This module creates following resources.
aws_vpc_endpointaws_vpc_endpoint_policyaws_vpc_endpoint_security_group_associationaws_vpc_endpoint_subnet_association(optional)aws_vpc_endpoint_connection_notification(optional)
| Name | Version |
|---|---|
| terraform | >= 1.6 |
| aws | >= 5.20 |
| Name | Version |
|---|---|
| aws | 5.24.0 |
| Name | Source | Version |
|---|---|---|
| resource_group | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 |
| security_group | tedilabs/network/aws//modules/security-group | ~> 0.31.0 |
| Name | Type |
|---|---|
| aws_vpc_endpoint.this | resource |
| aws_vpc_endpoint_connection_notification.this | resource |
| aws_vpc_endpoint_policy.this | resource |
| aws_vpc_endpoint_security_group_association.this | resource |
| aws_vpc_endpoint_subnet_association.this | resource |
| aws_availability_zones.available | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | (Required) Desired name for the VPC Interface Endpoint. | string |
n/a | yes |
| service_name | (Required) The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service>. |
string |
n/a | yes |
| vpc_id | (Required) The ID of the VPC in which the endpoint will be used. | string |
n/a | yes |
| auto_accept | (Optional) Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account). | bool |
true |
no |
| connection_notifications | (Optional) A list of configurations of Endpoint Connection Notifications for VPC Endpoint events. Each block of connection_notifications as defined below.(Required) name - The name of the configuration for connection notification. This value is only used internally within Terraform code.(Required) sns_topic - The Amazon Resource Name (ARN) of the SNS topic for the notifications.(Required) events - One or more endpoint events for which to receive notifications. Valid values are Accept, Reject, Connect and Delete. |
list(object({ |
[] |
no |
| default_security_group | (Optional) The configuration of the default security group for the interface endpoint. default_security_group block as defined below.(Optional) enabled - Whether to use the default security group. Defaults to true.(Optional) name - The name of the default security group. If not provided, the endpoint name is used for the name of security group.(Optional) description - The description of the default security group.(Optional) ingress_rules - A list of ingress rules in a security group. You don't need to specify protocol, from_port, to_port. Just specify source information. Defaults to [{ id = "default", ipv4_cidrs = ["0.0.0.0/0"] }]. Each block of ingress_rules as defined below.(Required) id - The ID of the ingress rule. This value is only used internally within Terraform code.(Optional) description - The description of the rule.(Optional) protocol - The protocol to match. Note that if protocol is set to -1, it translates to all protocols, all port ranges, and from_port and to_port values should not be defined. Defaults to tcp.(Optional) from_port - The start of port range for the TCP protocols. Defaults to 443.(Optional) to_port - The end of port range for the TCP protocols. Defaults to 443.(Optional) ipv4_cidrs - The IPv4 network ranges to allow, in CIDR notation.(Optional) ipv6_cidrs - The IPv6 network ranges to allow, in CIDR notation.(Optional) prefix_lists - The prefix list IDs to allow.(Optional) security_groups - The source security group IDs to allow.(Optional) self - Whether the security group itself will be added as a source to this ingress rule. |
object({ |
{} |
no |
| ip_address_type | (Optional) The type of IP addresses used by the subnets for the interface endpoint. The possible values are IPv4, IPv6 and DUALSTACK. Defaults to IPv4 |
string |
"IPv4" |
no |
| module_tags_enabled | (Optional) Whether to create AWS Resource Tags for the module informations. | bool |
true |
no |
| network_mapping | (Optional) The configuration for the interface endpoint how routes traffic to targets in which subnets, and in accordance with IP address settings. Choose one subnet for each zone. An endpoint network interface is assigned a private IP address from the IP address range of your subnet, and keeps this IP address until the interface endpoint is deleted. Each key of network_mapping is the availability zone id like apne2-az1, use1-az1. Each block of network_mapping as defined below.(Required) subnet - The id of the subnet of which to attach to the endpoint. You can specify only one subnet per Availability Zone. |
map(object({ |
{} |
no |
| policy | (Optional) A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies. | string |
null |
no |
| private_dns | (Optional) The configuration of the private DNS settings for the interface endpoint. private_dns block as defined below.(Optional) enabled - Whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service. Defaults to false.(Optional) record_ip_type - The type of DNS records created for the endpoint. Valid values are IPv4, IPv6, DUALSTACK, SERVICE_DEFINED. Defaults to IPv4.(Optional) only_for_inbound_resolver_endpoint - Whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint. |
object({ |
{} |
no |
| resource_group_description | (Optional) The description of Resource Group. | string |
"Managed by Terraform." |
no |
| resource_group_enabled | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | bool |
true |
no |
| resource_group_name | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with AWS or aws. |
string |
"" |
no |
| security_groups | (Optional) A list of security group IDs to associate with the endpoint. | list(string) |
[] |
no |
| tags | (Optional) A map of tags to add to all resources. | map(string) |
{} |
no |
| timeouts | (Optional) How long to wait for the endpoint to be created/updated/deleted. | object({ |
{} |
no |
| Name | Description |
|---|---|
| arn | The Amazon Resource Name (ARN) of the VPC endpoint. |
| connection_notifications | A list of Endpoint Connection Notifications for VPC Endpoint events. |
| default_security_group | The default security group ID of the VPC endpoint. |
| dns_entries | The DNS entries for the VPC Endpoint. |
| id | The ID of the VPC endpoint. |
| ip_address_type | The type of IP addresses used by the VPC endpoint. |
| name | The VPC Interface Endpoint name. |
| network_interfaces | One or more network interfaces for the VPC Endpoint. |
| network_mapping | The configuration for the endpoint how routes traffic to targets in which subnets and IP address settings. |
| owner_id | The Owner ID of the VPC endpoint. |
| private_dns | The configuration of the private DNS settings for the VPC Endpoint. |
| requester_managed | Whether or not the VPC Endpoint is being managed by its service. |
| security_groups | A set of security group IDs which is assigned to the VPC endpoint. |
| service_name | The service name of the VPC Interface Endpoint. |
| state | The state of the VPC endpoint. |
| type | The type of the VPC endpoint. |
| vpc_id | The VPC ID of the VPC endpoint. |