feat: gateway vpc endpoint for s3

paka/cluster/aws/eks.py

@@ -14,7 +14,7 @@
 from paka.cluster.aws.ebs_csi_driver import create_ebs_csi_driver
 from paka.cluster.aws.elb import update_elb_idle_timeout
 from paka.cluster.aws.service_account import create_service_accounts
-from paka.cluster.aws.utils import get_ami_for_instance
+from paka.cluster.aws.utils import create_vpc_endpoint_for_s3, get_ami_for_instance
 from paka.cluster.context import Context
 from paka.cluster.keda import create_keda
 from paka.cluster.knative import create_knative_and_istio
@@ -412,6 +412,11 @@ def create_k8s_cluster(ctx: Context) -> eks.Cluster:
         opts=pulumi.ResourceOptions(transformations=[_ignore_tags_transformation]),
     )
 
+    route_table_ids = vpc.route_tables.apply(
+        lambda route_tables: [rt.id for rt in route_tables]
+    )
+    create_vpc_endpoint_for_s3(vpc.vpc_id, route_table_ids, ctx.region)
+
     cluster = eks.Cluster(
         cluster_name,
         vpc_id=vpc.vpc_id,

paka/cluster/aws/utils.py

@@ -1,6 +1,11 @@
+from __future__ import annotations
+
+from typing import Sequence
+
 import pulumi
 import pulumi_aws as aws
 import pulumi_eks as eks
+from pulumi import Input
 
 from paka.cluster.context import Context
 from paka.utils import get_instance_info
@@ -73,3 +78,17 @@ def get_ami_for_instance(ctx: Context, instance_type: str) -> str:
         if arch == "arm64":
             return "AL2_ARM_64"
     return "AL2_x86_64"
+
+
+def create_vpc_endpoint_for_s3(
+    vpc_id: str, route_table_ids: Input[Sequence[Input[str]]], region: str
+) -> aws.ec2.VpcEndpoint:
+    s3_service_name = f"com.amazonaws.{region}.s3"
+
+    vpc_endpoint = aws.ec2.VpcEndpoint(
+        "s3-vpc-endpoint",
+        vpc_id=vpc_id,
+        service_name=s3_service_name,
+        route_table_ids=route_table_ids,
+    )
+    return vpc_endpoint