From 2b60f4eb396ef03955227234feef46cfcee62502 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Mon, 25 May 2020 12:45:19 +0300 Subject: [PATCH] feat: Added support for more VPC endpoints (#369) --- outputs.tf | 196 +++++++++++++++++++++++++++++- variables.tf | 307 +++++++++++++++++++++++++++++++++++++++++++++++ vpc-endpoints.tf | 299 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 801 insertions(+), 1 deletion(-) diff --git a/outputs.tf b/outputs.tf index 832647c71..1299543fb 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1092,6 +1092,201 @@ output "vpc_endpoint_cloud_directory_dns_entry" { value = flatten(aws_vpc_endpoint.cloud_directory.*.dns_entry) } +output "vpc_endpoint_elasticmapreduce_id" { + description = "The ID of VPC endpoint for EMR" + value = concat(aws_vpc_endpoint.emr.*.id, [""])[0] +} + +output "vpc_endpoint_elasticmapreduce_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for EMR." + value = flatten(aws_vpc_endpoint.emr.*.network_interface_ids) +} + +output "vpc_endpoint_elasticmapreduce_dns_entry" { + description = "The DNS entries for the VPC Endpoint for EMR." + value = flatten(aws_vpc_endpoint.emr.*.dns_entry) +} + +output "vpc_endpoint_sms_id" { + description = "The ID of VPC endpoint for SMS" + value = concat(aws_vpc_endpoint.sms.*.id, [""])[0] +} + +output "vpc_endpoint_sms_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for SMS." + value = flatten(aws_vpc_endpoint.sms.*.network_interface_ids) +} + +output "vpc_endpoint_sms_dns_entry" { + description = "The DNS entries for the VPC Endpoint for SMS." + value = flatten(aws_vpc_endpoint.sms.*.dns_entry) +} + +output "vpc_endpoint_states_id" { + description = "The ID of VPC endpoint for Step Function" + value = concat(aws_vpc_endpoint.states.*.id, [""])[0] +} + +output "vpc_endpoint_states_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for Step Function." + value = flatten(aws_vpc_endpoint.states.*.network_interface_ids) +} + +output "vpc_endpoint_states_dns_entry" { + description = "The DNS entries for the VPC Endpoint for Step Function." + value = flatten(aws_vpc_endpoint.states.*.dns_entry) +} + +output "vpc_endpoint_elastic_inference_runtime_id" { + description = "The ID of VPC endpoint for Elastic Inference Runtime" + value = concat(aws_vpc_endpoint.elastic_inference_runtime.*.id, [""])[0] +} + +output "vpc_endpoint_elastic_inference_runtime_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for Elastic Inference Runtime." + value = flatten(aws_vpc_endpoint.elastic_inference_runtime.*.network_interface_ids) +} + +output "vpc_endpoint_elastic_inference_runtime_dns_entry" { + description = "The DNS entries for the VPC Endpoint for Elastic Inference Runtime." + value = flatten(aws_vpc_endpoint.elastic_inference_runtime.*.dns_entry) +} + +output "vpc_endpoint_elasticbeanstalk_id" { + description = "The ID of VPC endpoint for Elastic Beanstalk" + value = concat(aws_vpc_endpoint.elasticbeanstalk.*.id, [""])[0] +} + +output "vpc_endpoint_elasticbeanstalk_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for Elastic Beanstalk." + value = flatten(aws_vpc_endpoint.elasticbeanstalk.*.network_interface_ids) +} + +output "vpc_endpoint_elasticbeanstalk_dns_entry" { + description = "The DNS entries for the VPC Endpoint for Elastic Beanstalk." + value = flatten(aws_vpc_endpoint.elasticbeanstalk.*.dns_entry) +} + +output "vpc_endpoint_elasticbeanstalk_health_id" { + description = "The ID of VPC endpoint for Elastic Beanstalk Health" + value = concat(aws_vpc_endpoint.elasticbeanstalk_health.*.id, [""])[0] +} + +output "vpc_endpoint_elasticbeanstalk_health_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for Elastic Beanstalk Health." + value = flatten(aws_vpc_endpoint.elasticbeanstalk_health.*.network_interface_ids) +} + +output "vpc_endpoint_elasticbeanstalk_health_dns_entry" { + description = "The DNS entries for the VPC Endpoint for Elastic Beanstalk Health." + value = flatten(aws_vpc_endpoint.elasticbeanstalk_health.*.dns_entry) +} + +output "vpc_endpoint_workspaces_id" { + description = "The ID of VPC endpoint for Workspaces" + value = concat(aws_vpc_endpoint.workspaces.*.id, [""])[0] +} + +output "vpc_endpoint_workspaces_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for Workspaces." + value = flatten(aws_vpc_endpoint.workspaces.*.network_interface_ids) +} + +output "vpc_endpoint_workspaces_dns_entry" { + description = "The DNS entries for the VPC Endpoint for Workspaces." + value = flatten(aws_vpc_endpoint.workspaces.*.dns_entry) +} + +output "vpc_endpoint_auto_scaling_plans_id" { + description = "The ID of VPC endpoint for Auto Scaling Plans" + value = concat(aws_vpc_endpoint.auto_scaling_plans.*.id, [""])[0] +} + +output "vpc_endpoint_auto_scaling_plans_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for Auto Scaling Plans." + value = flatten(aws_vpc_endpoint.auto_scaling_plans.*.network_interface_ids) +} + +output "vpc_endpoint_auto_scaling_plans_dns_entry" { + description = "The DNS entries for the VPC Endpoint for Auto Scaling Plans." + value = flatten(aws_vpc_endpoint.auto_scaling_plans.*.dns_entry) +} + +output "vpc_endpoint_ebs_id" { + description = "The ID of VPC endpoint for EBS" + value = concat(aws_vpc_endpoint.ebs.*.id, [""])[0] +} + +output "vpc_endpoint_ebs_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for EBS." + value = flatten(aws_vpc_endpoint.ebs.*.network_interface_ids) +} + +output "vpc_endpoint_ebs_dns_entry" { + description = "The DNS entries for the VPC Endpoint for EBS." + value = flatten(aws_vpc_endpoint.ebs.*.dns_entry) +} + +output "vpc_endpoint_qldb_session_id" { + description = "The ID of VPC endpoint for QLDB Session" + value = concat(aws_vpc_endpoint.qldb_session.*.id, [""])[0] +} + +output "vpc_endpoint_qldb_session_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for QLDB Session." + value = flatten(aws_vpc_endpoint.qldb_session.*.network_interface_ids) +} + +output "vpc_endpoint_qldb_session_dns_entry" { + description = "The DNS entries for the VPC Endpoint for QLDB Session." + value = flatten(aws_vpc_endpoint.qldb_session.*.dns_entry) +} + +output "vpc_endpoint_datasync_id" { + description = "The ID of VPC endpoint for DataSync" + value = concat(aws_vpc_endpoint.datasync.*.id, [""])[0] +} + +output "vpc_endpoint_datasync_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for DataSync." + value = flatten(aws_vpc_endpoint.datasync.*.network_interface_ids) +} + +output "vpc_endpoint_datasync_dns_entry" { + description = "The DNS entries for the VPC Endpoint for DataSync." + value = flatten(aws_vpc_endpoint.datasync.*.dns_entry) +} + +output "vpc_endpoint_access_analyzer_id" { + description = "The ID of VPC endpoint for Access Analyzer" + value = concat(aws_vpc_endpoint.access_analyzer.*.id, [""])[0] +} + +output "vpc_endpoint_access_analyzer_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for Access Analyzer." + value = flatten(aws_vpc_endpoint.access_analyzer.*.network_interface_ids) +} + +output "vpc_endpoint_access_analyzer_dns_entry" { + description = "The DNS entries for the VPC Endpoint for Access Analyzer." + value = flatten(aws_vpc_endpoint.access_analyzer.*.dns_entry) +} + +output "vpc_endpoint_acm_pca_id" { + description = "The ID of VPC endpoint for ACM PCA" + value = concat(aws_vpc_endpoint.access_analyzer.*.id, [""])[0] +} + +output "vpc_endpoint_acm_pca_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for ACM PCA." + value = flatten(aws_vpc_endpoint.acm_pca.*.network_interface_ids) +} + +output "vpc_endpoint_acm_pca_dns_entry" { + description = "The DNS entries for the VPC Endpoint for ACM PCA." + value = flatten(aws_vpc_endpoint.acm_pca.*.dns_entry) +} + output "vpc_endpoint_ses_id" { description = "The ID of VPC endpoint for SES" value = concat(aws_vpc_endpoint.ses.*.id, [""])[0] @@ -1107,7 +1302,6 @@ output "vpc_endpoint_ses_dns_entry" { value = flatten(aws_vpc_endpoint.ses.*.dns_entry) } - # VPC flow log output "vpc_flow_log_id" { description = "The ID of the Flow Log resource" diff --git a/variables.tf b/variables.tf index 01c41c01e..9cd35d073 100644 --- a/variables.tf +++ b/variables.tf @@ -1341,12 +1341,319 @@ variable "ses_endpoint_subnet_ids" { default = [] } +variable "enable_auto_scaling_plans_endpoint" { + description = "Should be true if you want to provision an Auto Scaling Plans endpoint to the VPC" + type = bool + default = false +} + +variable "auto_scaling_plans_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for Auto Scaling Plans endpoint" + type = list(string) + default = [] +} + +variable "auto_scaling_plans_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for Auto Scaling Plans endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "auto_scaling_plans_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for Auto Scaling Plans endpoint" + type = bool + default = false +} + variable "ses_endpoint_private_dns_enabled" { description = "Whether or not to associate a private hosted zone with the specified VPC for SES endpoint" type = bool default = false } +variable "enable_workspaces_endpoint" { + description = "Should be true if you want to provision an Workspaces endpoint to the VPC" + type = bool + default = false +} + +variable "workspaces_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for Workspaces endpoint" + type = list(string) + default = [] +} + +variable "workspaces_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for Workspaces endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "workspaces_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for Workspaces endpoint" + type = bool + default = false +} + +variable "enable_access_analyzer_endpoint" { + description = "Should be true if you want to provision an Access Analyzer endpoint to the VPC" + type = bool + default = false +} + +variable "access_analyzer_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for Access Analyzer endpoint" + type = list(string) + default = [] +} + +variable "access_analyzer_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for Access Analyzer endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "access_analyzer_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for Access Analyzer endpoint" + type = bool + default = false +} + +variable "enable_ebs_endpoint" { + description = "Should be true if you want to provision an EBS endpoint to the VPC" + type = bool + default = false +} + +variable "ebs_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for EBS endpoint" + type = list(string) + default = [] +} + +variable "ebs_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for EBS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "ebs_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for EBS endpoint" + type = bool + default = false +} + +variable "enable_datasync_endpoint" { + description = "Should be true if you want to provision an Data Sync endpoint to the VPC" + type = bool + default = false +} + +variable "datasync_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for Data Sync endpoint" + type = list(string) + default = [] +} + +variable "datasync_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for Data Sync endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "datasync_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for Data Sync endpoint" + type = bool + default = false +} + +variable "enable_elastic_inference_runtime_endpoint" { + description = "Should be true if you want to provision an Elastic Inference Runtime endpoint to the VPC" + type = bool + default = false +} + +variable "elastic_inference_runtime_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for Elastic Inference Runtime endpoint" + type = list(string) + default = [] +} + +variable "elastic_inference_runtime_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for Elastic Inference Runtime endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "elastic_inference_runtime_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Inference Runtime endpoint" + type = bool + default = false +} + +variable "enable_sms_endpoint" { + description = "Should be true if you want to provision an SMS endpoint to the VPC" + type = bool + default = false +} + +variable "sms_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for SMS endpoint" + type = list(string) + default = [] +} + +variable "sms_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for SMS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "sms_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for SMS endpoint" + type = bool + default = false +} + +variable "enable_emr_endpoint" { + description = "Should be true if you want to provision an EMR endpoint to the VPC" + type = bool + default = false +} + +variable "emr_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for EMR endpoint" + type = list(string) + default = [] +} + +variable "emr_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for EMR endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "emr_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for EMR endpoint" + type = bool + default = false +} + +variable "enable_qldb_session_endpoint" { + description = "Should be true if you want to provision an QLDB Session endpoint to the VPC" + type = bool + default = false +} + +variable "qldb_session_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for QLDB Session endpoint" + type = list(string) + default = [] +} + +variable "qldb_session_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for QLDB Session endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "qldb_session_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for QLDB Session endpoint" + type = bool + default = false +} + +variable "enable_elasticbeanstalk_endpoint" { + description = "Should be true if you want to provision a Elastic Beanstalk endpoint to the VPC" + type = bool + default = false +} + +variable "elasticbeanstalk_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for Elastic Beanstalk endpoint" + type = list(string) + default = [] +} + +variable "elasticbeanstalk_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for Elastic Beanstalk endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "elasticbeanstalk_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk endpoint" + type = bool + default = false +} + +variable "enable_elasticbeanstalk_health_endpoint" { + description = "Should be true if you want to provision a Elastic Beanstalk Health endpoint to the VPC" + type = bool + default = false +} + +variable "elasticbeanstalk_health_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for Elastic Beanstalk Health endpoint" + type = list(string) + default = [] +} + +variable "elasticbeanstalk_health_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for Elastic Beanstalk Health endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "elasticbeanstalk_health_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk Health endpoint" + type = bool + default = false +} + +variable "enable_states_endpoint" { + description = "Should be true if you want to provision a Step Function endpoint to the VPC" + type = bool + default = false +} + +variable "states_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for Step Function endpoint" + type = list(string) + default = [] +} + +variable "states_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for Step Function endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "states_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for Step Function endpoint" + type = bool + default = false +} + +variable "enable_acm_pca_endpoint" { + description = "Should be true if you want to provision an ACM PCA endpoint to the VPC" + default = false +} + +variable "acm_pca_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for ACM PCA endpoint" + default = [] +} + +variable "acm_pca_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for Codebuilt endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + default = [] +} + +variable "acm_pca_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for ACM PCA endpoint" + default = false +} variable "map_public_ip_on_launch" { description = "Should be false if you do not want to auto-assign public IP on launch" diff --git a/vpc-endpoints.tf b/vpc-endpoints.tf index 3365cfe26..ddc4868a8 100644 --- a/vpc-endpoints.tf +++ b/vpc-endpoints.tf @@ -1027,6 +1027,305 @@ resource "aws_vpc_endpoint" "cloud_directory" { tags = local.vpce_tags } +####################### +# VPC Endpoint for Auto Scaling Plans +####################### +data "aws_vpc_endpoint_service" "auto_scaling_plans" { + count = var.create_vpc && var.enable_auto_scaling_plans_endpoint ? 1 : 0 + + service = "autoscaling-plans" +} + +resource "aws_vpc_endpoint" "auto_scaling_plans" { + count = var.create_vpc && var.enable_auto_scaling_plans_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.auto_scaling_plans[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.auto_scaling_plans_endpoint_security_group_ids + subnet_ids = coalescelist(var.auto_scaling_plans_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.auto_scaling_plans_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + +####################### +# VPC Endpoint for Workspaces +####################### +data "aws_vpc_endpoint_service" "workspaces" { + count = var.create_vpc && var.enable_workspaces_endpoint ? 1 : 0 + + service = "workspaces" +} + +resource "aws_vpc_endpoint" "workspaces" { + count = var.create_vpc && var.enable_workspaces_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.workspaces[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.workspaces_endpoint_security_group_ids + subnet_ids = coalescelist(var.workspaces_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.workspaces_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + +####################### +# VPC Endpoint for Access Analyzer +####################### +data "aws_vpc_endpoint_service" "access_analyzer" { + count = var.create_vpc && var.enable_access_analyzer_endpoint ? 1 : 0 + + service = "access-analyzer" +} + +resource "aws_vpc_endpoint" "access_analyzer" { + count = var.create_vpc && var.enable_access_analyzer_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.access_analyzer[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.access_analyzer_endpoint_security_group_ids + subnet_ids = coalescelist(var.access_analyzer_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.access_analyzer_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + +####################### +# VPC Endpoint for EBS +####################### +data "aws_vpc_endpoint_service" "ebs" { + count = var.create_vpc && var.enable_ebs_endpoint ? 1 : 0 + + service = "ebs" +} + +resource "aws_vpc_endpoint" "ebs" { + count = var.create_vpc && var.enable_ebs_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.ebs[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.ebs_endpoint_security_group_ids + subnet_ids = coalescelist(var.ebs_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.ebs_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + +####################### +# VPC Endpoint for Data Sync +####################### +data "aws_vpc_endpoint_service" "datasync" { + count = var.create_vpc && var.enable_datasync_endpoint ? 1 : 0 + + service = "datasync" +} + +resource "aws_vpc_endpoint" "datasync" { + count = var.create_vpc && var.enable_datasync_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.datasync[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.datasync_endpoint_security_group_ids + subnet_ids = coalescelist(var.datasync_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.datasync_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + +####################### +# VPC Endpoint for Elastic Inference Runtime +####################### +data "aws_vpc_endpoint_service" "elastic_inference_runtime" { + count = var.create_vpc && var.enable_elastic_inference_runtime_endpoint ? 1 : 0 + + service = "elastic-inference.runtime" +} + +resource "aws_vpc_endpoint" "elastic_inference_runtime" { + count = var.create_vpc && var.enable_elastic_inference_runtime_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.elastic_inference_runtime[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.elastic_inference_runtime_endpoint_security_group_ids + subnet_ids = coalescelist(var.elastic_inference_runtime_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.elastic_inference_runtime_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + +####################### +# VPC Endpoint for SMS +####################### +data "aws_vpc_endpoint_service" "sms" { + count = var.create_vpc && var.enable_sms_endpoint ? 1 : 0 + + service = "sms" +} + +resource "aws_vpc_endpoint" "sms" { + count = var.create_vpc && var.enable_sms_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.sms[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.sms_endpoint_security_group_ids + subnet_ids = coalescelist(var.sms_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.sms_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + +####################### +# VPC Endpoint for EMR +####################### +data "aws_vpc_endpoint_service" "emr" { + count = var.create_vpc && var.enable_emr_endpoint ? 1 : 0 + + service = "elasticmapreduce" +} + +resource "aws_vpc_endpoint" "emr" { + count = var.create_vpc && var.enable_emr_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.emr[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.emr_endpoint_security_group_ids + subnet_ids = coalescelist(var.emr_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.emr_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + +####################### +# VPC Endpoint for QLDB Session +####################### +data "aws_vpc_endpoint_service" "qldb_session" { + count = var.create_vpc && var.enable_qldb_session_endpoint ? 1 : 0 + + service = "qldb.session" +} + +resource "aws_vpc_endpoint" "qldb_session" { + count = var.create_vpc && var.enable_qldb_session_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.qldb_session[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.qldb_session_endpoint_security_group_ids + subnet_ids = coalescelist(var.qldb_session_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.qldb_session_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + +############################# +# VPC Endpoint for Step Function +############################# +data "aws_vpc_endpoint_service" "states" { + count = var.create_vpc && var.enable_states_endpoint ? 1 : 0 + + service = "states" +} + +resource "aws_vpc_endpoint" "states" { + count = var.create_vpc && var.enable_states_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.states[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.states_endpoint_security_group_ids + subnet_ids = coalescelist(var.states_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.states_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + +############################# +# VPC Endpoint for Elastic Beanstalk +############################# +data "aws_vpc_endpoint_service" "elasticbeanstalk" { + count = var.create_vpc && var.enable_elasticbeanstalk_endpoint ? 1 : 0 + + service = "elasticbeanstalk" +} + +resource "aws_vpc_endpoint" "elasticbeanstalk" { + count = var.create_vpc && var.enable_elasticbeanstalk_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.elasticbeanstalk[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.elasticbeanstalk_endpoint_security_group_ids + subnet_ids = coalescelist(var.elasticbeanstalk_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.elasticbeanstalk_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + +############################# +# VPC Endpoint for Elastic Beanstalk Health +############################# +data "aws_vpc_endpoint_service" "elasticbeanstalk_health" { + count = var.create_vpc && var.enable_elasticbeanstalk_health_endpoint ? 1 : 0 + + service = "elasticbeanstalk.health" +} + +resource "aws_vpc_endpoint" "elasticbeanstalk_health" { + count = var.create_vpc && var.enable_elasticbeanstalk_health_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.elasticbeanstalk_health[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.elasticbeanstalk_health_endpoint_security_group_ids + subnet_ids = coalescelist(var.elasticbeanstalk_health_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.elasticbeanstalk_health_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + +############################# +# VPC Endpoint for ACM PCA +############################# +data "aws_vpc_endpoint_service" "acm_pca" { + count = var.create_vpc && var.enable_acm_pca_endpoint ? 1 : 0 + + service = "acm-pca" +} + +resource "aws_vpc_endpoint" "acm_pca" { + count = var.create_vpc && var.enable_acm_pca_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.acm_pca[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.acm_pca_endpoint_security_group_ids + subnet_ids = coalescelist(var.acm_pca_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.acm_pca_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + ####################### # VPC Endpoint for SES #######################