diff --git a/README.md b/README.md index dfed425d6..cf718756b 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ These types of resources are supported: ECS, ECS Agent, ECS Telemetry, SES, SNS, STS, Glue, CloudWatch(Monitoring, Logs, Events), Elastic Load Balancing, CloudTrail, Secrets Manager, Config, CodeBuild, CodeCommit, Git-Codecommit, Transfer Server, Kinesis Streams, Kinesis Firehose, SageMaker(Notebook, Runtime, API), -CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog, AppStream, +CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog, AppStream API, AppStream Streaming, Athena, Rekognition, Elastic File System (EFS), Cloud Directory, Elastic Beanstalk (+ Health), Elastic Map Reduce(EMR), DataSync, EBS, SMS, Elastic Inference Runtime, QLDB Session, Step Functions, Access Analyzer, Auto Scaling Plans, Application Auto Scaling, Workspaces, ACM PCA, RDS, CodeDeploy, CodeDeploy Commands Secure @@ -250,9 +250,12 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | appmesh\_envoy\_management\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppMesh endpoint | `bool` | `false` | no | | appmesh\_envoy\_management\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppMesh endpoint | `list(string)` | `[]` | no | | appmesh\_envoy\_management\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppMesh endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no | -| appstream\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppStream endpoint | `bool` | `false` | no | -| appstream\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppStream endpoint | `list(string)` | `[]` | no | -| appstream\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppStream endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no | +| appstream\_api\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppStream API endpoint | `bool` | `false` | no | +| appstream\_api\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppStream API endpoint | `list(string)` | `[]` | no | +| appstream\_api\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppStream API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no | +| appstream\_streaming\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppStream Streaming endpoint | `bool` | `false` | no | +| appstream\_streaming\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppStream Streaming endpoint | `list(string)` | `[]` | no | +| appstream\_streaming\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppStream Streaming endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no | | assign\_ipv6\_address\_on\_creation | Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `false` | no | | athena\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Athena endpoint | `bool` | `false` | no | | athena\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Athena endpoint | `list(string)` | `[]` | no | @@ -396,7 +399,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | enable\_acm\_pca\_endpoint | Should be true if you want to provision an ACM PCA endpoint to the VPC | `bool` | `false` | no | | enable\_apigw\_endpoint | Should be true if you want to provision an api gateway endpoint to the VPC | `bool` | `false` | no | | enable\_appmesh\_envoy\_management\_endpoint | Should be true if you want to provision a AppMesh endpoint to the VPC | `bool` | `false` | no | -| enable\_appstream\_endpoint | Should be true if you want to provision a AppStream endpoint to the VPC | `bool` | `false` | no | +| enable\_appstream\_api\_endpoint | Should be true if you want to provision a AppStream API endpoint to the VPC | `bool` | `false` | no | +| enable\_appstream\_streaming\_endpoint | Should be true if you want to provision a AppStream Streaming endpoint to the VPC | `bool` | `false` | no | | enable\_athena\_endpoint | Should be true if you want to provision a Athena endpoint to the VPC | `bool` | `false` | no | | enable\_auto\_scaling\_plans\_endpoint | Should be true if you want to provision an Auto Scaling Plans endpoint to the VPC | `bool` | `false` | no | | enable\_classiclink | Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. | `bool` | `null` | no | @@ -732,9 +736,12 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | vpc\_endpoint\_appmesh\_envoy\_management\_dns\_entry | The DNS entries for the VPC Endpoint for AppMesh. | | vpc\_endpoint\_appmesh\_envoy\_management\_id | The ID of VPC endpoint for AppMesh | | vpc\_endpoint\_appmesh\_envoy\_management\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppMesh. | -| vpc\_endpoint\_appstream\_dns\_entry | The DNS entries for the VPC Endpoint for AppStream. | -| vpc\_endpoint\_appstream\_id | The ID of VPC endpoint for AppStream | -| vpc\_endpoint\_appstream\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppStream. | +| vpc\_endpoint\_appstream\_api\_dns\_entry | The DNS entries for the VPC Endpoint for AppStream API. | +| vpc\_endpoint\_appstream\_api\_id | The ID of VPC endpoint for AppStream API | +| vpc\_endpoint\_appstream\_api\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppStream API. | +| vpc\_endpoint\_appstream\_streaming\_dns\_entry | The DNS entries for the VPC Endpoint for AppStream Streaming. | +| vpc\_endpoint\_appstream\_streaming\_id | The ID of VPC endpoint for AppStream Streaming | +| vpc\_endpoint\_appstream\_streaming\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppStream Streaming. | | vpc\_endpoint\_athena\_dns\_entry | The DNS entries for the VPC Endpoint for Athena. | | vpc\_endpoint\_athena\_id | The ID of VPC endpoint for Athena | | vpc\_endpoint\_athena\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Athena. | diff --git a/outputs.tf b/outputs.tf index 3b3fe8b23..314ef9b97 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1047,19 +1047,34 @@ output "vpc_endpoint_sagemaker_runtime_dns_entry" { value = flatten(aws_vpc_endpoint.sagemaker_runtime.*.dns_entry) } -output "vpc_endpoint_appstream_id" { - description = "The ID of VPC endpoint for AppStream" - value = concat(aws_vpc_endpoint.appstream.*.id, [""])[0] +output "vpc_endpoint_appstream_api_id" { + description = "The ID of VPC endpoint for AppStream API" + value = concat(aws_vpc_endpoint.appstream_api.*.id, [""])[0] } -output "vpc_endpoint_appstream_network_interface_ids" { - description = "One or more network interfaces for the VPC Endpoint for AppStream." - value = flatten(aws_vpc_endpoint.appstream.*.network_interface_ids) +output "vpc_endpoint_appstream_api_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for AppStream API." + value = flatten(aws_vpc_endpoint.appstream_api.*.network_interface_ids) } -output "vpc_endpoint_appstream_dns_entry" { - description = "The DNS entries for the VPC Endpoint for AppStream." - value = flatten(aws_vpc_endpoint.appstream.*.dns_entry) +output "vpc_endpoint_appstream_api_dns_entry" { + description = "The DNS entries for the VPC Endpoint for AppStream API." + value = flatten(aws_vpc_endpoint.appstream_api.*.dns_entry) +} + +output "vpc_endpoint_appstream_streaming_id" { + description = "The ID of VPC endpoint for AppStream Streaming" + value = concat(aws_vpc_endpoint.appstream_streaming.*.id, [""])[0] +} + +output "vpc_endpoint_appstream_streaming_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for AppStream Streaming." + value = flatten(aws_vpc_endpoint.appstream_streaming.*.network_interface_ids) +} + +output "vpc_endpoint_appstream_streaming_dns_entry" { + description = "The DNS entries for the VPC Endpoint for AppStream Streaming." + value = flatten(aws_vpc_endpoint.appstream_streaming.*.dns_entry) } output "vpc_endpoint_athena_id" { diff --git a/variables.tf b/variables.tf index 821c614b9..86200501a 100644 --- a/variables.tf +++ b/variables.tf @@ -1235,26 +1235,50 @@ variable "sagemaker_runtime_endpoint_private_dns_enabled" { default = false } -variable "enable_appstream_endpoint" { - description = "Should be true if you want to provision a AppStream endpoint to the VPC" +variable "enable_appstream_api_endpoint" { + description = "Should be true if you want to provision a AppStream API endpoint to the VPC" type = bool default = false } -variable "appstream_endpoint_security_group_ids" { - description = "The ID of one or more security groups to associate with the network interface for AppStream endpoint" +variable "appstream_api_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for AppStream API endpoint" type = list(string) default = [] } -variable "appstream_endpoint_subnet_ids" { - description = "The ID of one or more subnets in which to create a network interface for AppStream endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." +variable "appstream_api_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for AppStream API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." type = list(string) default = [] } -variable "appstream_endpoint_private_dns_enabled" { - description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream endpoint" +variable "appstream_api_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream API endpoint" + type = bool + default = false +} + +variable "enable_appstream_streaming_endpoint" { + description = "Should be true if you want to provision a AppStream Streaming endpoint to the VPC" + type = bool + default = false +} + +variable "appstream_streaming_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for AppStream Streaming endpoint" + type = list(string) + default = [] +} + +variable "appstream_streaming_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for AppStream Streaming endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "appstream_streaming_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream Streaming endpoint" type = bool default = false } diff --git a/vpc-endpoints.tf b/vpc-endpoints.tf index 57867d95b..35df3b571 100644 --- a/vpc-endpoints.tf +++ b/vpc-endpoints.tf @@ -916,24 +916,46 @@ resource "aws_vpc_endpoint" "sagemaker_runtime" { } ############################# -# VPC Endpoint for AppStream +# VPC Endpoint for AppStream API ############################# -data "aws_vpc_endpoint_service" "appstream" { - count = var.create_vpc && var.enable_appstream_endpoint ? 1 : 0 +data "aws_vpc_endpoint_service" "appstream_api" { + count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0 - service = "appstream" + service = "appstream.api" } -resource "aws_vpc_endpoint" "appstream" { - count = var.create_vpc && var.enable_appstream_endpoint ? 1 : 0 +resource "aws_vpc_endpoint" "appstream_api" { + count = var.create_vpc && var.enable_appstream_api_endpoint ? 1 : 0 vpc_id = local.vpc_id - service_name = data.aws_vpc_endpoint_service.appstream[0].service_name + service_name = data.aws_vpc_endpoint_service.appstream_api[0].service_name vpc_endpoint_type = "Interface" - security_group_ids = var.appstream_endpoint_security_group_ids - subnet_ids = coalescelist(var.appstream_endpoint_subnet_ids, aws_subnet.private.*.id) - private_dns_enabled = var.appstream_endpoint_private_dns_enabled + security_group_ids = var.appstream_api_endpoint_security_group_ids + subnet_ids = coalescelist(var.appstream_api_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.appstream_api_endpoint_private_dns_enabled + tags = local.vpce_tags +} + +############################# +# VPC Endpoint for AppStream STREAMING +############################# +data "aws_vpc_endpoint_service" "appstream_streaming" { + count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0 + + service = "appstream.streaming" +} + +resource "aws_vpc_endpoint" "appstream_streaming" { + count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.appstream_streaming[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.appstream_streaming_endpoint_security_group_ids + subnet_ids = coalescelist(var.appstream_streaming_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.appstream_streaming_endpoint_private_dns_enabled tags = local.vpce_tags }