Enables adding AWS VPC endpoints to an existing VPC.
Note: This module is in alpha state and is likely to contain bugs and updates may introduce breaking changes. It is not recommended for production use at this time.
The module is generated by a python script that queries AWS api's for available endpoints, their types, and what they support. this module aims to improve over using the aws provider directly in the following ways:
TODO:
Name | Version |
---|---|
terraform | >= 1.0.5 |
aws | >= 3.49.0 |
Name | Version |
---|---|
aws | >= 3.49.0 |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
vpc_id | ID for the VPC that endpoints are be associated with. | string |
n/a | yes |
enabled_gateway_endpoints | List of shortened gateway endpoint names that are to be enabled. Shortened names are the endpoint name excluding the dns style prefix, so "com.amazonaws.us-east-1.s3" would be entered as "s3". The region will be pulled from your provider configuration.Available endpoints:dynamodb, s3 | list(string) |
[] |
no |
enabled_interface_endpoints | List of shortened interface endpoint names that are to be enabled. Shortened names are the endpoint name excluding the dns style prefix, so "com.amazonaws.us-east-1.s3" would be entered as "s3". The region will be pulled from your provider configuration.Available endpoints:access-analyzer, account, acm-pca, airflow_api, airflow_env, airflow_ops, app-integrations, application-autoscaling, appmesh-envoy-management, apprunner, appstream_api, appstream_streaming, aps, aps-workspaces, athena, auditmanager, autoscaling, autoscaling-plans, awsconnector, braket, cassandra, cassandra-fips, clouddirectory, cloudformation, cloudhsmv2, cloudtrail, codeartifact_api, codeartifact_repositories, codebuild, codebuild-fips, codecommit, codecommit-fips, codedeploy, codedeploy-commands-secure, codeguru-profiler, codeguru-reviewer, codepipeline, codestar-connections_api, comprehend, comprehendmedical, config, databrew, dataexchange, datasync, devops-guru, dms, dms-fips, ds, ebs, ec2, ec2messages, ecr_api, ecr_dkr, ecs, ecs-agent, ecs-telemetry, elastic-inference_runtime, elasticbeanstalk, elasticbeanstalk-health, elasticfilesystem, elasticfilesystem-fips, elasticloadbalancing, elasticmapreduce, email-smtp, emr-containers, events, execute-api, finspace, finspace-api, fis, frauddetector, git-codecommit, git-codecommit-fips, glue, greengrass, groundstation, healthlake, imagebuilder, iot_data, iotsitewise_api, iotsitewise_data, iotwireless_api, kendra, kinesis-firehose, kinesis-streams, kms, lambda, license-manager, license-manager-fips, logs, lookoutequipment, lookoutmetrics, lookoutvision, lorawan_cups, lorawan_lns, macie2, mgn, monitoring, nimble, profile, proton, qldb_session, rds, rds-data, redshift, redshift-data, redshift-fips, rekognition, rekognition-fips, s3, s3-global_accesspoint, sagemaker_api, sagemaker_featurestore-runtime, sagemaker_runtime, sagemaker_runtime-fips, sagemaker_us-east-1_notebook, sagemaker_us-east-1_studio, secretsmanager, servicecatalog, servicecatalog-appregistry, sms, sms-fips, snow-device-management, sns, sqs, ssm, ssmmessages, states, storagegateway, sts, synthetics, textract, textract-fips, transcribe, transcribestreaming, transfer, transfer_server, voiceid, workspaces, xray | list(string) |
[] |
no |
gateway_endpoint_policies | Policies to apply to gateway endpoints, the key must match the endpoint name used in the "enabled_endpoints" variable, policies declared for endpoints that are not enabled will be ignored. | map(map(any)) |
{} |
no |
interface_endpoint_policies | Policies to apply to interface endpoints, the key must match the endpoint name used in the "enabled_endpoints" variable, policies declared for endpoints that are not enabled will be ignored. | map(map(any)) |
{} |
no |
private_dns_enabled | Whether or not to associate a private hosted zone with the specified VPC. Only applicable for endpoints of type Interface. | bool |
true |
no |
route_table_ids | One or more route table IDs. Only applicable for endpoints of type Gateway. | list(string) |
[] |
no |
security_group_ids | The ID of one or more security groups to associate with the endpoint's network interface. Only applicable for endpoints of type Interface. If interface gateways are to be created and no security group id's are provided, a security group allowing all traffic from inside the vpc will be created by this module. | list(string) |
[] |
no |
subnet_ids | The ID of one or more subnets in which to create a network interface for endpoints. Only applicable for endpoints of type GatewayLoadBalancer and Interface. | list(string) |
[] |
no |
tags | A map of tags to assign to the endpoints. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the module-level. | map(string) |
{} |
no |
Name | Description |
---|---|
gateway_endpoints | map of properties for all enabled gateway endpoints |
interface_endpoints | map of properties for all enabled interface endpoints |
security_group_ids | List of security group ID's that interface endpoints are attached to |