Skip to content

epomatti/aws-vpc-endpoints

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
.diagrams
.diagrams
 
 
modules
modules
 
 
.gitignore
.gitignore
 
 
.terraform.lock.hcl
.terraform.lock.hcl
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
output.tf
output.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

AWS VPC Endpoints

This sandbox implements a VPC Interface Endpoint to send messages to a SQS queue from an EC2 instance that runs in a private subnet.

In addition to provisioning the core resources, policies will be configured to use proper conditions.

The SQS queue will only accept sqs:SendMessage operations coming from the configured VPC Endpoint:

"Condition": {
  "StringNotEquals": {
    "aws:sourceVpce": "vpce-1a2b3c4d"
  }
}

Setup

Create the EC2 instance key pair material:

ssh-keygen -f modules/instance/ec2_id_rsa

To create the environment simply run:

terraform init
terraform apply -auto-approve

Connect to the EC2 instance:

aws ssm start-session --target i-00000000000000000 --region sa-east-1

Once the environment is created, connect to the EC2 instance using SSM. Confirm that the name is resolving to a private IP:

$ dig +short sqs.sa-east-1.amazonaws.com
10.0.50.54

Confirm that you're authenticated from within the EC2 instance:

aws sts get-caller-identity

Now send a message to the endpoint to the see the results:

aws sqs send-message --queue-url https://sqs.sa-east-1.amazonaws.com/000000000000/my-private-queue --message-body Hello

Clean-up

terraform destroy

About

AWS VPC Endpoints integrated with SQS and KMS

Topics

aws kms terraform sqs vpc aws-security vpc-endpoints vpce aws-privatelink

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages