Creates a set of VPC endpoints for the given VPC.
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "3.1.0"
...
}
resource "aws_security_group" "endpoint" {
name = format("app-%s-vpc-endpoint", var.application)
description = "A security group for PrivateLink endpoints"
tags = var.tags
vpc_id = module.vpc.vpc_id
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
lifecycle {
create_before_destroy = true
}
}
module "vpc_endpoints" {
source = "dod-iac/vpc-endpoints/aws"
route_table_ids = flatten([
module.vpc.intra_route_table_ids,
module.vpc.private_route_table_ids,
module.vpc.public_route_table_ids
])
security_group_ids = [aws_security_group.endpoint.id]
subnet_ids = module.vpc.private_subnets
vpc_id = module.vpc.vpc_id
tags = {
Application = var.application
Environment = var.environment
Automation = "Terraform"
}
}Run all terratest tests using the terratest script. If using aws-vault, you could use aws-vault exec $AWS_PROFILE -- terratest. The AWS_DEFAULT_REGION environment variable is required by the tests. Use TT_SKIP_DESTROY=1 to not destroy the infrastructure created during the tests. Use TT_VERBOSE=1 to log all tests as they are run. Use TT_TIMEOUT to set the timeout for the tests, with the value being in the Go format, e.g., 15m. The go test command can be executed directly, too.
Terraform 0.13. Pin module version to ~> 1.0.0 . Submit pull-requests to master branch.
Terraform 0.11 and 0.12 are not supported.
This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | >= 3.0.0, < 5.0 |
| Name | Version |
|---|---|
| aws | >= 3.0.0, < 5.0 |
No modules.
| Name | Type |
|---|---|
| aws_vpc_endpoint.main | resource |
| aws_region.current | data source |
| aws_vpc_endpoint_service.main | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| enable_athena_endpoints | Enable VPC endpoints for Athena. | bool |
true |
no |
| enable_cloudtrail_endpoints | Enable VPC endpoints for CloudTrail. | bool |
true |
no |
| enable_cloudwatch_endpoints | Enable VPC endpoints for CloudWatch. | bool |
true |
no |
| enable_ec2_endpoints | Enable VPC endpoints for EC2. | bool |
true |
no |
| enable_ecr_endpoints | Enable VPC endpoints for ECR. | bool |
true |
no |
| enable_ecs_endpoints | Enable VPC endpoints for ECS. | bool |
true |
no |
| enable_kms_endpoints | Enable VPC endpoints for KMS. | bool |
true |
no |
| enable_lambda_endpoints | Enable VPC endpoints for Lambda. | bool |
true |
no |
| enable_s3_endpoints | Enable VPC endpoints for S3. | bool |
true |
no |
| enable_sagemaker_endpoints | Enable VPC endpoints for SageMaker. | bool |
true |
no |
| enable_sns_endpoints | Enable VPC endpoints for SNS. | bool |
true |
no |
| enable_sqs_endpoints | Enable VPC endpoints for SQS. | bool |
true |
no |
| enable_ssm_endpoints | Enable VPC endpoints for SSM. | bool |
true |
no |
| enable_sts_endpoints | Enable VPC endpoints for STS. | bool |
true |
no |
| policy | If specified, the common policy to apply to all endpoints. | string |
"" |
no |
| route_table_ids | One or more route table IDs. Applicable for endpoints of type Gateway. | list(string) |
[] |
no |
| security_group_ids | The ID of one or more security groups to associate with the network interface. Required for endpoints of type Interface. | list(string) |
[] |
no |
| subnet_ids | The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. | list(string) |
[] |
no |
| tags | Tags applied to the VPC endpoints | map(string) |
{} |
no |
| timeout_create | Default timeout for creating a VPC endpoint | string |
"10m" |
no |
| timeout_delete | Default timeout for destroying VPC endpoints | string |
"10m" |
no |
| timeout_update | Default timeout for VPC endpoint modifications | string |
"10m" |
no |
| vpc_id | The ID of the VPC in which the endpoint will be used | string |
n/a | yes |
| Name | Description |
|---|---|
| endpoint_services | n/a |
| endpoints | n/a |