This is a mirror of the official AWS VPC module from github. (Prevents failed clones happening frequently when using github).
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1532 lines
51KB

  1. ######################
  2. # VPC Endpoint for S3
  3. ######################
  4. data "aws_vpc_endpoint_service" "s3" {
  5. count = var.create_vpc && var.enable_s3_endpoint ? 1 : 0
  6. service = "s3"
  7. }
  8. resource "aws_vpc_endpoint" "s3" {
  9. count = var.create_vpc && var.enable_s3_endpoint ? 1 : 0
  10. vpc_id = local.vpc_id
  11. service_name = data.aws_vpc_endpoint_service.s3[0].service_name
  12. tags = local.vpce_tags
  13. }
  14. resource "aws_vpc_endpoint_route_table_association" "private_s3" {
  15. count = var.create_vpc && var.enable_s3_endpoint ? local.nat_gateway_count : 0
  16. vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
  17. route_table_id = element(aws_route_table.private.*.id, count.index)
  18. }
  19. resource "aws_vpc_endpoint_route_table_association" "intra_s3" {
  20. count = var.create_vpc && var.enable_s3_endpoint && length(var.intra_subnets) > 0 ? 1 : 0
  21. vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
  22. route_table_id = element(aws_route_table.intra.*.id, 0)
  23. }
  24. resource "aws_vpc_endpoint_route_table_association" "public_s3" {
  25. count = var.create_vpc && var.enable_s3_endpoint && var.enable_public_s3_endpoint && length(var.public_subnets) > 0 ? 1 : 0
  26. vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
  27. route_table_id = aws_route_table.public[0].id
  28. }
  29. ############################
  30. # VPC Endpoint for DynamoDB
  31. ############################
  32. data "aws_vpc_endpoint_service" "dynamodb" {
  33. count = var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0
  34. service = "dynamodb"
  35. }
  36. resource "aws_vpc_endpoint" "dynamodb" {
  37. count = var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0
  38. vpc_id = local.vpc_id
  39. service_name = data.aws_vpc_endpoint_service.dynamodb[0].service_name
  40. tags = local.vpce_tags
  41. }
  42. resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" {
  43. count = var.create_vpc && var.enable_dynamodb_endpoint ? local.nat_gateway_count : 0
  44. vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
  45. route_table_id = element(aws_route_table.private.*.id, count.index)
  46. }
  47. resource "aws_vpc_endpoint_route_table_association" "intra_dynamodb" {
  48. count = var.create_vpc && var.enable_dynamodb_endpoint && length(var.intra_subnets) > 0 ? 1 : 0
  49. vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
  50. route_table_id = element(aws_route_table.intra.*.id, 0)
  51. }
  52. resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
  53. count = var.create_vpc && var.enable_dynamodb_endpoint && length(var.public_subnets) > 0 ? 1 : 0
  54. vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
  55. route_table_id = aws_route_table.public[0].id
  56. }
  57. #############################
  58. # VPC Endpoint for Codebuild
  59. #############################
  60. data "aws_vpc_endpoint_service" "codebuild" {
  61. count = var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0
  62. service = "codebuild"
  63. }
  64. resource "aws_vpc_endpoint" "codebuild" {
  65. count = var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0
  66. vpc_id = local.vpc_id
  67. service_name = data.aws_vpc_endpoint_service.codebuild[0].service_name
  68. vpc_endpoint_type = "Interface"
  69. security_group_ids = var.codebuild_endpoint_security_group_ids
  70. subnet_ids = coalescelist(var.codebuild_endpoint_subnet_ids, aws_subnet.private.*.id)
  71. private_dns_enabled = var.codebuild_endpoint_private_dns_enabled
  72. tags = local.vpce_tags
  73. }
  74. ###############################
  75. # VPC Endpoint for Code Commit
  76. ###############################
  77. data "aws_vpc_endpoint_service" "codecommit" {
  78. count = var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0
  79. service = "codecommit"
  80. }
  81. resource "aws_vpc_endpoint" "codecommit" {
  82. count = var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0
  83. vpc_id = local.vpc_id
  84. service_name = data.aws_vpc_endpoint_service.codecommit[0].service_name
  85. vpc_endpoint_type = "Interface"
  86. security_group_ids = var.codecommit_endpoint_security_group_ids
  87. subnet_ids = coalescelist(var.codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
  88. private_dns_enabled = var.codecommit_endpoint_private_dns_enabled
  89. tags = local.vpce_tags
  90. }
  91. ###################################
  92. # VPC Endpoint for Git Code Commit
  93. ###################################
  94. data "aws_vpc_endpoint_service" "git_codecommit" {
  95. count = var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0
  96. service = "git-codecommit"
  97. }
  98. resource "aws_vpc_endpoint" "git_codecommit" {
  99. count = var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0
  100. vpc_id = local.vpc_id
  101. service_name = data.aws_vpc_endpoint_service.git_codecommit[0].service_name
  102. vpc_endpoint_type = "Interface"
  103. security_group_ids = var.git_codecommit_endpoint_security_group_ids
  104. subnet_ids = coalescelist(var.git_codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
  105. private_dns_enabled = var.git_codecommit_endpoint_private_dns_enabled
  106. tags = local.vpce_tags
  107. }
  108. ##########################
  109. # VPC Endpoint for Config
  110. ##########################
  111. data "aws_vpc_endpoint_service" "config" {
  112. count = var.create_vpc && var.enable_config_endpoint ? 1 : 0
  113. service = "config"
  114. }
  115. resource "aws_vpc_endpoint" "config" {
  116. count = var.create_vpc && var.enable_config_endpoint ? 1 : 0
  117. vpc_id = local.vpc_id
  118. service_name = data.aws_vpc_endpoint_service.config[0].service_name
  119. vpc_endpoint_type = "Interface"
  120. security_group_ids = var.config_endpoint_security_group_ids
  121. subnet_ids = coalescelist(var.config_endpoint_subnet_ids, aws_subnet.private.*.id)
  122. private_dns_enabled = var.config_endpoint_private_dns_enabled
  123. tags = local.vpce_tags
  124. }
  125. #######################
  126. # VPC Endpoint for SQS
  127. #######################
  128. data "aws_vpc_endpoint_service" "sqs" {
  129. count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
  130. service = "sqs"
  131. }
  132. resource "aws_vpc_endpoint" "sqs" {
  133. count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
  134. vpc_id = local.vpc_id
  135. service_name = data.aws_vpc_endpoint_service.sqs[0].service_name
  136. vpc_endpoint_type = "Interface"
  137. security_group_ids = var.sqs_endpoint_security_group_ids
  138. subnet_ids = coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id)
  139. private_dns_enabled = var.sqs_endpoint_private_dns_enabled
  140. tags = local.vpce_tags
  141. }
  142. #########################
  143. # VPC Endpoint for Lambda
  144. #########################
  145. data "aws_vpc_endpoint_service" "lambda" {
  146. count = var.create_vpc && var.enable_lambda_endpoint ? 1 : 0
  147. service = "lambda"
  148. }
  149. resource "aws_vpc_endpoint" "lambda" {
  150. count = var.create_vpc && var.enable_lambda_endpoint ? 1 : 0
  151. vpc_id = local.vpc_id
  152. service_name = data.aws_vpc_endpoint_service.lambda[0].service_name
  153. vpc_endpoint_type = "Interface"
  154. security_group_ids = var.lambda_endpoint_security_group_ids
  155. subnet_ids = coalescelist(var.lambda_endpoint_subnet_ids, aws_subnet.private.*.id)
  156. private_dns_enabled = var.lambda_endpoint_private_dns_enabled
  157. tags = local.vpce_tags
  158. }
  159. ###################################
  160. # VPC Endpoint for Secrets Manager
  161. ###################################
  162. data "aws_vpc_endpoint_service" "secretsmanager" {
  163. count = var.create_vpc && var.enable_secretsmanager_endpoint ? 1 : 0
  164. service = "secretsmanager"
  165. }
  166. resource "aws_vpc_endpoint" "secretsmanager" {
  167. count = var.create_vpc && var.enable_secretsmanager_endpoint ? 1 : 0
  168. vpc_id = local.vpc_id
  169. service_name = data.aws_vpc_endpoint_service.secretsmanager[0].service_name
  170. vpc_endpoint_type = "Interface"
  171. security_group_ids = var.secretsmanager_endpoint_security_group_ids
  172. subnet_ids = coalescelist(var.secretsmanager_endpoint_subnet_ids, aws_subnet.private.*.id)
  173. private_dns_enabled = var.secretsmanager_endpoint_private_dns_enabled
  174. tags = local.vpce_tags
  175. }
  176. #######################
  177. # VPC Endpoint for SSM
  178. #######################
  179. data "aws_vpc_endpoint_service" "ssm" {
  180. count = var.create_vpc && var.enable_ssm_endpoint ? 1 : 0
  181. service = "ssm"
  182. }
  183. resource "aws_vpc_endpoint" "ssm" {
  184. count = var.create_vpc && var.enable_ssm_endpoint ? 1 : 0
  185. vpc_id = local.vpc_id
  186. service_name = data.aws_vpc_endpoint_service.ssm[0].service_name
  187. vpc_endpoint_type = "Interface"
  188. security_group_ids = var.ssm_endpoint_security_group_ids
  189. subnet_ids = coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)
  190. private_dns_enabled = var.ssm_endpoint_private_dns_enabled
  191. tags = local.vpce_tags
  192. }
  193. ###############################
  194. # VPC Endpoint for SSMMESSAGES
  195. ###############################
  196. data "aws_vpc_endpoint_service" "ssmmessages" {
  197. count = var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0
  198. service = "ssmmessages"
  199. }
  200. resource "aws_vpc_endpoint" "ssmmessages" {
  201. count = var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0
  202. vpc_id = local.vpc_id
  203. service_name = data.aws_vpc_endpoint_service.ssmmessages[0].service_name
  204. vpc_endpoint_type = "Interface"
  205. security_group_ids = var.ssmmessages_endpoint_security_group_ids
  206. subnet_ids = coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)
  207. private_dns_enabled = var.ssmmessages_endpoint_private_dns_enabled
  208. tags = local.vpce_tags
  209. }
  210. #######################
  211. # VPC Endpoint for EC2
  212. #######################
  213. data "aws_vpc_endpoint_service" "ec2" {
  214. count = var.create_vpc && var.enable_ec2_endpoint ? 1 : 0
  215. service = "ec2"
  216. }
  217. resource "aws_vpc_endpoint" "ec2" {
  218. count = var.create_vpc && var.enable_ec2_endpoint ? 1 : 0
  219. vpc_id = local.vpc_id
  220. service_name = data.aws_vpc_endpoint_service.ec2[0].service_name
  221. vpc_endpoint_type = "Interface"
  222. security_group_ids = var.ec2_endpoint_security_group_ids
  223. subnet_ids = coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)
  224. private_dns_enabled = var.ec2_endpoint_private_dns_enabled
  225. tags = local.vpce_tags
  226. }
  227. ###############################
  228. # VPC Endpoint for EC2MESSAGES
  229. ###############################
  230. data "aws_vpc_endpoint_service" "ec2messages" {
  231. count = var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0
  232. service = "ec2messages"
  233. }
  234. resource "aws_vpc_endpoint" "ec2messages" {
  235. count = var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0
  236. vpc_id = local.vpc_id
  237. service_name = data.aws_vpc_endpoint_service.ec2messages[0].service_name
  238. vpc_endpoint_type = "Interface"
  239. security_group_ids = var.ec2messages_endpoint_security_group_ids
  240. subnet_ids = coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)
  241. private_dns_enabled = var.ec2messages_endpoint_private_dns_enabled
  242. tags = local.vpce_tags
  243. }
  244. ###############################
  245. # VPC Endpoint for EC2 Autoscaling
  246. ###############################
  247. data "aws_vpc_endpoint_service" "ec2_autoscaling" {
  248. count = var.create_vpc && var.enable_ec2_autoscaling_endpoint ? 1 : 0
  249. service = "autoscaling"
  250. }
  251. resource "aws_vpc_endpoint" "ec2_autoscaling" {
  252. count = var.create_vpc && var.enable_ec2_autoscaling_endpoint ? 1 : 0
  253. vpc_id = local.vpc_id
  254. service_name = data.aws_vpc_endpoint_service.ec2_autoscaling[0].service_name
  255. vpc_endpoint_type = "Interface"
  256. security_group_ids = var.ec2_autoscaling_endpoint_security_group_ids
  257. subnet_ids = coalescelist(var.ec2_autoscaling_endpoint_subnet_ids, aws_subnet.private.*.id)
  258. private_dns_enabled = var.ec2_autoscaling_endpoint_private_dns_enabled
  259. tags = local.vpce_tags
  260. }
  261. ###################################
  262. # VPC Endpoint for Transfer Server
  263. ###################################
  264. data "aws_vpc_endpoint_service" "transferserver" {
  265. count = var.create_vpc && var.enable_transferserver_endpoint ? 1 : 0
  266. service = "transfer.server"
  267. }
  268. resource "aws_vpc_endpoint" "transferserver" {
  269. count = var.create_vpc && var.enable_transferserver_endpoint ? 1 : 0
  270. vpc_id = local.vpc_id
  271. service_name = data.aws_vpc_endpoint_service.transferserver[0].service_name
  272. vpc_endpoint_type = "Interface"
  273. security_group_ids = var.transferserver_endpoint_security_group_ids
  274. subnet_ids = coalescelist(var.transferserver_endpoint_subnet_ids, aws_subnet.private.*.id)
  275. private_dns_enabled = var.transferserver_endpoint_private_dns_enabled
  276. tags = local.vpce_tags
  277. }
  278. ###########################
  279. # VPC Endpoint for ECR API
  280. ###########################
  281. data "aws_vpc_endpoint_service" "ecr_api" {
  282. count = var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0
  283. service = "ecr.api"
  284. }
  285. resource "aws_vpc_endpoint" "ecr_api" {
  286. count = var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0
  287. vpc_id = local.vpc_id
  288. service_name = data.aws_vpc_endpoint_service.ecr_api[0].service_name
  289. vpc_endpoint_type = "Interface"
  290. security_group_ids = var.ecr_api_endpoint_security_group_ids
  291. subnet_ids = coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)
  292. private_dns_enabled = var.ecr_api_endpoint_private_dns_enabled
  293. tags = local.vpce_tags
  294. }
  295. ###########################
  296. # VPC Endpoint for ECR DKR
  297. ###########################
  298. data "aws_vpc_endpoint_service" "ecr_dkr" {
  299. count = var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0
  300. service = "ecr.dkr"
  301. }
  302. resource "aws_vpc_endpoint" "ecr_dkr" {
  303. count = var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0
  304. vpc_id = local.vpc_id
  305. service_name = data.aws_vpc_endpoint_service.ecr_dkr[0].service_name
  306. vpc_endpoint_type = "Interface"
  307. security_group_ids = var.ecr_dkr_endpoint_security_group_ids
  308. subnet_ids = coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)
  309. private_dns_enabled = var.ecr_dkr_endpoint_private_dns_enabled
  310. tags = local.vpce_tags
  311. }
  312. #######################
  313. # VPC Endpoint for API Gateway
  314. #######################
  315. data "aws_vpc_endpoint_service" "apigw" {
  316. count = var.create_vpc && var.enable_apigw_endpoint ? 1 : 0
  317. service = "execute-api"
  318. }
  319. resource "aws_vpc_endpoint" "apigw" {
  320. count = var.create_vpc && var.enable_apigw_endpoint ? 1 : 0
  321. vpc_id = local.vpc_id
  322. service_name = data.aws_vpc_endpoint_service.apigw[0].service_name
  323. vpc_endpoint_type = "Interface"
  324. security_group_ids = var.apigw_endpoint_security_group_ids
  325. subnet_ids = coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)
  326. private_dns_enabled = var.apigw_endpoint_private_dns_enabled
  327. tags = local.vpce_tags
  328. }
  329. #######################
  330. # VPC Endpoint for KMS
  331. #######################
  332. data "aws_vpc_endpoint_service" "kms" {
  333. count = var.create_vpc && var.enable_kms_endpoint ? 1 : 0
  334. service = "kms"
  335. }
  336. resource "aws_vpc_endpoint" "kms" {
  337. count = var.create_vpc && var.enable_kms_endpoint ? 1 : 0
  338. vpc_id = local.vpc_id
  339. service_name = data.aws_vpc_endpoint_service.kms[0].service_name
  340. vpc_endpoint_type = "Interface"
  341. security_group_ids = var.kms_endpoint_security_group_ids
  342. subnet_ids = coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)
  343. private_dns_enabled = var.kms_endpoint_private_dns_enabled
  344. tags = local.vpce_tags
  345. }
  346. #######################
  347. # VPC Endpoint for ECS
  348. #######################
  349. data "aws_vpc_endpoint_service" "ecs" {
  350. count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
  351. service = "ecs"
  352. }
  353. resource "aws_vpc_endpoint" "ecs" {
  354. count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
  355. vpc_id = local.vpc_id
  356. service_name = data.aws_vpc_endpoint_service.ecs[0].service_name
  357. vpc_endpoint_type = "Interface"
  358. security_group_ids = var.ecs_endpoint_security_group_ids
  359. subnet_ids = coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id)
  360. private_dns_enabled = var.ecs_endpoint_private_dns_enabled
  361. tags = local.vpce_tags
  362. }
  363. #######################
  364. # VPC Endpoint for ECS Agent
  365. #######################
  366. data "aws_vpc_endpoint_service" "ecs_agent" {
  367. count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
  368. service = "ecs-agent"
  369. }
  370. resource "aws_vpc_endpoint" "ecs_agent" {
  371. count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
  372. vpc_id = local.vpc_id
  373. service_name = data.aws_vpc_endpoint_service.ecs_agent[0].service_name
  374. vpc_endpoint_type = "Interface"
  375. security_group_ids = var.ecs_agent_endpoint_security_group_ids
  376. subnet_ids = coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id)
  377. private_dns_enabled = var.ecs_agent_endpoint_private_dns_enabled
  378. tags = local.vpce_tags
  379. }
  380. #######################
  381. # VPC Endpoint for ECS Telemetry
  382. #######################
  383. data "aws_vpc_endpoint_service" "ecs_telemetry" {
  384. count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
  385. service = "ecs-telemetry"
  386. }
  387. resource "aws_vpc_endpoint" "ecs_telemetry" {
  388. count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
  389. vpc_id = local.vpc_id
  390. service_name = data.aws_vpc_endpoint_service.ecs_telemetry[0].service_name
  391. vpc_endpoint_type = "Interface"
  392. security_group_ids = var.ecs_telemetry_endpoint_security_group_ids
  393. subnet_ids = coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id)
  394. private_dns_enabled = var.ecs_telemetry_endpoint_private_dns_enabled
  395. tags = local.vpce_tags
  396. }
  397. #######################
  398. # VPC Endpoint for SNS
  399. #######################
  400. data "aws_vpc_endpoint_service" "sns" {
  401. count = var.create_vpc && var.enable_sns_endpoint ? 1 : 0
  402. service = "sns"
  403. }
  404. resource "aws_vpc_endpoint" "sns" {
  405. count = var.create_vpc && var.enable_sns_endpoint ? 1 : 0
  406. vpc_id = local.vpc_id
  407. service_name = data.aws_vpc_endpoint_service.sns[0].service_name
  408. vpc_endpoint_type = "Interface"
  409. security_group_ids = var.sns_endpoint_security_group_ids
  410. subnet_ids = coalescelist(var.sns_endpoint_subnet_ids, aws_subnet.private.*.id)
  411. private_dns_enabled = var.sns_endpoint_private_dns_enabled
  412. tags = local.vpce_tags
  413. }
  414. #######################
  415. # VPC Endpoint for CloudWatch Monitoring
  416. #######################
  417. data "aws_vpc_endpoint_service" "monitoring" {
  418. count = var.create_vpc && var.enable_monitoring_endpoint ? 1 : 0
  419. service = "monitoring"
  420. }
  421. resource "aws_vpc_endpoint" "monitoring" {
  422. count = var.create_vpc && var.enable_monitoring_endpoint ? 1 : 0
  423. vpc_id = local.vpc_id
  424. service_name = data.aws_vpc_endpoint_service.monitoring[0].service_name
  425. vpc_endpoint_type = "Interface"
  426. security_group_ids = var.monitoring_endpoint_security_group_ids
  427. subnet_ids = coalescelist(var.monitoring_endpoint_subnet_ids, aws_subnet.private.*.id)
  428. private_dns_enabled = var.monitoring_endpoint_private_dns_enabled
  429. tags = local.vpce_tags
  430. }
  431. #######################
  432. # VPC Endpoint for CloudWatch Logs
  433. #######################
  434. data "aws_vpc_endpoint_service" "logs" {
  435. count = var.create_vpc && var.enable_logs_endpoint ? 1 : 0
  436. service = "logs"
  437. }
  438. resource "aws_vpc_endpoint" "logs" {
  439. count = var.create_vpc && var.enable_logs_endpoint ? 1 : 0
  440. vpc_id = local.vpc_id
  441. service_name = data.aws_vpc_endpoint_service.logs[0].service_name
  442. vpc_endpoint_type = "Interface"
  443. security_group_ids = var.logs_endpoint_security_group_ids
  444. subnet_ids = coalescelist(var.logs_endpoint_subnet_ids, aws_subnet.private.*.id)
  445. private_dns_enabled = var.logs_endpoint_private_dns_enabled
  446. tags = local.vpce_tags
  447. }
  448. #######################
  449. # VPC Endpoint for CloudWatch Events
  450. #######################
  451. data "aws_vpc_endpoint_service" "events" {
  452. count = var.create_vpc && var.enable_events_endpoint ? 1 : 0
  453. service = "events"
  454. }
  455. resource "aws_vpc_endpoint" "events" {
  456. count = var.create_vpc && var.enable_events_endpoint ? 1 : 0
  457. vpc_id = local.vpc_id
  458. service_name = data.aws_vpc_endpoint_service.events[0].service_name
  459. vpc_endpoint_type = "Interface"
  460. security_group_ids = var.events_endpoint_security_group_ids
  461. subnet_ids = coalescelist(var.events_endpoint_subnet_ids, aws_subnet.private.*.id)
  462. private_dns_enabled = var.events_endpoint_private_dns_enabled
  463. tags = local.vpce_tags
  464. }
  465. #######################
  466. # VPC Endpoint for Elastic Load Balancing
  467. #######################
  468. data "aws_vpc_endpoint_service" "elasticloadbalancing" {
  469. count = var.create_vpc && var.enable_elasticloadbalancing_endpoint ? 1 : 0
  470. service = "elasticloadbalancing"
  471. }
  472. resource "aws_vpc_endpoint" "elasticloadbalancing" {
  473. count = var.create_vpc && var.enable_elasticloadbalancing_endpoint ? 1 : 0
  474. vpc_id = local.vpc_id
  475. service_name = data.aws_vpc_endpoint_service.elasticloadbalancing[0].service_name
  476. vpc_endpoint_type = "Interface"
  477. security_group_ids = var.elasticloadbalancing_endpoint_security_group_ids
  478. subnet_ids = coalescelist(var.elasticloadbalancing_endpoint_subnet_ids, aws_subnet.private.*.id)
  479. private_dns_enabled = var.elasticloadbalancing_endpoint_private_dns_enabled
  480. tags = local.vpce_tags
  481. }
  482. #######################
  483. # VPC Endpoint for CloudTrail
  484. #######################
  485. data "aws_vpc_endpoint_service" "cloudtrail" {
  486. count = var.create_vpc && var.enable_cloudtrail_endpoint ? 1 : 0
  487. service = "cloudtrail"
  488. }
  489. resource "aws_vpc_endpoint" "cloudtrail" {
  490. count = var.create_vpc && var.enable_cloudtrail_endpoint ? 1 : 0
  491. vpc_id = local.vpc_id
  492. service_name = data.aws_vpc_endpoint_service.cloudtrail[0].service_name
  493. vpc_endpoint_type = "Interface"
  494. security_group_ids = var.cloudtrail_endpoint_security_group_ids
  495. subnet_ids = coalescelist(var.cloudtrail_endpoint_subnet_ids, aws_subnet.private.*.id)
  496. private_dns_enabled = var.cloudtrail_endpoint_private_dns_enabled
  497. tags = local.vpce_tags
  498. }
  499. #######################
  500. # VPC Endpoint for Kinesis Streams
  501. #######################
  502. data "aws_vpc_endpoint_service" "kinesis_streams" {
  503. count = var.create_vpc && var.enable_kinesis_streams_endpoint ? 1 : 0
  504. service = "kinesis-streams"
  505. }
  506. resource "aws_vpc_endpoint" "kinesis_streams" {
  507. count = var.create_vpc && var.enable_kinesis_streams_endpoint ? 1 : 0
  508. vpc_id = local.vpc_id
  509. service_name = data.aws_vpc_endpoint_service.kinesis_streams[0].service_name
  510. vpc_endpoint_type = "Interface"
  511. security_group_ids = var.kinesis_streams_endpoint_security_group_ids
  512. subnet_ids = coalescelist(var.kinesis_streams_endpoint_subnet_ids, aws_subnet.private.*.id)
  513. private_dns_enabled = var.kinesis_streams_endpoint_private_dns_enabled
  514. tags = local.vpce_tags
  515. }
  516. #######################
  517. # VPC Endpoint for Kinesis Firehose
  518. #######################
  519. data "aws_vpc_endpoint_service" "kinesis_firehose" {
  520. count = var.create_vpc && var.enable_kinesis_firehose_endpoint ? 1 : 0
  521. service = "kinesis-firehose"
  522. }
  523. resource "aws_vpc_endpoint" "kinesis_firehose" {
  524. count = var.create_vpc && var.enable_kinesis_firehose_endpoint ? 1 : 0
  525. vpc_id = local.vpc_id
  526. service_name = data.aws_vpc_endpoint_service.kinesis_firehose[0].service_name
  527. vpc_endpoint_type = "Interface"
  528. security_group_ids = var.kinesis_firehose_endpoint_security_group_ids
  529. subnet_ids = coalescelist(var.kinesis_firehose_endpoint_subnet_ids, aws_subnet.private.*.id)
  530. private_dns_enabled = var.kinesis_firehose_endpoint_private_dns_enabled
  531. tags = local.vpce_tags
  532. }
  533. #######################
  534. # VPC Endpoint for Glue
  535. #######################
  536. data "aws_vpc_endpoint_service" "glue" {
  537. count = var.create_vpc && var.enable_glue_endpoint ? 1 : 0
  538. service = "glue"
  539. }
  540. resource "aws_vpc_endpoint" "glue" {
  541. count = var.create_vpc && var.enable_glue_endpoint ? 1 : 0
  542. vpc_id = local.vpc_id
  543. service_name = data.aws_vpc_endpoint_service.glue[0].service_name
  544. vpc_endpoint_type = "Interface"
  545. security_group_ids = var.glue_endpoint_security_group_ids
  546. subnet_ids = coalescelist(var.glue_endpoint_subnet_ids, aws_subnet.private.*.id)
  547. private_dns_enabled = var.glue_endpoint_private_dns_enabled
  548. tags = local.vpce_tags
  549. }
  550. ######################################
  551. # VPC Endpoint for Sagemaker Notebooks
  552. ######################################
  553. data "aws_vpc_endpoint_service" "sagemaker_notebook" {
  554. count = var.create_vpc && var.enable_sagemaker_notebook_endpoint ? 1 : 0
  555. service_name = "aws.sagemaker.${var.sagemaker_notebook_endpoint_region}.notebook"
  556. }
  557. resource "aws_vpc_endpoint" "sagemaker_notebook" {
  558. count = var.create_vpc && var.enable_sagemaker_notebook_endpoint ? 1 : 0
  559. vpc_id = local.vpc_id
  560. service_name = data.aws_vpc_endpoint_service.sagemaker_notebook[0].service_name
  561. vpc_endpoint_type = "Interface"
  562. security_group_ids = var.sagemaker_notebook_endpoint_security_group_ids
  563. subnet_ids = coalescelist(var.sagemaker_notebook_endpoint_subnet_ids, aws_subnet.private.*.id)
  564. private_dns_enabled = var.sagemaker_notebook_endpoint_private_dns_enabled
  565. tags = local.vpce_tags
  566. }
  567. #######################
  568. # VPC Endpoint for STS
  569. #######################
  570. data "aws_vpc_endpoint_service" "sts" {
  571. count = var.create_vpc && var.enable_sts_endpoint ? 1 : 0
  572. service = "sts"
  573. }
  574. resource "aws_vpc_endpoint" "sts" {
  575. count = var.create_vpc && var.enable_sts_endpoint ? 1 : 0
  576. vpc_id = local.vpc_id
  577. service_name = data.aws_vpc_endpoint_service.sts[0].service_name
  578. vpc_endpoint_type = "Interface"
  579. security_group_ids = var.sts_endpoint_security_group_ids
  580. subnet_ids = coalescelist(var.sts_endpoint_subnet_ids, aws_subnet.private.*.id)
  581. private_dns_enabled = var.sts_endpoint_private_dns_enabled
  582. tags = local.vpce_tags
  583. }
  584. #############################
  585. # VPC Endpoint for Cloudformation
  586. #############################
  587. data "aws_vpc_endpoint_service" "cloudformation" {
  588. count = var.create_vpc && var.enable_cloudformation_endpoint ? 1 : 0
  589. service = "cloudformation"
  590. }
  591. resource "aws_vpc_endpoint" "cloudformation" {
  592. count = var.create_vpc && var.enable_cloudformation_endpoint ? 1 : 0
  593. vpc_id = local.vpc_id
  594. service_name = data.aws_vpc_endpoint_service.cloudformation[0].service_name
  595. vpc_endpoint_type = "Interface"
  596. security_group_ids = var.cloudformation_endpoint_security_group_ids
  597. subnet_ids = coalescelist(var.cloudformation_endpoint_subnet_ids, aws_subnet.private.*.id)
  598. private_dns_enabled = var.cloudformation_endpoint_private_dns_enabled
  599. tags = local.vpce_tags
  600. }
  601. #############################
  602. # VPC Endpoint for CodePipeline
  603. #############################
  604. data "aws_vpc_endpoint_service" "codepipeline" {
  605. count = var.create_vpc && var.enable_codepipeline_endpoint ? 1 : 0
  606. service = "codepipeline"
  607. }
  608. resource "aws_vpc_endpoint" "codepipeline" {
  609. count = var.create_vpc && var.enable_codepipeline_endpoint ? 1 : 0
  610. vpc_id = local.vpc_id
  611. service_name = data.aws_vpc_endpoint_service.codepipeline[0].service_name
  612. vpc_endpoint_type = "Interface"
  613. security_group_ids = var.codepipeline_endpoint_security_group_ids
  614. subnet_ids = coalescelist(var.codepipeline_endpoint_subnet_ids, aws_subnet.private.*.id)
  615. private_dns_enabled = var.codepipeline_endpoint_private_dns_enabled
  616. tags = local.vpce_tags
  617. }
  618. #############################
  619. # VPC Endpoint for AppMesh
  620. #############################
  621. data "aws_vpc_endpoint_service" "appmesh_envoy_management" {
  622. count = var.create_vpc && var.enable_appmesh_envoy_management_endpoint ? 1 : 0
  623. service = "appmesh-envoy-management"
  624. }
  625. resource "aws_vpc_endpoint" "appmesh_envoy_management" {
  626. count = var.create_vpc && var.enable_appmesh_envoy_management_endpoint ? 1 : 0
  627. vpc_id = local.vpc_id
  628. service_name = data.aws_vpc_endpoint_service.appmesh_envoy_management[0].service_name
  629. vpc_endpoint_type = "Interface"
  630. security_group_ids = var.appmesh_envoy_management_endpoint_security_group_ids
  631. subnet_ids = coalescelist(var.appmesh_envoy_management_endpoint_subnet_ids, aws_subnet.private.*.id)
  632. private_dns_enabled = var.appmesh_envoy_management_endpoint_private_dns_enabled
  633. tags = local.vpce_tags
  634. }
  635. #############################
  636. # VPC Endpoint for Service Catalog
  637. #############################
  638. data "aws_vpc_endpoint_service" "servicecatalog" {
  639. count = var.create_vpc && var.enable_servicecatalog_endpoint ? 1 : 0
  640. service = "servicecatalog"
  641. }
  642. resource "aws_vpc_endpoint" "servicecatalog" {
  643. count = var.create_vpc && var.enable_servicecatalog_endpoint ? 1 : 0
  644. vpc_id = local.vpc_id
  645. service_name = data.aws_vpc_endpoint_service.servicecatalog[0].service_name
  646. vpc_endpoint_type = "Interface"
  647. security_group_ids = var.servicecatalog_endpoint_security_group_ids
  648. subnet_ids = coalescelist(var.servicecatalog_endpoint_subnet_ids, aws_subnet.private.*.id)
  649. private_dns_enabled = var.servicecatalog_endpoint_private_dns_enabled
  650. tags = local.vpce_tags
  651. }
  652. #############################
  653. # VPC Endpoint for Storage Gateway
  654. #############################
  655. data "aws_vpc_endpoint_service" "storagegateway" {
  656. count = var.create_vpc && var.enable_storagegateway_endpoint ? 1 : 0
  657. service = "storagegateway"
  658. }
  659. resource "aws_vpc_endpoint" "storagegateway" {
  660. count = var.create_vpc && var.enable_storagegateway_endpoint ? 1 : 0
  661. vpc_id = local.vpc_id
  662. service_name = data.aws_vpc_endpoint_service.storagegateway[0].service_name
  663. vpc_endpoint_type = "Interface"
  664. security_group_ids = var.storagegateway_endpoint_security_group_ids
  665. subnet_ids = coalescelist(var.storagegateway_endpoint_subnet_ids, aws_subnet.private.*.id)
  666. private_dns_enabled = var.storagegateway_endpoint_private_dns_enabled
  667. tags = local.vpce_tags
  668. }
  669. #############################
  670. # VPC Endpoint for Transfer
  671. #############################
  672. data "aws_vpc_endpoint_service" "transfer" {
  673. count = var.create_vpc && var.enable_transfer_endpoint ? 1 : 0
  674. service = "transfer"
  675. }
  676. resource "aws_vpc_endpoint" "transfer" {
  677. count = var.create_vpc && var.enable_transfer_endpoint ? 1 : 0
  678. vpc_id = local.vpc_id
  679. service_name = data.aws_vpc_endpoint_service.transfer[0].service_name
  680. vpc_endpoint_type = "Interface"
  681. security_group_ids = var.transfer_endpoint_security_group_ids
  682. subnet_ids = coalescelist(var.transfer_endpoint_subnet_ids, aws_subnet.private.*.id)
  683. private_dns_enabled = var.transfer_endpoint_private_dns_enabled
  684. tags = local.vpce_tags
  685. }
  686. #############################
  687. # VPC Endpoint for SageMaker API
  688. #############################
  689. data "aws_vpc_endpoint_service" "sagemaker_api" {
  690. count = var.create_vpc && var.enable_sagemaker_api_endpoint ? 1 : 0
  691. service = "sagemaker.api"
  692. }
  693. resource "aws_vpc_endpoint" "sagemaker_api" {
  694. count = var.create_vpc && var.enable_sagemaker_api_endpoint ? 1 : 0
  695. vpc_id = local.vpc_id
  696. service_name = data.aws_vpc_endpoint_service.sagemaker_api[0].service_name
  697. vpc_endpoint_type = "Interface"
  698. security_group_ids = var.sagemaker_api_endpoint_security_group_ids
  699. subnet_ids = coalescelist(var.sagemaker_api_endpoint_subnet_ids, aws_subnet.private.*.id)
  700. private_dns_enabled = var.sagemaker_api_endpoint_private_dns_enabled
  701. tags = local.vpce_tags
  702. }
  703. #############################
  704. # VPC Endpoint for SageMaker Runtime
  705. #############################
  706. data "aws_vpc_endpoint_service" "sagemaker_runtime" {
  707. count = var.create_vpc && var.enable_sagemaker_runtime_endpoint ? 1 : 0
  708. service = "sagemaker.runtime"
  709. }
  710. resource "aws_vpc_endpoint" "sagemaker_runtime" {
  711. count = var.create_vpc && var.enable_sagemaker_runtime_endpoint ? 1 : 0
  712. vpc_id = local.vpc_id
  713. service_name = data.aws_vpc_endpoint_service.sagemaker_runtime[0].service_name
  714. vpc_endpoint_type = "Interface"
  715. security_group_ids = var.sagemaker_runtime_endpoint_security_group_ids
  716. subnet_ids = coalescelist(var.sagemaker_runtime_endpoint_subnet_ids, aws_subnet.private.*.id)
  717. private_dns_enabled = var.sagemaker_runtime_endpoint_private_dns_enabled
  718. tags = local.vpce_tags
  719. }
  720. #############################
  721. # VPC Endpoint for AppStream API
  722. #############################
  723. data "aws_vpc_endpoint_service" "appstream_api" {
  724. count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0
  725. service = "appstream.api"
  726. }
  727. resource "aws_vpc_endpoint" "appstream_api" {
  728. count = var.create_vpc && var.enable_appstream_api_endpoint ? 1 : 0
  729. vpc_id = local.vpc_id
  730. service_name = data.aws_vpc_endpoint_service.appstream_api[0].service_name
  731. vpc_endpoint_type = "Interface"
  732. security_group_ids = var.appstream_api_endpoint_security_group_ids
  733. subnet_ids = coalescelist(var.appstream_api_endpoint_subnet_ids, aws_subnet.private.*.id)
  734. private_dns_enabled = var.appstream_api_endpoint_private_dns_enabled
  735. tags = local.vpce_tags
  736. }
  737. #############################
  738. # VPC Endpoint for AppStream STREAMING
  739. #############################
  740. data "aws_vpc_endpoint_service" "appstream_streaming" {
  741. count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0
  742. service = "appstream.streaming"
  743. }
  744. resource "aws_vpc_endpoint" "appstream_streaming" {
  745. count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0
  746. vpc_id = local.vpc_id
  747. service_name = data.aws_vpc_endpoint_service.appstream_streaming[0].service_name
  748. vpc_endpoint_type = "Interface"
  749. security_group_ids = var.appstream_streaming_endpoint_security_group_ids
  750. subnet_ids = coalescelist(var.appstream_streaming_endpoint_subnet_ids, aws_subnet.private.*.id)
  751. private_dns_enabled = var.appstream_streaming_endpoint_private_dns_enabled
  752. tags = local.vpce_tags
  753. }
  754. #############################
  755. # VPC Endpoint for Athena
  756. #############################
  757. data "aws_vpc_endpoint_service" "athena" {
  758. count = var.create_vpc && var.enable_athena_endpoint ? 1 : 0
  759. service = "athena"
  760. }
  761. resource "aws_vpc_endpoint" "athena" {
  762. count = var.create_vpc && var.enable_athena_endpoint ? 1 : 0
  763. vpc_id = local.vpc_id
  764. service_name = data.aws_vpc_endpoint_service.athena[0].service_name
  765. vpc_endpoint_type = "Interface"
  766. security_group_ids = var.athena_endpoint_security_group_ids
  767. subnet_ids = coalescelist(var.athena_endpoint_subnet_ids, aws_subnet.private.*.id)
  768. private_dns_enabled = var.athena_endpoint_private_dns_enabled
  769. tags = local.vpce_tags
  770. }
  771. #############################
  772. # VPC Endpoint for Rekognition
  773. #############################
  774. data "aws_vpc_endpoint_service" "rekognition" {
  775. count = var.create_vpc && var.enable_rekognition_endpoint ? 1 : 0
  776. service = "rekognition"
  777. }
  778. resource "aws_vpc_endpoint" "rekognition" {
  779. count = var.create_vpc && var.enable_rekognition_endpoint ? 1 : 0
  780. vpc_id = local.vpc_id
  781. service_name = data.aws_vpc_endpoint_service.rekognition[0].service_name
  782. vpc_endpoint_type = "Interface"
  783. security_group_ids = var.rekognition_endpoint_security_group_ids
  784. subnet_ids = coalescelist(var.rekognition_endpoint_subnet_ids, aws_subnet.private.*.id)
  785. private_dns_enabled = var.rekognition_endpoint_private_dns_enabled
  786. tags = local.vpce_tags
  787. }
  788. #######################
  789. # VPC Endpoint for EFS
  790. #######################
  791. data "aws_vpc_endpoint_service" "efs" {
  792. count = var.create_vpc && var.enable_efs_endpoint ? 1 : 0
  793. service = "elasticfilesystem"
  794. }
  795. resource "aws_vpc_endpoint" "efs" {
  796. count = var.create_vpc && var.enable_efs_endpoint ? 1 : 0
  797. vpc_id = local.vpc_id
  798. service_name = data.aws_vpc_endpoint_service.efs[0].service_name
  799. vpc_endpoint_type = "Interface"
  800. security_group_ids = var.efs_endpoint_security_group_ids
  801. subnet_ids = coalescelist(var.efs_endpoint_subnet_ids, aws_subnet.private.*.id)
  802. private_dns_enabled = var.efs_endpoint_private_dns_enabled
  803. tags = local.vpce_tags
  804. }
  805. #######################
  806. # VPC Endpoint for Cloud Directory
  807. #######################
  808. data "aws_vpc_endpoint_service" "cloud_directory" {
  809. count = var.create_vpc && var.enable_cloud_directory_endpoint ? 1 : 0
  810. service = "clouddirectory"
  811. }
  812. resource "aws_vpc_endpoint" "cloud_directory" {
  813. count = var.create_vpc && var.enable_cloud_directory_endpoint ? 1 : 0
  814. vpc_id = local.vpc_id
  815. service_name = data.aws_vpc_endpoint_service.cloud_directory[0].service_name
  816. vpc_endpoint_type = "Interface"
  817. security_group_ids = var.cloud_directory_endpoint_security_group_ids
  818. subnet_ids = coalescelist(var.cloud_directory_endpoint_subnet_ids, aws_subnet.private.*.id)
  819. private_dns_enabled = var.cloud_directory_endpoint_private_dns_enabled
  820. tags = local.vpce_tags
  821. }
  822. #######################
  823. # VPC Endpoint for Auto Scaling Plans
  824. #######################
  825. data "aws_vpc_endpoint_service" "auto_scaling_plans" {
  826. count = var.create_vpc && var.enable_auto_scaling_plans_endpoint ? 1 : 0
  827. service = "autoscaling-plans"
  828. }
  829. resource "aws_vpc_endpoint" "auto_scaling_plans" {
  830. count = var.create_vpc && var.enable_auto_scaling_plans_endpoint ? 1 : 0
  831. vpc_id = local.vpc_id
  832. service_name = data.aws_vpc_endpoint_service.auto_scaling_plans[0].service_name
  833. vpc_endpoint_type = "Interface"
  834. security_group_ids = var.auto_scaling_plans_endpoint_security_group_ids
  835. subnet_ids = coalescelist(var.auto_scaling_plans_endpoint_subnet_ids, aws_subnet.private.*.id)
  836. private_dns_enabled = var.auto_scaling_plans_endpoint_private_dns_enabled
  837. tags = local.vpce_tags
  838. }
  839. #######################
  840. # VPC Endpoint for Workspaces
  841. #######################
  842. data "aws_vpc_endpoint_service" "workspaces" {
  843. count = var.create_vpc && var.enable_workspaces_endpoint ? 1 : 0
  844. service = "workspaces"
  845. }
  846. resource "aws_vpc_endpoint" "workspaces" {
  847. count = var.create_vpc && var.enable_workspaces_endpoint ? 1 : 0
  848. vpc_id = local.vpc_id
  849. service_name = data.aws_vpc_endpoint_service.workspaces[0].service_name
  850. vpc_endpoint_type = "Interface"
  851. security_group_ids = var.workspaces_endpoint_security_group_ids
  852. subnet_ids = coalescelist(var.workspaces_endpoint_subnet_ids, aws_subnet.private.*.id)
  853. private_dns_enabled = var.workspaces_endpoint_private_dns_enabled
  854. tags = local.vpce_tags
  855. }
  856. #######################
  857. # VPC Endpoint for Access Analyzer
  858. #######################
  859. data "aws_vpc_endpoint_service" "access_analyzer" {
  860. count = var.create_vpc && var.enable_access_analyzer_endpoint ? 1 : 0
  861. service = "access-analyzer"
  862. }
  863. resource "aws_vpc_endpoint" "access_analyzer" {
  864. count = var.create_vpc && var.enable_access_analyzer_endpoint ? 1 : 0
  865. vpc_id = local.vpc_id
  866. service_name = data.aws_vpc_endpoint_service.access_analyzer[0].service_name
  867. vpc_endpoint_type = "Interface"
  868. security_group_ids = var.access_analyzer_endpoint_security_group_ids
  869. subnet_ids = coalescelist(var.access_analyzer_endpoint_subnet_ids, aws_subnet.private.*.id)
  870. private_dns_enabled = var.access_analyzer_endpoint_private_dns_enabled
  871. tags = local.vpce_tags
  872. }
  873. #######################
  874. # VPC Endpoint for EBS
  875. #######################
  876. data "aws_vpc_endpoint_service" "ebs" {
  877. count = var.create_vpc && var.enable_ebs_endpoint ? 1 : 0
  878. service = "ebs"
  879. }
  880. resource "aws_vpc_endpoint" "ebs" {
  881. count = var.create_vpc && var.enable_ebs_endpoint ? 1 : 0
  882. vpc_id = local.vpc_id
  883. service_name = data.aws_vpc_endpoint_service.ebs[0].service_name
  884. vpc_endpoint_type = "Interface"
  885. security_group_ids = var.ebs_endpoint_security_group_ids
  886. subnet_ids = coalescelist(var.ebs_endpoint_subnet_ids, aws_subnet.private.*.id)
  887. private_dns_enabled = var.ebs_endpoint_private_dns_enabled
  888. tags = local.vpce_tags
  889. }
  890. #######################
  891. # VPC Endpoint for Data Sync
  892. #######################
  893. data "aws_vpc_endpoint_service" "datasync" {
  894. count = var.create_vpc && var.enable_datasync_endpoint ? 1 : 0
  895. service = "datasync"
  896. }
  897. resource "aws_vpc_endpoint" "datasync" {
  898. count = var.create_vpc && var.enable_datasync_endpoint ? 1 : 0
  899. vpc_id = local.vpc_id
  900. service_name = data.aws_vpc_endpoint_service.datasync[0].service_name
  901. vpc_endpoint_type = "Interface"
  902. security_group_ids = var.datasync_endpoint_security_group_ids
  903. subnet_ids = coalescelist(var.datasync_endpoint_subnet_ids, aws_subnet.private.*.id)
  904. private_dns_enabled = var.datasync_endpoint_private_dns_enabled
  905. tags = local.vpce_tags
  906. }
  907. #######################
  908. # VPC Endpoint for Elastic Inference Runtime
  909. #######################
  910. data "aws_vpc_endpoint_service" "elastic_inference_runtime" {
  911. count = var.create_vpc && var.enable_elastic_inference_runtime_endpoint ? 1 : 0
  912. service = "elastic-inference.runtime"
  913. }
  914. resource "aws_vpc_endpoint" "elastic_inference_runtime" {
  915. count = var.create_vpc && var.enable_elastic_inference_runtime_endpoint ? 1 : 0
  916. vpc_id = local.vpc_id
  917. service_name = data.aws_vpc_endpoint_service.elastic_inference_runtime[0].service_name
  918. vpc_endpoint_type = "Interface"
  919. security_group_ids = var.elastic_inference_runtime_endpoint_security_group_ids
  920. subnet_ids = coalescelist(var.elastic_inference_runtime_endpoint_subnet_ids, aws_subnet.private.*.id)
  921. private_dns_enabled = var.elastic_inference_runtime_endpoint_private_dns_enabled
  922. tags = local.vpce_tags
  923. }
  924. #######################
  925. # VPC Endpoint for SMS
  926. #######################
  927. data "aws_vpc_endpoint_service" "sms" {
  928. count = var.create_vpc && var.enable_sms_endpoint ? 1 : 0
  929. service = "sms"
  930. }
  931. resource "aws_vpc_endpoint" "sms" {
  932. count = var.create_vpc && var.enable_sms_endpoint ? 1 : 0
  933. vpc_id = local.vpc_id
  934. service_name = data.aws_vpc_endpoint_service.sms[0].service_name
  935. vpc_endpoint_type = "Interface"
  936. security_group_ids = var.sms_endpoint_security_group_ids
  937. subnet_ids = coalescelist(var.sms_endpoint_subnet_ids, aws_subnet.private.*.id)
  938. private_dns_enabled = var.sms_endpoint_private_dns_enabled
  939. tags = local.vpce_tags
  940. }
  941. #######################
  942. # VPC Endpoint for EMR
  943. #######################
  944. data "aws_vpc_endpoint_service" "emr" {
  945. count = var.create_vpc && var.enable_emr_endpoint ? 1 : 0
  946. service = "elasticmapreduce"
  947. }
  948. resource "aws_vpc_endpoint" "emr" {
  949. count = var.create_vpc && var.enable_emr_endpoint ? 1 : 0
  950. vpc_id = local.vpc_id
  951. service_name = data.aws_vpc_endpoint_service.emr[0].service_name
  952. vpc_endpoint_type = "Interface"
  953. security_group_ids = var.emr_endpoint_security_group_ids
  954. subnet_ids = coalescelist(var.emr_endpoint_subnet_ids, aws_subnet.private.*.id)
  955. private_dns_enabled = var.emr_endpoint_private_dns_enabled
  956. tags = local.vpce_tags
  957. }
  958. #######################
  959. # VPC Endpoint for QLDB Session
  960. #######################
  961. data "aws_vpc_endpoint_service" "qldb_session" {
  962. count = var.create_vpc && var.enable_qldb_session_endpoint ? 1 : 0
  963. service = "qldb.session"
  964. }
  965. resource "aws_vpc_endpoint" "qldb_session" {
  966. count = var.create_vpc && var.enable_qldb_session_endpoint ? 1 : 0
  967. vpc_id = local.vpc_id
  968. service_name = data.aws_vpc_endpoint_service.qldb_session[0].service_name
  969. vpc_endpoint_type = "Interface"
  970. security_group_ids = var.qldb_session_endpoint_security_group_ids
  971. subnet_ids = coalescelist(var.qldb_session_endpoint_subnet_ids, aws_subnet.private.*.id)
  972. private_dns_enabled = var.qldb_session_endpoint_private_dns_enabled
  973. tags = local.vpce_tags
  974. }
  975. #############################
  976. # VPC Endpoint for Step Function
  977. #############################
  978. data "aws_vpc_endpoint_service" "states" {
  979. count = var.create_vpc && var.enable_states_endpoint ? 1 : 0
  980. service = "states"
  981. }
  982. resource "aws_vpc_endpoint" "states" {
  983. count = var.create_vpc && var.enable_states_endpoint ? 1 : 0
  984. vpc_id = local.vpc_id
  985. service_name = data.aws_vpc_endpoint_service.states[0].service_name
  986. vpc_endpoint_type = "Interface"
  987. security_group_ids = var.states_endpoint_security_group_ids
  988. subnet_ids = coalescelist(var.states_endpoint_subnet_ids, aws_subnet.private.*.id)
  989. private_dns_enabled = var.states_endpoint_private_dns_enabled
  990. tags = local.vpce_tags
  991. }
  992. #############################
  993. # VPC Endpoint for Elastic Beanstalk
  994. #############################
  995. data "aws_vpc_endpoint_service" "elasticbeanstalk" {
  996. count = var.create_vpc && var.enable_elasticbeanstalk_endpoint ? 1 : 0
  997. service = "elasticbeanstalk"
  998. }
  999. resource "aws_vpc_endpoint" "elasticbeanstalk" {
  1000. count = var.create_vpc && var.enable_elasticbeanstalk_endpoint ? 1 : 0
  1001. vpc_id = local.vpc_id
  1002. service_name = data.aws_vpc_endpoint_service.elasticbeanstalk[0].service_name
  1003. vpc_endpoint_type = "Interface"
  1004. security_group_ids = var.elasticbeanstalk_endpoint_security_group_ids
  1005. subnet_ids = coalescelist(var.elasticbeanstalk_endpoint_subnet_ids, aws_subnet.private.*.id)
  1006. private_dns_enabled = var.elasticbeanstalk_endpoint_private_dns_enabled
  1007. tags = local.vpce_tags
  1008. }
  1009. #############################
  1010. # VPC Endpoint for Elastic Beanstalk Health
  1011. #############################
  1012. data "aws_vpc_endpoint_service" "elasticbeanstalk_health" {
  1013. count = var.create_vpc && var.enable_elasticbeanstalk_health_endpoint ? 1 : 0
  1014. service = "elasticbeanstalk-health"
  1015. }
  1016. resource "aws_vpc_endpoint" "elasticbeanstalk_health" {
  1017. count = var.create_vpc && var.enable_elasticbeanstalk_health_endpoint ? 1 : 0
  1018. vpc_id = local.vpc_id
  1019. service_name = data.aws_vpc_endpoint_service.elasticbeanstalk_health[0].service_name
  1020. vpc_endpoint_type = "Interface"
  1021. security_group_ids = var.elasticbeanstalk_health_endpoint_security_group_ids
  1022. subnet_ids = coalescelist(var.elasticbeanstalk_health_endpoint_subnet_ids, aws_subnet.private.*.id)
  1023. private_dns_enabled = var.elasticbeanstalk_health_endpoint_private_dns_enabled
  1024. tags = local.vpce_tags
  1025. }
  1026. #############################
  1027. # VPC Endpoint for ACM PCA
  1028. #############################
  1029. data "aws_vpc_endpoint_service" "acm_pca" {
  1030. count = var.create_vpc && var.enable_acm_pca_endpoint ? 1 : 0
  1031. service = "acm-pca"
  1032. }
  1033. resource "aws_vpc_endpoint" "acm_pca" {
  1034. count = var.create_vpc && var.enable_acm_pca_endpoint ? 1 : 0
  1035. vpc_id = local.vpc_id
  1036. service_name = data.aws_vpc_endpoint_service.acm_pca[0].service_name
  1037. vpc_endpoint_type = "Interface"
  1038. security_group_ids = var.acm_pca_endpoint_security_group_ids
  1039. subnet_ids = coalescelist(var.acm_pca_endpoint_subnet_ids, aws_subnet.private.*.id)
  1040. private_dns_enabled = var.acm_pca_endpoint_private_dns_enabled
  1041. tags = local.vpce_tags
  1042. }
  1043. #######################
  1044. # VPC Endpoint for SES
  1045. #######################
  1046. data "aws_vpc_endpoint_service" "ses" {
  1047. count = var.create_vpc && var.enable_ses_endpoint ? 1 : 0
  1048. service = "email-smtp"
  1049. }
  1050. resource "aws_vpc_endpoint" "ses" {
  1051. count = var.create_vpc && var.enable_ses_endpoint ? 1 : 0
  1052. vpc_id = local.vpc_id
  1053. service_name = data.aws_vpc_endpoint_service.ses[0].service_name
  1054. vpc_endpoint_type = "Interface"
  1055. security_group_ids = var.ses_endpoint_security_group_ids
  1056. subnet_ids = coalescelist(var.ses_endpoint_subnet_ids, aws_subnet.private.*.id)
  1057. private_dns_enabled = var.ses_endpoint_private_dns_enabled
  1058. tags = local.vpce_tags
  1059. }
  1060. ######################
  1061. # VPC Endpoint for RDS
  1062. ######################
  1063. data "aws_vpc_endpoint_service" "rds" {
  1064. count = var.create_vpc && var.enable_rds_endpoint ? 1 : 0
  1065. service = "rds"
  1066. }
  1067. resource "aws_vpc_endpoint" "rds" {
  1068. count = var.create_vpc && var.enable_rds_endpoint ? 1 : 0
  1069. vpc_id = local.vpc_id
  1070. service_name = data.aws_vpc_endpoint_service.rds[0].service_name
  1071. vpc_endpoint_type = "Interface"
  1072. security_group_ids = var.rds_endpoint_security_group_ids
  1073. subnet_ids = coalescelist(var.rds_endpoint_subnet_ids, aws_subnet.private.*.id)
  1074. private_dns_enabled = var.rds_endpoint_private_dns_enabled
  1075. tags = local.vpce_tags
  1076. }
  1077. #############################
  1078. # VPC Endpoint for CodeDeploy
  1079. #############################
  1080. data "aws_vpc_endpoint_service" "codedeploy" {
  1081. count = var.create_vpc && var.enable_codedeploy_endpoint ? 1 : 0
  1082. service = "codedeploy"
  1083. }
  1084. resource "aws_vpc_endpoint" "codedeploy" {
  1085. count = var.create_vpc && var.enable_codedeploy_endpoint ? 1 : 0
  1086. vpc_id = local.vpc_id
  1087. service_name = data.aws_vpc_endpoint_service.codedeploy[0].service_name
  1088. vpc_endpoint_type = "Interface"
  1089. security_group_ids = var.codedeploy_endpoint_security_group_ids
  1090. subnet_ids = coalescelist(var.codedeploy_endpoint_subnet_ids, aws_subnet.private.*.id)
  1091. private_dns_enabled = var.codedeploy_endpoint_private_dns_enabled
  1092. tags = local.vpce_tags
  1093. }
  1094. #############################################
  1095. # VPC Endpoint for CodeDeploy Commands Secure
  1096. #############################################
  1097. data "aws_vpc_endpoint_service" "codedeploy_commands_secure" {
  1098. count = var.create_vpc && var.enable_codedeploy_commands_secure_endpoint ? 1 : 0
  1099. service = "codedeploy-commands-secure"
  1100. }
  1101. resource "aws_vpc_endpoint" "codedeploy_commands_secure" {
  1102. count = var.create_vpc && var.enable_codedeploy_commands_secure_endpoint ? 1 : 0
  1103. vpc_id = local.vpc_id
  1104. service_name = data.aws_vpc_endpoint_service.codedeploy_commands_secure[0].service_name
  1105. vpc_endpoint_type = "Interface"
  1106. security_group_ids = var.codedeploy_commands_secure_endpoint_security_group_ids
  1107. subnet_ids = coalescelist(var.codedeploy_commands_secure_endpoint_subnet_ids, aws_subnet.private.*.id)
  1108. private_dns_enabled = var.codedeploy_commands_secure_endpoint_private_dns_enabled
  1109. tags = local.vpce_tags
  1110. }
  1111. #############################################
  1112. # VPC Endpoint for Textract
  1113. #############################################
  1114. data "aws_vpc_endpoint_service" "textract" {
  1115. count = var.create_vpc && var.enable_textract_endpoint ? 1 : 0
  1116. service = "textract"
  1117. }
  1118. resource "aws_vpc_endpoint" "textract" {
  1119. count = var.create_vpc && var.enable_textract_endpoint ? 1 : 0
  1120. vpc_id = local.vpc_id
  1121. service_name = data.aws_vpc_endpoint_service.textract[0].service_name
  1122. vpc_endpoint_type = "Interface"
  1123. security_group_ids = var.textract_endpoint_security_group_ids
  1124. subnet_ids = coalescelist(var.textract_endpoint_subnet_ids, aws_subnet.private.*.id)
  1125. private_dns_enabled = var.textract_endpoint_private_dns_enabled
  1126. tags = local.vpce_tags
  1127. }
  1128. #############################################
  1129. # VPC Endpoint for Codeartifact API
  1130. #############################################
  1131. data "aws_vpc_endpoint_service" "codeartifact_api" {
  1132. count = var.create_vpc && var.enable_codeartifact_api_endpoint ? 1 : 0
  1133. service = "codeartifact.api"
  1134. }
  1135. resource "aws_vpc_endpoint" "codeartifact_api" {
  1136. count = var.create_vpc && var.enable_codeartifact_api_endpoint ? 1 : 0
  1137. vpc_id = local.vpc_id
  1138. service_name = data.aws_vpc_endpoint_service.codeartifact_api[0].service_name
  1139. vpc_endpoint_type = "Interface"
  1140. security_group_ids = var.codeartifact_api_endpoint_security_group_ids
  1141. subnet_ids = coalescelist(var.codeartifact_api_endpoint_subnet_ids, aws_subnet.private.*.id)
  1142. private_dns_enabled = var.codeartifact_api_endpoint_private_dns_enabled
  1143. tags = local.vpce_tags
  1144. }
  1145. #############################################
  1146. # VPC Endpoint for Codeartifact repositories
  1147. #############################################
  1148. data "aws_vpc_endpoint_service" "codeartifact_repositories" {
  1149. count = var.create_vpc && var.enable_codeartifact_repositories_endpoint ? 1 : 0
  1150. service = "codeartifact.repositories"
  1151. }
  1152. resource "aws_vpc_endpoint" "codeartifact_repositories" {
  1153. count = var.create_vpc && var.enable_codeartifact_repositories_endpoint ? 1 : 0
  1154. vpc_id = local.vpc_id
  1155. service_name = data.aws_vpc_endpoint_service.codeartifact_repositories[0].service_name
  1156. vpc_endpoint_type = "Interface"
  1157. security_group_ids = var.codeartifact_repositories_endpoint_security_group_ids
  1158. subnet_ids = coalescelist(var.codeartifact_repositories_endpoint_subnet_ids, aws_subnet.private.*.id)
  1159. private_dns_enabled = var.codeartifact_repositories_endpoint_private_dns_enabled
  1160. tags = local.vpce_tags
  1161. }