search

cloudposse / terraform-aws-vpc

Terraform Module that defines a VPC with public/private subnets across multiple AZs with Internet Gateways
https://cloudposse.com/accelerate
Apache License 2.0
229 stars 195 forks source link

PrivateLink support #114

Open shinenelson opened 1 year ago

shinenelson commented 1 year ago

Describe the Feature

It would be great to have the vpc-endpoints submodule support AWS PrivateLink services as well. In general, any non-standard service that is supported by AWS' VPC Endpoints service.

Use Case

When partnering with external services, they often expose an AWS PrivateLink that customers can use. Since the vpc-endpoints submodule already supports the official AWS services, it would be prudent to support non-official services as well.

Describe Ideal Solution

The vpc-endpoints submodule supports the service_name in https://github.com/cloudposse/terraform-aws-vpc/blob/3e61cf9b258312922bc6595426e3592e96fff9d5/modules/vpc-endpoints/main.tf#L62

We could expose a new input, say, service_type that might accept 'internal' or 'external' as values. Based on that input, we could decide whether to use the service or service_name arguments in the aws_vpc_endpoint_service data source.

Alternatives Considered

I hacked my local vendored module to change service to service_name to experiment whether it would work.

diff --git a/modules/vpc-endpoints/main.tf b/modules/vpc-endpoints/main.tf
 data "aws_vpc_endpoint_service" "interface_endpoint_service" {
   for_each     = local.enabled ? var.interface_vpc_endpoints : {}
-  service      = var.interface_vpc_endpoints[each.key].name
+  service_name = var.interface_vpc_endpoints[each.key].name
   service_type = "Interface"
 }

It worked straight-forward with no other change to the vendored module. That is why I thought that this might be easy to implement.