aws.ec2.VpcEndpoint `only supports the full-access endpoint policy`.

[Defman]

What happened?

When setting privateDnsEnabled to true from false.

const vpcEndpoint = new awsNative.ec2.VpcEndpoint(`${stack}-${endpoint.name}`, {
  serviceName: endpoint.serviceName,
  vpcId: vpc.id,
  vpcEndpointType: endpoint.vpcEndpointType,
  privateDnsEnabled: endpoint.privateDnsEnabled,
  subnetIds: privateSubnets.map((subnet) => subnet.subnet.id),
  securityGroupIds,
});

Results in

error: operation UPDATE failed with "GeneralServiceException": Service com.amazonaws.vpce.eu-central-1.vpce-svc-xxxxx only supports the full-access endpoint policy. (Service: Ec2, Status Code: 400, Request ID: xxx)

Works with aws classic

const vpcEndpoint = new awsClassic.ec2.VpcEndpoint(`${stack}-${endpoint.name}`, {
  serviceName: endpoint.serviceName,
  vpcId: vpc.id,
  vpcEndpointType: endpoint.vpcEndpointType,
  privateDnsEnabled: endpoint.privateDnsEnabled,
  subnetIds: privateSubnets.map((subnet) => subnet.subnet.id),
  securityGroupIds,
});

Example

const vpcEndpoint = new awsNative.ec2.VpcEndpoint(`${stack}-${endpoint.name}`, {
  serviceName: endpoint.serviceName,
  vpcId: vpc.id,
  vpcEndpointType: endpoint.vpcEndpointType,
  privateDnsEnabled: endpoint.privateDnsEnabled,
  subnetIds: privateSubnets.map((subnet) => subnet.subnet.id),
  securityGroupIds,
});

Output of pulumi about

CLI          
Version      3.130.0
Go Version   go1.22.6
Go Compiler  gc

Plugins
KIND      NAME    VERSION
language  nodejs  unknown

Host     
OS       darwin
Version  13.0.1
Arch     arm64

This project is written in nodejs: executable='/opt/homebrew/bin/node' version='v22.6.0'

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[t0yv0]

Thanks for reporting this @Defman, we'll take a look as time permits. Thanks for including the workaround as well (using AWS Classic).