Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: use filter for getting service type for S3 endpoint and update to allow s3 to use interface endpoint types #597

80 changes: 43 additions & 37 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -229,13 +229,13 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| Name | Version |
|------|---------|
| terraform | >= 0.12.21 |
| aws | >= 3.10 |
| aws | >= 2.70 |

## Providers

| Name | Version |
|------|---------|
| aws | >= 3.10 |
| aws | >= 2.70 |

## Modules

Expand All @@ -245,39 +245,39 @@ No Modules.

| Name |
|------|
| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/cloudwatch_log_group) |
| [aws_customer_gateway](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/customer_gateway) |
| [aws_db_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/db_subnet_group) |
| [aws_default_network_acl](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/default_network_acl) |
| [aws_default_security_group](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/default_security_group) |
| [aws_default_vpc](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/default_vpc) |
| [aws_egress_only_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/egress_only_internet_gateway) |
| [aws_eip](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/eip) |
| [aws_elasticache_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/elasticache_subnet_group) |
| [aws_flow_log](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/flow_log) |
| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/data-sources/iam_policy_document) |
| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/iam_policy) |
| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/iam_role_policy_attachment) |
| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/iam_role) |
| [aws_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/internet_gateway) |
| [aws_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/nat_gateway) |
| [aws_network_acl_rule](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/network_acl_rule) |
| [aws_network_acl](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/network_acl) |
| [aws_redshift_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/redshift_subnet_group) |
| [aws_route_table_association](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/route_table_association) |
| [aws_route_table](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/route_table) |
| [aws_route](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/route) |
| [aws_subnet](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/subnet) |
| [aws_vpc_dhcp_options_association](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/vpc_dhcp_options_association) |
| [aws_vpc_dhcp_options](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/vpc_dhcp_options) |
| [aws_vpc_endpoint_route_table_association](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/vpc_endpoint_route_table_association) |
| [aws_vpc_endpoint_service](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/data-sources/vpc_endpoint_service) |
| [aws_vpc_endpoint](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/vpc_endpoint) |
| [aws_vpc_ipv4_cidr_block_association](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/vpc_ipv4_cidr_block_association) |
| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/vpc) |
| [aws_vpn_gateway_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/vpn_gateway_attachment) |
| [aws_vpn_gateway_route_propagation](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/vpn_gateway_route_propagation) |
| [aws_vpn_gateway](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/vpn_gateway) |
| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/cloudwatch_log_group) |
| [aws_customer_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/customer_gateway) |
| [aws_db_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/db_subnet_group) |
| [aws_default_network_acl](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/default_network_acl) |
| [aws_default_security_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/default_security_group) |
| [aws_default_vpc](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/default_vpc) |
| [aws_egress_only_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/egress_only_internet_gateway) |
| [aws_eip](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/eip) |
| [aws_elasticache_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/elasticache_subnet_group) |
| [aws_flow_log](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/flow_log) |
| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/data-sources/iam_policy_document) |
| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/iam_policy) |
| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/iam_role_policy_attachment) |
| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/iam_role) |
| [aws_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/internet_gateway) |
| [aws_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/nat_gateway) |
| [aws_network_acl_rule](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/network_acl_rule) |
| [aws_network_acl](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/network_acl) |
| [aws_redshift_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/redshift_subnet_group) |
| [aws_route_table_association](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/route_table_association) |
| [aws_route_table](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/route_table) |
| [aws_route](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/route) |
| [aws_subnet](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/subnet) |
| [aws_vpc_dhcp_options_association](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpc_dhcp_options_association) |
| [aws_vpc_dhcp_options](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpc_dhcp_options) |
| [aws_vpc_endpoint_route_table_association](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpc_endpoint_route_table_association) |
| [aws_vpc_endpoint_service](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/data-sources/vpc_endpoint_service) |
| [aws_vpc_endpoint](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpc_endpoint) |
| [aws_vpc_ipv4_cidr_block_association](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpc_ipv4_cidr_block_association) |
| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpc) |
| [aws_vpn_gateway_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpn_gateway_attachment) |
| [aws_vpn_gateway_route_propagation](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpn_gateway_route_propagation) |
| [aws_vpn_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpn_gateway) |

## Inputs

Expand Down Expand Up @@ -395,7 +395,10 @@ No Modules.
| dms\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for DMS endpoint | `bool` | `false` | no |
| dms\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for DMS endpoint | `list(string)` | `[]` | no |
| dms\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for DMS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
| dynamodb\_endpoint\_type | DynamoDB VPC endpoint type | `string` | `"Gateway"` | no |
| dynamodb\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for DynamoDB interface endpoint | `bool` | `false` | no |
| dynamodb\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for DynamoDB interface endpoint | `list(string)` | `[]` | no |
| dynamodb\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for DynamoDB interface endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
| dynamodb\_endpoint\_type | DynamoDB VPC endpoint type. Note - DynamoDB Interface type support is not yet available | `string` | `"Gateway"` | no |
| ebs\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EBS endpoint | `bool` | `false` | no |
| ebs\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EBS endpoint | `list(string)` | `[]` | no |
| ebs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EBS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no |
Expand Down Expand Up @@ -632,7 +635,10 @@ No Modules.
| rekognition\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Rekognition endpoint | `list(string)` | `[]` | no |
| rekognition\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Rekognition endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
| reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external\_nat\_ip\_ids' variable | `bool` | `false` | no |
| s3\_endpoint\_type | S3 VPC endpoint type | `string` | `"Gateway"` | no |
| s3\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for S3 interface endpoint | `bool` | `false` | no |
| s3\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for S3 interface endpoint | `list(string)` | `[]` | no |
| s3\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for S3 interface endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
| s3\_endpoint\_type | S3 VPC endpoint type. Note - S3 Interface type support is only available on AWS provider 3.10 and later | `string` | `"Gateway"` | no |
| sagemaker\_api\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SageMaker API endpoint | `bool` | `false` | no |
| sagemaker\_api\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SageMaker API endpoint | `list(string)` | `[]` | no |
| sagemaker\_api\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SageMaker API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
Expand Down
6 changes: 5 additions & 1 deletion examples/complete-vpc/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,11 @@ module "vpc" {
dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"]

# VPC endpoint for S3
enable_s3_endpoint = true
# Note - S3 Interface type support is only available on AWS provider 3.10 and later
enable_s3_endpoint = true
s3_endpoint_type = "Interface"
s3_endpoint_private_dns_enabled = false
s3_endpoint_security_group_ids = [data.aws_security_group.default.id]

# VPC endpoint for DynamoDB
enable_dynamodb_endpoint = true
Expand Down
6 changes: 3 additions & 3 deletions examples/ipv6/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,13 +20,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
| terraform | >= 0.12.21 |
| aws | >= 3.10 |
| aws | >= 2.70 |

## Providers

| Name | Version |
|------|---------|
| aws | >= 3.10 |
| aws | >= 2.70 |

## Modules

Expand All @@ -38,7 +38,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP

| Name |
|------|
| [aws_availability_zones](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/data-sources/availability_zones) |
| [aws_availability_zones](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/data-sources/availability_zones) |

## Inputs

Expand Down
2 changes: 1 addition & 1 deletion examples/ipv6/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.10"
version = ">= 2.70"
}
}
}
2 changes: 1 addition & 1 deletion examples/issue-108-route-already-exists/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
| terraform | >= 0.12.21 |
| aws | >= 3.10 |
| aws | >= 2.70 |

## Providers

Expand Down
2 changes: 1 addition & 1 deletion examples/issue-108-route-already-exists/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.10"
version = ">= 2.70"
}
}
}
2 changes: 1 addition & 1 deletion examples/issue-44-asymmetric-private-subnets/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
| terraform | >= 0.12.21 |
| aws | >= 3.10 |
| aws | >= 2.70 |

## Providers

Expand Down
2 changes: 1 addition & 1 deletion examples/issue-44-asymmetric-private-subnets/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.10"
version = ">= 2.70"
}
}
}
2 changes: 1 addition & 1 deletion examples/issue-46-no-private-subnets/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
| terraform | >= 0.12.21 |
| aws | >= 3.10 |
| aws | >= 2.70 |

## Providers

Expand Down
2 changes: 1 addition & 1 deletion examples/issue-46-no-private-subnets/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.10"
version = ">= 2.70"
}
}
}
2 changes: 1 addition & 1 deletion examples/manage-default-vpc/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ Run `terraform destroy` when you don't need these resources.
| Name | Version |
|------|---------|
| terraform | >= 0.12.21 |
| aws | >= 3.10 |
| aws | >= 2.70 |

## Providers

Expand Down
2 changes: 1 addition & 1 deletion examples/manage-default-vpc/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.10"
version = ">= 2.70"
}
}
}
2 changes: 1 addition & 1 deletion examples/network-acls/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
| terraform | >= 0.12.21 |
| aws | >= 3.10 |
| aws | >= 2.70 |

## Providers

Expand Down
2 changes: 1 addition & 1 deletion examples/network-acls/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.10"
version = ">= 2.70"
}
}
}
2 changes: 1 addition & 1 deletion examples/secondary-cidr-blocks/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
| terraform | >= 0.12.21 |
| aws | >= 3.10 |
| aws | >= 2.70 |

## Providers

Expand Down
2 changes: 1 addition & 1 deletion examples/secondary-cidr-blocks/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.10"
version = ">= 2.70"
}
}
}
2 changes: 1 addition & 1 deletion examples/simple-vpc/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
| terraform | >= 0.12.21 |
| aws | >= 3.10 |
| aws | >= 2.70 |

## Providers

Expand Down
2 changes: 0 additions & 2 deletions examples/simple-vpc/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,6 @@ module "vpc" {
enable_nat_gateway = false
single_nat_gateway = true

# s3_endpoint_type = "Interface"

enable_s3_endpoint = true
enable_dynamodb_endpoint = true

Expand Down
2 changes: 1 addition & 1 deletion examples/simple-vpc/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.10"
version = ">= 2.70"
}
}
}
14 changes: 7 additions & 7 deletions examples/vpc-flow-logs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,14 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
| terraform | >= 0.12.21 |
| aws | >= 3.10 |
| aws | >= 2.70 |
| random | >= 2 |

## Providers

| Name | Version |
|------|---------|
| aws | >= 3.10 |
| aws | >= 2.70 |
| random | >= 2 |

## Modules
Expand All @@ -47,11 +47,11 @@ Note that this example may create resources which can cost money (AWS Elastic IP

| Name |
|------|
| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/cloudwatch_log_group) |
| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/data-sources/iam_policy_document) |
| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/iam_policy) |
| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/iam_role_policy_attachment) |
| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/resources/iam_role) |
| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/cloudwatch_log_group) |
| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/data-sources/iam_policy_document) |
| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/iam_policy) |
| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/iam_role_policy_attachment) |
| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/iam_role) |
| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) |

## Inputs
Expand Down
2 changes: 1 addition & 1 deletion examples/vpc-flow-logs/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.10"
version = ">= 2.70"
}

random = {
Expand Down
2 changes: 1 addition & 1 deletion examples/vpc-separate-private-route-tables/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
| terraform | >= 0.12.21 |
| aws | >= 2.68 |
| aws | >= 2.70 |

## Providers

Expand Down
5 changes: 4 additions & 1 deletion examples/vpc-separate-private-route-tables/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ terraform {
required_version = ">= 0.12.21"

required_providers {
aws = ">= 2.68"
aws = {
source = "hashicorp/aws"
version = ">= 2.70"
}
}
}
Loading