_interface resource
aws_vpc_endpoint.braket_interface resource
aws_vpc_endpoint.cassandra_fips_interface resource
aws_vpc_endpoint.cassandra_interface resource
aws_vpc_endpoint.clouddirectory_interface resource
aws_vpc_endpoint.cloudformation_interface resource
aws_vpc_endpoint.cloudhsmv2_interface resource
aws_vpc_endpoint.cloudtrail_interface resource
aws_vpc_endpoint.codeartifact_api_interface resource
aws_vpc_endpoint.codeartifact_repositories_interface resource
aws_vpc_endpoint.codebuild_fips_interface resource
aws_vpc_endpoint.codebuild_interface resource
aws_vpc_endpoint.codecommit_fips_interface resource
aws_vpc_endpoint.codecommit_interface resource
aws_vpc_endpoint.codedeploy_commands_secure_interface resource
aws_vpc_endpoint.codedeploy_interface resource
aws_vpc_endpoint.codeguru_profiler_interface resource
aws_vpc_endpoint.codeguru_reviewer_interface resource
aws_vpc_endpoint.codepipeline_interface resource
aws_vpc_endpoint.codestar_connections_api_interface resource
aws_vpc_endpoint.comprehend_interface resource
aws_vpc_endpoint.comprehendmedical_interface resource
aws_vpc_endpoint.config_interface resource
aws_vpc_endpoint.databrew_interface resource
aws_vpc_endpoint.dataexchange_interface resource
aws_vpc_endpoint.datasync_interface resource
aws_vpc_endpoint.devops_guru_interface resource
aws_vpc_endpoint.dms_fips_interface resource
aws_vpc_endpoint.dms_interface resource
aws_vpc_endpoint.ds_interface resource
aws_vpc_endpoint.dynamodb_gateway resource
aws_vpc_endpoint.ebs_interface resource
aws_vpc_endpoint.ec2_interface resource
aws_vpc_endpoint.ec2messages_interface resource
aws_vpc_endpoint.ecr_api_interface resource
aws_vpc_endpoint.ecr_dkr_interface resource
aws_vpc_endpoint.ecs_agent_interface resource
aws_vpc_endpoint.ecs_interface resource
aws_vpc_endpoint.ecs_telemetry_interface resource
aws_vpc_endpoint.elastic_inference_runtime_interface resource
aws_vpc_endpoint.elasticbeanstalk_health_interface resource
aws_vpc_endpoint.elasticbeanstalk_interface resource
aws_vpc_endpoint.elasticfilesystem_fips_interface resource
aws_vpc_endpoint.elasticfilesystem_interface resource
aws_vpc_endpoint.elasticloadbalancing_interface resource
aws_vpc_endpoint.elasticmapreduce_interface resource
aws_vpc_endpoint.email_smtp_interface resource
aws_vpc_endpoint.emr_containers_interface resource
aws_vpc_endpoint.events_interface resource
aws_vpc_endpoint.execute_api_interface resource
aws_vpc_endpoint.finspace_api_interface resource
aws_vpc_endpoint.finspace_interface resource
aws_vpc_endpoint.fis_interface resource
aws_vpc_endpoint.frauddetector_interface resource
aws_vpc_endpoint.git_codecommit_fips_interface resource
aws_vpc_endpoint.git_codecommit_interface resource
aws_vpc_endpoint.glue_interface resource
aws_vpc_endpoint.greengrass_interface resource
aws_vpc_endpoint.groundstation_interface resource
aws_vpc_endpoint.healthlake_interface resource
aws_vpc_endpoint.imagebuilder_interface resource
aws_vpc_endpoint.iot_data_interface resource
aws_vpc_endpoint.iotsitewise_api_interface resource
aws_vpc_endpoint.iotsitewise_data_interface resource
aws_vpc_endpoint.iotwireless_api_interface resource
aws_vpc_endpoint.kendra_interface resource
aws_vpc_endpoint.kinesis_firehose_interface resource
aws_vpc_endpoint.kinesis_streams_interface resource
aws_vpc_endpoint.kms_interface resource
aws_vpc_endpoint.lambda_interface resource
aws_vpc_endpoint.license_manager_fips_interface resource
aws_vpc_endpoint.license_manager_interface resource
aws_vpc_endpoint.logs_interface resource
aws_vpc_endpoint.lookoutequipment_interface resource
aws_vpc_endpoint.lookoutmetrics_interface resource
aws_vpc_endpoint.lookoutvision_interface resource
aws_vpc_endpoint.lorawan_cups_interface resource
aws_vpc_endpoint.lorawan_lns_interface resource
aws_vpc_endpoint.macie2_interface resource
aws_vpc_endpoint.mgn_interface resource
aws_vpc_endpoint.monitoring_interface resource
aws_vpc_endpoint.nimble_interface resource
aws_vpc_endpoint.profile_interface resource
aws_vpc_endpoint.proton_interface resource
aws_vpc_endpoint.qldb_session_interface resource
aws_vpc_endpoint.rds_data_interface resource
aws_vpc_endpoint.rds_interface resource
aws_vpc_endpoint.redshift_data_interface resource
aws_vpc_endpoint.redshift_fips_interface resource
aws_vpc_endpoint.redshift_interface resource
aws_vpc_endpoint.rekognition_fips_interface resource
aws_vpc_endpoint.rekognition_interface resource
aws_vpc_endpoint.s3_gateway resource
aws_vpc_endpoint.s3_global_accesspoint_interface resource
aws_vpc_endpoint.s3_interface resource
aws_vpc_endpoint.sagemaker_api_interface resource
aws_vpc_endpoint.sagemaker_featurestore_runtime_interface resource
aws_vpc_endpoint.sagemaker_runtime_fips_interface resource
aws_vpc_endpoint.sagemaker_runtime_interface resource
aws_vpc_endpoint.sagemaker_us_east_1_notebook_interface resource
aws_vpc_endpoint.sagemaker_us_east_1_studio_interface resource
aws_vpc_endpoint.secretsmanager_interface resource
aws_vpc_endpoint.servicecatalog_appregistry_interface resource
aws_vpc_endpoint.servicecatalog_interface resource
aws_vpc_endpoint.sms_fips_interface resource
aws_vpc_endpoint.sms_interface resource
aws_vpc_endpoint.snow_device_management_interface resource
aws_vpc_endpoint.sns_interface resource
aws_vpc_endpoint.sqs_interface resource
aws_vpc_endpoint.ssm_interface resource
aws_vpc_endpoint.ssmmessages_interface resource
aws_vpc_endpoint.states_interface resource
aws_vpc_endpoint.storagegateway_interface resource
aws_vpc_endpoint.sts_interface resource
aws_vpc_endpoint.synthetics_interface resource
aws_vpc_endpoint.textract_fips_interface resource
aws_vpc_endpoint.textract_interface resource
aws_vpc_endpoint.transcribe_interface resource
aws_vpc_endpoint.transcribestreaming_interface resource
aws_vpc_endpoint.transfer_interface resource
aws_vpc_endpoint.transfer_server_interface resource
aws_vpc_endpoint.voiceid_interface resource
aws_vpc_endpoint.workspaces_interface resource
aws_vpc_endpoint.xray_interface resource
aws_region.current data source
aws_vpc.selected data source

Inputs

Name Description Type Default Required
vpc_id ID for the VPC that endpoints are be associated with. string n/a yes
enabled_gateway_endpoints List of shortened gateway endpoint names that are to be enabled. Shortened names are the endpoint name excluding the dns style prefix, so "com.amazonaws.us-east-1.s3" would be entered as "s3". The region will be pulled from your provider configuration.Available endpoints:dynamodb, s3 list(string) [] no
enabled_interface_endpoints List of shortened interface endpoint names that are to be enabled. Shortened names are the endpoint name excluding the dns style prefix, so "com.amazonaws.us-east-1.s3" would be entered as "s3". The region will be pulled from your provider configuration.Available endpoints:access-analyzer, account, acm-pca, airflow_api, airflow_env, airflow_ops, app-integrations, application-autoscaling, appmesh-envoy-management, apprunner, appstream_api, appstream_streaming, aps, aps-workspaces, athena, auditmanager, autoscaling, autoscaling-plans, awsconnector, braket, cassandra, cassandra-fips, clouddirectory, cloudformation, cloudhsmv2, cloudtrail, codeartifact_api, codeartifact_repositories, codebuild, codebuild-fips, codecommit, codecommit-fips, codedeploy, codedeploy-commands-secure, codeguru-profiler, codeguru-reviewer, codepipeline, codestar-connections_api, comprehend, comprehendmedical, config, databrew, dataexchange, datasync, devops-guru, dms, dms-fips, ds, ebs, ec2, ec2messages, ecr_api, ecr_dkr, ecs, ecs-agent, ecs-telemetry, elastic-inference_runtime, elasticbeanstalk, elasticbeanstalk-health, elasticfilesystem, elasticfilesystem-fips, elasticloadbalancing, elasticmapreduce, email-smtp, emr-containers, events, execute-api, finspace, finspace-api, fis, frauddetector, git-codecommit, git-codecommit-fips, glue, greengrass, groundstation, healthlake, imagebuilder, iot_data, iotsitewise_api, iotsitewise_data, iotwireless_api, kendra, kinesis-firehose, kinesis-streams, kms, lambda, license-manager, license-manager-fips, logs, lookoutequipment, lookoutmetrics, lookoutvision, lorawan_cups, lorawan_lns, macie2, mgn, monitoring, nimble, profile, proton, qldb_session, rds, rds-data, redshift, redshift-data, redshift-fips, rekognition, rekognition-fips, s3, s3-global_accesspoint, sagemaker_api, sagemaker_featurestore-runtime, sagemaker_runtime, sagemaker_runtime-fips, sagemaker_us-east-1_notebook, sagemaker_us-east-1_studio, secretsmanager, servicecatalog, servicecatalog-appregistry, sms, sms-fips, snow-device-management, sns, sqs, ssm, ssmmessages, states, storagegateway, sts, synthetics, textract, textract-fips, transcribe, transcribestreaming, transfer, transfer_server, voiceid, workspaces, xray list(string) [] no
gateway_endpoint_policies Policies to apply to gateway endpoints, the key must match the endpoint name used in the "enabled_endpoints" variable, policies declared for endpoints that are not enabled will be ignored. map(map(any)) {} no
interface_endpoint_policies Policies to apply to interface endpoints, the key must match the endpoint name used in the "enabled_endpoints" variable, policies declared for endpoints that are not enabled will be ignored. map(map(any)) {} no
private_dns_enabled Whether or not to associate a private hosted zone with the specified VPC. Only applicable for endpoints of type Interface. bool true no
route_table_ids One or more route table IDs. Only applicable for endpoints of type Gateway. list(string) [] no
security_group_ids The ID of one or more security groups to associate with the endpoint's network interface. Only applicable for endpoints of type Interface. If interface gateways are to be created and no security group id's are provided, a security group allowing all traffic from inside the vpc will be created by this module. list(string) [] no
subnet_ids The ID of one or more subnets in which to create a network interface for endpoints. Only applicable for endpoints of type GatewayLoadBalancer and Interface. list(string) [] no
tags A map of tags to assign to the endpoints. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the module-level. map(string) {} no

Outputs

Name Description
gateway_endpoints map of properties for all enabled gateway endpoints
interface_endpoints map of properties for all enabled interface endpoints
security_group_ids List of security group ID's that interface endpoints are attached to