From e82814fb7af2e3f29fd2608fe8a52bab75218e19 Mon Sep 17 00:00:00 2001 From: Pablo Serrano Date: Thu, 2 Apr 2020 21:19:11 +0200 Subject: [PATCH] feat: Add EC2 Auto Scaling VPC endpoint (#374) --- README.md | 7 +++++++ outputs.tf | 15 +++++++++++++++ variables.tf | 25 +++++++++++++++++++++++++ vpc-endpoints.tf | 23 +++++++++++++++++++++++ 4 files changed, 70 insertions(+) diff --git a/README.md b/README.md index c36104648..33c1fd8f0 100644 --- a/README.md +++ b/README.md @@ -304,6 +304,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | dhcp\_options\_netbios\_node\_type | Specify netbios node\_type for DHCP options set (requires enable\_dhcp\_options set to true) | `string` | `""` | no | | dhcp\_options\_ntp\_servers | Specify a list of NTP servers for DHCP options set (requires enable\_dhcp\_options set to true) | `list(string)` | `[]` | no | | dhcp\_options\_tags | Additional tags for the DHCP option set (requires enable\_dhcp\_options set to true) | `map(string)` | `{}` | no | +| ec2\_autoscaling\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2 AutoScaling endpoint | bool | `"false"` | no | +| ec2\_autoscaling\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EC2 AutoScaling endpoint | list(string) | `[]` | no | +| ec2\_autoscaling\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EC2 AutoScaling endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no | | ec2\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint | `bool` | `false` | no | | ec2\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EC2 endpoint | `list(string)` | `[]` | no | | ec2\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no | @@ -358,6 +361,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | `bool` | `false` | no | | enable\_dns\_support | Should be true to enable DNS support in the VPC | `bool` | `true` | no | | enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | `bool` | `false` | no | +| enable\_ec2\_autoscaling\_endpoint | Should be true if you want to provision an EC2AutoScaling endpoint to the VPC | bool | `"false"` | no | | enable\_ec2\_endpoint | Should be true if you want to provision an EC2 endpoint to the VPC | `bool` | `false` | no | | enable\_ec2messages\_endpoint | Should be true if you want to provision an EC2MESSAGES endpoint to the VPC | `bool` | `false` | no | | enable\_ecr\_api\_endpoint | Should be true if you want to provision an ecr api endpoint to the VPC | `bool` | `false` | no | @@ -643,6 +647,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | vpc\_endpoint\_ec2\_dns\_entry | The DNS entries for the VPC Endpoint for EC2. | | vpc\_endpoint\_ec2\_id | The ID of VPC endpoint for EC2 | | vpc\_endpoint\_ec2\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for EC2 | +| vpc\_endpoint\_ec2\_autoscaling\_dns\_entry | The DNS entries for the VPC Endpoint for EC2 AutoScaling. | +| vpc\_endpoint\_ec2\_autoscaling\_id | The ID of VPC endpoint for EC2 AutoScaling | +| vpc\_endpoint\_ec2\_autoscaling\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for EC2 AutoScaling | | vpc\_endpoint\_ec2messages\_dns\_entry | The DNS entries for the VPC Endpoint for EC2MESSAGES. | | vpc\_endpoint\_ec2messages\_id | The ID of VPC endpoint for EC2MESSAGES | | vpc\_endpoint\_ec2messages\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for EC2MESSAGES | diff --git a/outputs.tf b/outputs.tf index c77fdd49b..c3b01a547 100644 --- a/outputs.tf +++ b/outputs.tf @@ -543,6 +543,21 @@ output "vpc_endpoint_ec2messages_dns_entry" { value = flatten(aws_vpc_endpoint.ec2messages.*.dns_entry) } +output "vpc_endpoint_ec2_autoscaling_id" { + description = "The ID of VPC endpoint for EC2 Autoscaling" + value = concat(aws_vpc_endpoint.ec2_autoscaling.*.id, [""])[0] +} + +output "vpc_endpoint_ec2_autoscaling_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for EC2 Autoscaling" + value = flatten(aws_vpc_endpoint.ec2_autoscaling.*.network_interface_ids) +} + +output "vpc_endpoint_ec2_autoscaling_dns_entry" { + description = "The DNS entries for the VPC Endpoint for EC2 Autoscaling." + value = flatten(aws_vpc_endpoint.ec2_autoscaling.*.dns_entry) +} + output "vpc_endpoint_transferserver_id" { description = "The ID of VPC endpoint for transferserver" value = concat(aws_vpc_endpoint.transferserver.*.id, [""])[0] diff --git a/variables.tf b/variables.tf index 9600f5f98..9381d8cef 100644 --- a/variables.tf +++ b/variables.tf @@ -579,6 +579,31 @@ variable "ec2messages_endpoint_subnet_ids" { default = [] } + +variable "enable_ec2_autoscaling_endpoint" { + description = "Should be true if you want to provision an EC2 Autoscaling endpoint to the VPC" + type = bool + default = false +} + +variable "ec2_autoscaling_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for EC2 Autoscaling endpoint" + type = list(string) + default = [] +} + +variable "ec2_autoscaling_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 Autoscaling endpoint" + type = bool + default = false +} + +variable "ec2_autoscaling_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for EC2 Autoscaling endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + type = list(string) + default = [] +} + variable "enable_ecr_api_endpoint" { description = "Should be true if you want to provision an ecr api endpoint to the VPC" type = bool diff --git a/vpc-endpoints.tf b/vpc-endpoints.tf index 01052f204..605140ba2 100644 --- a/vpc-endpoints.tf +++ b/vpc-endpoints.tf @@ -295,6 +295,29 @@ resource "aws_vpc_endpoint" "ec2messages" { tags = local.vpce_tags } +############################### +# VPC Endpoint for EC2 Autoscaling +############################### +data "aws_vpc_endpoint_service" "ec2_autoscaling" { + count = var.create_vpc && var.enable_ec2_autoscaling_endpoint ? 1 : 0 + + service = "autoscaling" +} + +resource "aws_vpc_endpoint" "ec2_autoscaling" { + count = var.create_vpc && var.enable_ec2_autoscaling_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.ec2_autoscaling[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.ec2_autoscaling_endpoint_security_group_ids + subnet_ids = coalescelist(var.ec2_autoscaling_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.ec2_autoscaling_endpoint_private_dns_enabled + tags = local.vpce_tags +} + + ################################### # VPC Endpoint for Transfer Server ###################################