diff --git a/README.md b/README.md
index 1ed5763ed..408bccb48 100644
--- a/README.md
+++ b/README.md
@@ -24,7 +24,9 @@ ECS, ECS Agent, ECS Telemetry, SES, SNS, STS, Glue, CloudWatch(Monitoring, Logs,
Elastic Load Balancing, CloudTrail, Secrets Manager, Config, CodeBuild, CodeCommit,
Git-Codecommit, Transfer Server, Kinesis Streams, Kinesis Firehose, SageMaker(Notebook, Runtime, API),
CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog, AppStream,
-Athena, Rekognition, Elastic File System (EFS), Cloud Directory
+Athena, Rekognition, Elastic File System (EFS), Cloud Directory, Elastic Beanstalk (+ Health), Elastic Map Reduce(EMR),
+DataSync, EBS, SMS, Elastic Inference Runtime, QLDB Session, Step Functions, Access Analyzer, Auto Scaling Plans,
+Application Auto Scaling, Workspaces, ACM PCA.
* [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html)
* [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html)
@@ -235,6 +237,12 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| access\_analyzer\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Access Analyzer endpoint | `bool` | `false` | no |
+| access\_analyzer\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Access Analyzer endpoint | `list(string)` | `[]` | no |
+| access\_analyzer\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Access Analyzer endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no |
+| acm\_pca\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ACM PCA endpoint | `bool` | `false` | no |
+| acm\_pca\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ACM PCA endpoint | `list` | `[]` | no |
+| acm\_pca\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Codebuilt endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list` | `[]` | no |
| amazon\_side\_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | `string` | `"64512"` | no |
| apigw\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for API GW endpoint | `bool` | `false` | no |
| apigw\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for API GW endpoint | `list(string)` | `[]` | no |
@@ -249,6 +257,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| athena\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Athena endpoint | `bool` | `false` | no |
| athena\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Athena endpoint | `list(string)` | `[]` | no |
| athena\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Athena endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
+| auto\_scaling\_plans\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Auto Scaling Plans endpoint | `bool` | `false` | no |
+| auto\_scaling\_plans\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Auto Scaling Plans endpoint | `list(string)` | `[]` | no |
+| auto\_scaling\_plans\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Auto Scaling Plans endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no |
| azs | A list of availability zones names or ids in the region | `list(string)` | `[]` | no |
| cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | `string` | `"0.0.0.0/0"` | no |
| cloud\_directory\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Cloud Directory endpoint | `bool` | `false` | no |
@@ -296,6 +307,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| database\_subnet\_suffix | Suffix to append to database subnets name | `string` | `"db"` | no |
| database\_subnet\_tags | Additional tags for the database subnets | `map(string)` | `{}` | no |
| database\_subnets | A list of database subnets | `list(string)` | `[]` | no |
+| datasync\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Data Sync endpoint | `bool` | `false` | no |
+| datasync\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Data Sync endpoint | `list(string)` | `[]` | no |
+| datasync\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Data Sync endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no |
| default\_network\_acl\_egress | List of maps of egress rules to set on the Default Network ACL | `list(map(string))` | [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
},
{
"action": "allow",
"from_port": 0,
"ipv6_cidr_block": "::/0",
"protocol": "-1",
"rule_no": 101,
"to_port": 0
}
]
| no |
| default\_network\_acl\_ingress | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
},
{
"action": "allow",
"from_port": 0,
"ipv6_cidr_block": "::/0",
"protocol": "-1",
"rule_no": 101,
"to_port": 0
}
]
| no |
| default\_network\_acl\_name | Name to be used on the Default Network ACL | `string` | `""` | no |
@@ -311,6 +325,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| dhcp\_options\_netbios\_node\_type | Specify netbios node\_type for DHCP options set (requires enable\_dhcp\_options set to true) | `string` | `""` | no |
| dhcp\_options\_ntp\_servers | Specify a list of NTP servers for DHCP options set (requires enable\_dhcp\_options set to true) | `list(string)` | `[]` | no |
| dhcp\_options\_tags | Additional tags for the DHCP option set (requires enable\_dhcp\_options set to true) | `map(string)` | `{}` | no |
+| ebs\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EBS endpoint | `bool` | `false` | no |
+| ebs\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EBS endpoint | `list(string)` | `[]` | no |
+| ebs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EBS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no |
| ec2\_autoscaling\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2 Autoscaling endpoint | `bool` | `false` | no |
| ec2\_autoscaling\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EC2 Autoscaling endpoint | `list(string)` | `[]` | no |
| ec2\_autoscaling\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EC2 Autoscaling endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
@@ -338,6 +355,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| efs\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EFS endpoint | `bool` | `false` | no |
| efs\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EFS endpoint | `list(string)` | `[]` | no |
| efs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EFS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no |
+| elastic\_inference\_runtime\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Elastic Inference Runtime endpoint | `bool` | `false` | no |
+| elastic\_inference\_runtime\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Elastic Inference Runtime endpoint | `list(string)` | `[]` | no |
+| elastic\_inference\_runtime\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Elastic Inference Runtime endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no |
| elasticache\_acl\_tags | Additional tags for the elasticache subnets network ACL | `map(string)` | `{}` | no |
| elasticache\_dedicated\_network\_acl | Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets | `bool` | `false` | no |
| elasticache\_inbound\_acl\_rules | Elasticache subnets inbound network ACL rules | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
@@ -348,13 +368,25 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| elasticache\_subnet\_suffix | Suffix to append to elasticache subnets name | `string` | `"elasticache"` | no |
| elasticache\_subnet\_tags | Additional tags for the elasticache subnets | `map(string)` | `{}` | no |
| elasticache\_subnets | A list of elasticache subnets | `list(string)` | `[]` | no |
+| elasticbeanstalk\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk endpoint | `bool` | `false` | no |
+| elasticbeanstalk\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Elastic Beanstalk endpoint | `list(string)` | `[]` | no |
+| elasticbeanstalk\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Elastic Beanstalk endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
+| elasticbeanstalk\_health\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk Health endpoint | `bool` | `false` | no |
+| elasticbeanstalk\_health\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Elastic Beanstalk Health endpoint | `list(string)` | `[]` | no |
+| elasticbeanstalk\_health\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Elastic Beanstalk Health endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
| elasticloadbalancing\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Elastic Load Balancing endpoint | `bool` | `false` | no |
| elasticloadbalancing\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Elastic Load Balancing endpoint | `list(string)` | `[]` | no |
| elasticloadbalancing\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Elastic Load Balancing endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
+| emr\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EMR endpoint | `bool` | `false` | no |
+| emr\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EMR endpoint | `list(string)` | `[]` | no |
+| emr\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EMR endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no |
+| enable\_access\_analyzer\_endpoint | Should be true if you want to provision an Access Analyzer endpoint to the VPC | `bool` | `false` | no |
+| enable\_acm\_pca\_endpoint | Should be true if you want to provision an ACM PCA endpoint to the VPC | `bool` | `false` | no |
| enable\_apigw\_endpoint | Should be true if you want to provision an api gateway endpoint to the VPC | `bool` | `false` | no |
| enable\_appmesh\_envoy\_management\_endpoint | Should be true if you want to provision a AppMesh endpoint to the VPC | `bool` | `false` | no |
| enable\_appstream\_endpoint | Should be true if you want to provision a AppStream endpoint to the VPC | `bool` | `false` | no |
| enable\_athena\_endpoint | Should be true if you want to provision a Athena endpoint to the VPC | `bool` | `false` | no |
+| enable\_auto\_scaling\_plans\_endpoint | Should be true if you want to provision an Auto Scaling Plans endpoint to the VPC | `bool` | `false` | no |
| enable\_classiclink | Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. | `bool` | `null` | no |
| enable\_classiclink\_dns\_support | Should be true to enable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic. | `bool` | `null` | no |
| enable\_cloud\_directory\_endpoint | Should be true if you want to provision an Cloud Directory endpoint to the VPC | `bool` | `false` | no |
@@ -364,10 +396,12 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| enable\_codecommit\_endpoint | Should be true if you want to provision an Codecommit endpoint to the VPC | `bool` | `false` | no |
| enable\_codepipeline\_endpoint | Should be true if you want to provision a CodePipeline endpoint to the VPC | `bool` | `false` | no |
| enable\_config\_endpoint | Should be true if you want to provision an config endpoint to the VPC | `bool` | `false` | no |
+| enable\_datasync\_endpoint | Should be true if you want to provision an Data Sync endpoint to the VPC | `bool` | `false` | no |
| enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | `bool` | `false` | no |
| enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | `bool` | `false` | no |
| enable\_dns\_support | Should be true to enable DNS support in the VPC | `bool` | `true` | no |
| enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | `bool` | `false` | no |
+| enable\_ebs\_endpoint | Should be true if you want to provision an EBS endpoint to the VPC | `bool` | `false` | no |
| enable\_ec2\_autoscaling\_endpoint | Should be true if you want to provision an EC2 Autoscaling endpoint to the VPC | `bool` | `false` | no |
| enable\_ec2\_endpoint | Should be true if you want to provision an EC2 endpoint to the VPC | `bool` | `false` | no |
| enable\_ec2messages\_endpoint | Should be true if you want to provision an EC2MESSAGES endpoint to the VPC | `bool` | `false` | no |
@@ -377,7 +411,11 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| enable\_ecs\_endpoint | Should be true if you want to provision a ECS endpoint to the VPC | `bool` | `false` | no |
| enable\_ecs\_telemetry\_endpoint | Should be true if you want to provision a ECS Telemetry endpoint to the VPC | `bool` | `false` | no |
| enable\_efs\_endpoint | Should be true if you want to provision an EFS endpoint to the VPC | `bool` | `false` | no |
+| enable\_elastic\_inference\_runtime\_endpoint | Should be true if you want to provision an Elastic Inference Runtime endpoint to the VPC | `bool` | `false` | no |
+| enable\_elasticbeanstalk\_endpoint | Should be true if you want to provision a Elastic Beanstalk endpoint to the VPC | `bool` | `false` | no |
+| enable\_elasticbeanstalk\_health\_endpoint | Should be true if you want to provision a Elastic Beanstalk Health endpoint to the VPC | `bool` | `false` | no |
| enable\_elasticloadbalancing\_endpoint | Should be true if you want to provision a Elastic Load Balancing endpoint to the VPC | `bool` | `false` | no |
+| enable\_emr\_endpoint | Should be true if you want to provision an EMR endpoint to the VPC | `bool` | `false` | no |
| enable\_events\_endpoint | Should be true if you want to provision a CloudWatch Events endpoint to the VPC | `bool` | `false` | no |
| enable\_flow\_log | Whether or not to enable VPC Flow Logs | `bool` | `false` | no |
| enable\_git\_codecommit\_endpoint | Should be true if you want to provision an Git Codecommit endpoint to the VPC | `bool` | `false` | no |
@@ -390,6 +428,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| enable\_monitoring\_endpoint | Should be true if you want to provision a CloudWatch Monitoring endpoint to the VPC | `bool` | `false` | no |
| enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | `bool` | `false` | no |
| enable\_public\_redshift | Controls if redshift should have public routing table | `bool` | `false` | no |
+| enable\_qldb\_session\_endpoint | Should be true if you want to provision an QLDB Session endpoint to the VPC | `bool` | `false` | no |
| enable\_rekognition\_endpoint | Should be true if you want to provision a Rekognition endpoint to the VPC | `bool` | `false` | no |
| enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | `bool` | `false` | no |
| enable\_sagemaker\_api\_endpoint | Should be true if you want to provision a SageMaker API endpoint to the VPC | `bool` | `false` | no |
@@ -398,15 +437,18 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| enable\_secretsmanager\_endpoint | Should be true if you want to provision an Secrets Manager endpoint to the VPC | `bool` | `false` | no |
| enable\_servicecatalog\_endpoint | Should be true if you want to provision a Service Catalog endpoint to the VPC | `bool` | `false` | no |
| enable\_ses\_endpoint | Should be true if you want to provision an SES endpoint to the VPC | `bool` | `false` | no |
+| enable\_sms\_endpoint | Should be true if you want to provision an SMS endpoint to the VPC | `bool` | `false` | no |
| enable\_sns\_endpoint | Should be true if you want to provision a SNS endpoint to the VPC | `bool` | `false` | no |
| enable\_sqs\_endpoint | Should be true if you want to provision an SQS endpoint to the VPC | `bool` | `false` | no |
| enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | `bool` | `false` | no |
| enable\_ssmmessages\_endpoint | Should be true if you want to provision a SSMMESSAGES endpoint to the VPC | `bool` | `false` | no |
+| enable\_states\_endpoint | Should be true if you want to provision a Step Function endpoint to the VPC | `bool` | `false` | no |
| enable\_storagegateway\_endpoint | Should be true if you want to provision a Storage Gateway endpoint to the VPC | `bool` | `false` | no |
| enable\_sts\_endpoint | Should be true if you want to provision a STS endpoint to the VPC | `bool` | `false` | no |
| enable\_transfer\_endpoint | Should be true if you want to provision a Transfer endpoint to the VPC | `bool` | `false` | no |
| enable\_transferserver\_endpoint | Should be true if you want to provision a Transfer Server endpoint to the VPC | `bool` | `false` | no |
| enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | `bool` | `false` | no |
+| enable\_workspaces\_endpoint | Should be true if you want to provision an Workspaces endpoint to the VPC | `bool` | `false` | no |
| events\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Events endpoint | `bool` | `false` | no |
| events\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CloudWatch Events endpoint | `list(string)` | `[]` | no |
| events\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CloudWatch Events endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
@@ -482,6 +524,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| public\_subnet\_suffix | Suffix to append to public subnets name | `string` | `"public"` | no |
| public\_subnet\_tags | Additional tags for the public subnets | `map(string)` | `{}` | no |
| public\_subnets | A list of public subnets inside the VPC | `list(string)` | `[]` | no |
+| qldb\_session\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for QLDB Session endpoint | `bool` | `false` | no |
+| qldb\_session\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for QLDB Session endpoint | `list(string)` | `[]` | no |
+| qldb\_session\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for QLDB Session endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no |
| redshift\_acl\_tags | Additional tags for the redshift subnets network ACL | `map(string)` | `{}` | no |
| redshift\_dedicated\_network\_acl | Whether to use dedicated network ACL (not default) and custom rules for redshift subnets | `bool` | `false` | no |
| redshift\_inbound\_acl\_rules | Redshift subnets inbound network ACL rules | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
@@ -518,6 +563,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| ses\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SES endpoint | `list(string)` | `[]` | no |
| ses\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
| single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `false` | no |
+| sms\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SMS endpoint | `bool` | `false` | no |
+| sms\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SMS endpoint | `list(string)` | `[]` | no |
+| sms\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SMS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no |
| sns\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SNS endpoint | `bool` | `false` | no |
| sns\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SNS endpoint | `list(string)` | `[]` | no |
| sns\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SNS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
@@ -530,6 +578,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| ssmmessages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint | `bool` | `false` | no |
| ssmmessages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint | `list(string)` | `[]` | no |
| ssmmessages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
+| states\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Step Function endpoint | `bool` | `false` | no |
+| states\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Step Function endpoint | `list(string)` | `[]` | no |
+| states\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Step Function endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
| storagegateway\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Storage Gateway endpoint | `bool` | `false` | no |
| storagegateway\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Storage Gateway endpoint | `list(string)` | `[]` | no |
| storagegateway\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Storage Gateway endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
@@ -549,6 +600,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| vpn\_gateway\_az | The Availability Zone for the VPN Gateway | `string` | `null` | no |
| vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | `string` | `""` | no |
| vpn\_gateway\_tags | Additional tags for the VPN gateway | `map(string)` | `{}` | no |
+| workspaces\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Workspaces endpoint | `bool` | `false` | no |
+| workspaces\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Workspaces endpoint | `list(string)` | `[]` | no |
+| workspaces\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Workspaces endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no |
## Outputs
@@ -634,6 +688,12 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| vpc\_cidr\_block | The CIDR block of the VPC |
| vpc\_enable\_dns\_hostnames | Whether or not the VPC has DNS hostname support |
| vpc\_enable\_dns\_support | Whether or not the VPC has DNS support |
+| vpc\_endpoint\_access\_analyzer\_dns\_entry | The DNS entries for the VPC Endpoint for Access Analyzer. |
+| vpc\_endpoint\_access\_analyzer\_id | The ID of VPC endpoint for Access Analyzer |
+| vpc\_endpoint\_access\_analyzer\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Access Analyzer. |
+| vpc\_endpoint\_acm\_pca\_dns\_entry | The DNS entries for the VPC Endpoint for ACM PCA. |
+| vpc\_endpoint\_acm\_pca\_id | The ID of VPC endpoint for ACM PCA |
+| vpc\_endpoint\_acm\_pca\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for ACM PCA. |
| vpc\_endpoint\_apigw\_dns\_entry | The DNS entries for the VPC Endpoint for APIGW. |
| vpc\_endpoint\_apigw\_id | The ID of VPC endpoint for APIGW |
| vpc\_endpoint\_apigw\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for APIGW. |
@@ -646,6 +706,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| vpc\_endpoint\_athena\_dns\_entry | The DNS entries for the VPC Endpoint for Athena. |
| vpc\_endpoint\_athena\_id | The ID of VPC endpoint for Athena |
| vpc\_endpoint\_athena\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Athena. |
+| vpc\_endpoint\_auto\_scaling\_plans\_dns\_entry | The DNS entries for the VPC Endpoint for Auto Scaling Plans. |
+| vpc\_endpoint\_auto\_scaling\_plans\_id | The ID of VPC endpoint for Auto Scaling Plans |
+| vpc\_endpoint\_auto\_scaling\_plans\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Auto Scaling Plans. |
| vpc\_endpoint\_cloud\_directory\_dns\_entry | The DNS entries for the VPC Endpoint for Cloud Directory. |
| vpc\_endpoint\_cloud\_directory\_id | The ID of VPC endpoint for Cloud Directory |
| vpc\_endpoint\_cloud\_directory\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Cloud Directory. |
@@ -667,8 +730,14 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| vpc\_endpoint\_config\_dns\_entry | The DNS entries for the VPC Endpoint for config. |
| vpc\_endpoint\_config\_id | The ID of VPC endpoint for config |
| vpc\_endpoint\_config\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for config. |
+| vpc\_endpoint\_datasync\_dns\_entry | The DNS entries for the VPC Endpoint for DataSync. |
+| vpc\_endpoint\_datasync\_id | The ID of VPC endpoint for DataSync |
+| vpc\_endpoint\_datasync\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for DataSync. |
| vpc\_endpoint\_dynamodb\_id | The ID of VPC endpoint for DynamoDB |
| vpc\_endpoint\_dynamodb\_pl\_id | The prefix list for the DynamoDB VPC endpoint. |
+| vpc\_endpoint\_ebs\_dns\_entry | The DNS entries for the VPC Endpoint for EBS. |
+| vpc\_endpoint\_ebs\_id | The ID of VPC endpoint for EBS |
+| vpc\_endpoint\_ebs\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for EBS. |
| vpc\_endpoint\_ec2\_autoscaling\_dns\_entry | The DNS entries for the VPC Endpoint for EC2 Autoscaling. |
| vpc\_endpoint\_ec2\_autoscaling\_id | The ID of VPC endpoint for EC2 Autoscaling |
| vpc\_endpoint\_ec2\_autoscaling\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for EC2 Autoscaling |
@@ -696,9 +765,21 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| vpc\_endpoint\_efs\_dns\_entry | The DNS entries for the VPC Endpoint for EFS. |
| vpc\_endpoint\_efs\_id | The ID of VPC endpoint for EFS |
| vpc\_endpoint\_efs\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for EFS. |
+| vpc\_endpoint\_elastic\_inference\_runtime\_dns\_entry | The DNS entries for the VPC Endpoint for Elastic Inference Runtime. |
+| vpc\_endpoint\_elastic\_inference\_runtime\_id | The ID of VPC endpoint for Elastic Inference Runtime |
+| vpc\_endpoint\_elastic\_inference\_runtime\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Elastic Inference Runtime. |
+| vpc\_endpoint\_elasticbeanstalk\_dns\_entry | The DNS entries for the VPC Endpoint for Elastic Beanstalk. |
+| vpc\_endpoint\_elasticbeanstalk\_health\_dns\_entry | The DNS entries for the VPC Endpoint for Elastic Beanstalk Health. |
+| vpc\_endpoint\_elasticbeanstalk\_health\_id | The ID of VPC endpoint for Elastic Beanstalk Health |
+| vpc\_endpoint\_elasticbeanstalk\_health\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Elastic Beanstalk Health. |
+| vpc\_endpoint\_elasticbeanstalk\_id | The ID of VPC endpoint for Elastic Beanstalk |
+| vpc\_endpoint\_elasticbeanstalk\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Elastic Beanstalk. |
| vpc\_endpoint\_elasticloadbalancing\_dns\_entry | The DNS entries for the VPC Endpoint for Elastic Load Balancing. |
| vpc\_endpoint\_elasticloadbalancing\_id | The ID of VPC endpoint for Elastic Load Balancing |
| vpc\_endpoint\_elasticloadbalancing\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Elastic Load Balancing. |
+| vpc\_endpoint\_elasticmapreduce\_dns\_entry | The DNS entries for the VPC Endpoint for EMR. |
+| vpc\_endpoint\_elasticmapreduce\_id | The ID of VPC endpoint for EMR |
+| vpc\_endpoint\_elasticmapreduce\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for EMR. |
| vpc\_endpoint\_events\_dns\_entry | The DNS entries for the VPC Endpoint for CloudWatch Events. |
| vpc\_endpoint\_events\_id | The ID of VPC endpoint for CloudWatch Events |
| vpc\_endpoint\_events\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CloudWatch Events. |
@@ -723,6 +804,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| vpc\_endpoint\_monitoring\_dns\_entry | The DNS entries for the VPC Endpoint for CloudWatch Monitoring. |
| vpc\_endpoint\_monitoring\_id | The ID of VPC endpoint for CloudWatch Monitoring |
| vpc\_endpoint\_monitoring\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CloudWatch Monitoring. |
+| vpc\_endpoint\_qldb\_session\_dns\_entry | The DNS entries for the VPC Endpoint for QLDB Session. |
+| vpc\_endpoint\_qldb\_session\_id | The ID of VPC endpoint for QLDB Session |
+| vpc\_endpoint\_qldb\_session\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for QLDB Session. |
| vpc\_endpoint\_rekognition\_dns\_entry | The DNS entries for the VPC Endpoint for Rekognition. |
| vpc\_endpoint\_rekognition\_id | The ID of VPC endpoint for Rekognition |
| vpc\_endpoint\_rekognition\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Rekognition. |
@@ -743,6 +827,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| vpc\_endpoint\_ses\_dns\_entry | The DNS entries for the VPC Endpoint for SES. |
| vpc\_endpoint\_ses\_id | The ID of VPC endpoint for SES |
| vpc\_endpoint\_ses\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SES. |
+| vpc\_endpoint\_sms\_dns\_entry | The DNS entries for the VPC Endpoint for SMS. |
+| vpc\_endpoint\_sms\_id | The ID of VPC endpoint for SMS |
+| vpc\_endpoint\_sms\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SMS. |
| vpc\_endpoint\_sns\_dns\_entry | The DNS entries for the VPC Endpoint for SNS. |
| vpc\_endpoint\_sns\_id | The ID of VPC endpoint for SNS |
| vpc\_endpoint\_sns\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SNS. |
@@ -755,6 +842,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| vpc\_endpoint\_ssmmessages\_dns\_entry | The DNS entries for the VPC Endpoint for SSMMESSAGES. |
| vpc\_endpoint\_ssmmessages\_id | The ID of VPC endpoint for SSMMESSAGES |
| vpc\_endpoint\_ssmmessages\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSMMESSAGES. |
+| vpc\_endpoint\_states\_dns\_entry | The DNS entries for the VPC Endpoint for Step Function. |
+| vpc\_endpoint\_states\_id | The ID of VPC endpoint for Step Function |
+| vpc\_endpoint\_states\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Step Function. |
| vpc\_endpoint\_storagegateway\_dns\_entry | The DNS entries for the VPC Endpoint for Storage Gateway. |
| vpc\_endpoint\_storagegateway\_id | The ID of VPC endpoint for Storage Gateway |
| vpc\_endpoint\_storagegateway\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Storage Gateway. |
@@ -767,6 +857,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| vpc\_endpoint\_transferserver\_dns\_entry | The DNS entries for the VPC Endpoint for transferserver. |
| vpc\_endpoint\_transferserver\_id | The ID of VPC endpoint for transferserver |
| vpc\_endpoint\_transferserver\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for transferserver |
+| vpc\_endpoint\_workspaces\_dns\_entry | The DNS entries for the VPC Endpoint for Workspaces. |
+| vpc\_endpoint\_workspaces\_id | The ID of VPC endpoint for Workspaces |
+| vpc\_endpoint\_workspaces\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Workspaces. |
| vpc\_flow\_log\_cloudwatch\_iam\_role\_arn | The ARN of the IAM role used when pushing logs to Cloudwatch log group |
| vpc\_flow\_log\_destination\_arn | The ARN of the destination for VPC Flow Logs |
| vpc\_flow\_log\_destination\_type | The type of the destination for VPC Flow Logs |
diff --git a/outputs.tf b/outputs.tf
index ce2579682..707e6efbc 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1087,6 +1087,201 @@ output "vpc_endpoint_cloud_directory_dns_entry" {
value = flatten(aws_vpc_endpoint.cloud_directory.*.dns_entry)
}
+output "vpc_endpoint_elasticmapreduce_id" {
+ description = "The ID of VPC endpoint for EMR"
+ value = concat(aws_vpc_endpoint.emr.*.id, [""])[0]
+}
+
+output "vpc_endpoint_elasticmapreduce_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for EMR."
+ value = flatten(aws_vpc_endpoint.emr.*.network_interface_ids)
+}
+
+output "vpc_endpoint_elasticmapreduce_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for EMR."
+ value = flatten(aws_vpc_endpoint.emr.*.dns_entry)
+}
+
+output "vpc_endpoint_sms_id" {
+ description = "The ID of VPC endpoint for SMS"
+ value = concat(aws_vpc_endpoint.sms.*.id, [""])[0]
+}
+
+output "vpc_endpoint_sms_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for SMS."
+ value = flatten(aws_vpc_endpoint.sms.*.network_interface_ids)
+}
+
+output "vpc_endpoint_sms_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for SMS."
+ value = flatten(aws_vpc_endpoint.sms.*.dns_entry)
+}
+
+output "vpc_endpoint_states_id" {
+ description = "The ID of VPC endpoint for Step Function"
+ value = concat(aws_vpc_endpoint.states.*.id, [""])[0]
+}
+
+output "vpc_endpoint_states_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for Step Function."
+ value = flatten(aws_vpc_endpoint.states.*.network_interface_ids)
+}
+
+output "vpc_endpoint_states_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for Step Function."
+ value = flatten(aws_vpc_endpoint.states.*.dns_entry)
+}
+
+output "vpc_endpoint_elastic_inference_runtime_id" {
+ description = "The ID of VPC endpoint for Elastic Inference Runtime"
+ value = concat(aws_vpc_endpoint.elastic_inference_runtime.*.id, [""])[0]
+}
+
+output "vpc_endpoint_elastic_inference_runtime_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for Elastic Inference Runtime."
+ value = flatten(aws_vpc_endpoint.elastic_inference_runtime.*.network_interface_ids)
+}
+
+output "vpc_endpoint_elastic_inference_runtime_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for Elastic Inference Runtime."
+ value = flatten(aws_vpc_endpoint.elastic_inference_runtime.*.dns_entry)
+}
+
+output "vpc_endpoint_elasticbeanstalk_id" {
+ description = "The ID of VPC endpoint for Elastic Beanstalk"
+ value = concat(aws_vpc_endpoint.elasticbeanstalk.*.id, [""])[0]
+}
+
+output "vpc_endpoint_elasticbeanstalk_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for Elastic Beanstalk."
+ value = flatten(aws_vpc_endpoint.elasticbeanstalk.*.network_interface_ids)
+}
+
+output "vpc_endpoint_elasticbeanstalk_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for Elastic Beanstalk."
+ value = flatten(aws_vpc_endpoint.elasticbeanstalk.*.dns_entry)
+}
+
+output "vpc_endpoint_elasticbeanstalk_health_id" {
+ description = "The ID of VPC endpoint for Elastic Beanstalk Health"
+ value = concat(aws_vpc_endpoint.elasticbeanstalk_health.*.id, [""])[0]
+}
+
+output "vpc_endpoint_elasticbeanstalk_health_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for Elastic Beanstalk Health."
+ value = flatten(aws_vpc_endpoint.elasticbeanstalk_health.*.network_interface_ids)
+}
+
+output "vpc_endpoint_elasticbeanstalk_health_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for Elastic Beanstalk Health."
+ value = flatten(aws_vpc_endpoint.elasticbeanstalk_health.*.dns_entry)
+}
+
+output "vpc_endpoint_workspaces_id" {
+ description = "The ID of VPC endpoint for Workspaces"
+ value = concat(aws_vpc_endpoint.workspaces.*.id, [""])[0]
+}
+
+output "vpc_endpoint_workspaces_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for Workspaces."
+ value = flatten(aws_vpc_endpoint.workspaces.*.network_interface_ids)
+}
+
+output "vpc_endpoint_workspaces_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for Workspaces."
+ value = flatten(aws_vpc_endpoint.workspaces.*.dns_entry)
+}
+
+output "vpc_endpoint_auto_scaling_plans_id" {
+ description = "The ID of VPC endpoint for Auto Scaling Plans"
+ value = concat(aws_vpc_endpoint.auto_scaling_plans.*.id, [""])[0]
+}
+
+output "vpc_endpoint_auto_scaling_plans_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for Auto Scaling Plans."
+ value = flatten(aws_vpc_endpoint.auto_scaling_plans.*.network_interface_ids)
+}
+
+output "vpc_endpoint_auto_scaling_plans_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for Auto Scaling Plans."
+ value = flatten(aws_vpc_endpoint.auto_scaling_plans.*.dns_entry)
+}
+
+output "vpc_endpoint_ebs_id" {
+ description = "The ID of VPC endpoint for EBS"
+ value = concat(aws_vpc_endpoint.ebs.*.id, [""])[0]
+}
+
+output "vpc_endpoint_ebs_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for EBS."
+ value = flatten(aws_vpc_endpoint.ebs.*.network_interface_ids)
+}
+
+output "vpc_endpoint_ebs_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for EBS."
+ value = flatten(aws_vpc_endpoint.ebs.*.dns_entry)
+}
+
+output "vpc_endpoint_qldb_session_id" {
+ description = "The ID of VPC endpoint for QLDB Session"
+ value = concat(aws_vpc_endpoint.qldb_session.*.id, [""])[0]
+}
+
+output "vpc_endpoint_qldb_session_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for QLDB Session."
+ value = flatten(aws_vpc_endpoint.qldb_session.*.network_interface_ids)
+}
+
+output "vpc_endpoint_qldb_session_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for QLDB Session."
+ value = flatten(aws_vpc_endpoint.qldb_session.*.dns_entry)
+}
+
+output "vpc_endpoint_datasync_id" {
+ description = "The ID of VPC endpoint for DataSync"
+ value = concat(aws_vpc_endpoint.datasync.*.id, [""])[0]
+}
+
+output "vpc_endpoint_datasync_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for DataSync."
+ value = flatten(aws_vpc_endpoint.datasync.*.network_interface_ids)
+}
+
+output "vpc_endpoint_datasync_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for DataSync."
+ value = flatten(aws_vpc_endpoint.datasync.*.dns_entry)
+}
+
+output "vpc_endpoint_access_analyzer_id" {
+ description = "The ID of VPC endpoint for Access Analyzer"
+ value = concat(aws_vpc_endpoint.access_analyzer.*.id, [""])[0]
+}
+
+output "vpc_endpoint_access_analyzer_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for Access Analyzer."
+ value = flatten(aws_vpc_endpoint.access_analyzer.*.network_interface_ids)
+}
+
+output "vpc_endpoint_access_analyzer_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for Access Analyzer."
+ value = flatten(aws_vpc_endpoint.access_analyzer.*.dns_entry)
+}
+
+output "vpc_endpoint_acm_pca_id" {
+ description = "The ID of VPC endpoint for ACM PCA"
+ value = concat(aws_vpc_endpoint.access_analyzer.*.id, [""])[0]
+}
+
+output "vpc_endpoint_acm_pca_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for ACM PCA."
+ value = flatten(aws_vpc_endpoint.acm_pca.*.network_interface_ids)
+}
+
+output "vpc_endpoint_acm_pca_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for ACM PCA."
+ value = flatten(aws_vpc_endpoint.acm_pca.*.dns_entry)
+}
+
output "vpc_endpoint_ses_id" {
description = "The ID of VPC endpoint for SES"
value = concat(aws_vpc_endpoint.ses.*.id, [""])[0]
@@ -1102,7 +1297,6 @@ output "vpc_endpoint_ses_dns_entry" {
value = flatten(aws_vpc_endpoint.ses.*.dns_entry)
}
-
# VPC flow log
output "vpc_flow_log_id" {
description = "The ID of the Flow Log resource"
diff --git a/variables.tf b/variables.tf
index 38749e3d2..e2c60ed10 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1341,12 +1341,319 @@ variable "ses_endpoint_subnet_ids" {
default = []
}
+variable "enable_auto_scaling_plans_endpoint" {
+ description = "Should be true if you want to provision an Auto Scaling Plans endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "auto_scaling_plans_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Auto Scaling Plans endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "auto_scaling_plans_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Auto Scaling Plans endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "auto_scaling_plans_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Auto Scaling Plans endpoint"
+ type = bool
+ default = false
+}
+
variable "ses_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SES endpoint"
type = bool
default = false
}
+variable "enable_workspaces_endpoint" {
+ description = "Should be true if you want to provision an Workspaces endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "workspaces_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Workspaces endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "workspaces_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Workspaces endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "workspaces_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Workspaces endpoint"
+ type = bool
+ default = false
+}
+
+variable "enable_access_analyzer_endpoint" {
+ description = "Should be true if you want to provision an Access Analyzer endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "access_analyzer_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Access Analyzer endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "access_analyzer_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Access Analyzer endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "access_analyzer_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Access Analyzer endpoint"
+ type = bool
+ default = false
+}
+
+variable "enable_ebs_endpoint" {
+ description = "Should be true if you want to provision an EBS endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "ebs_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for EBS endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "ebs_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for EBS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "ebs_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for EBS endpoint"
+ type = bool
+ default = false
+}
+
+variable "enable_datasync_endpoint" {
+ description = "Should be true if you want to provision an Data Sync endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "datasync_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Data Sync endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "datasync_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Data Sync endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "datasync_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Data Sync endpoint"
+ type = bool
+ default = false
+}
+
+variable "enable_elastic_inference_runtime_endpoint" {
+ description = "Should be true if you want to provision an Elastic Inference Runtime endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "elastic_inference_runtime_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Elastic Inference Runtime endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "elastic_inference_runtime_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Elastic Inference Runtime endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "elastic_inference_runtime_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Inference Runtime endpoint"
+ type = bool
+ default = false
+}
+
+variable "enable_sms_endpoint" {
+ description = "Should be true if you want to provision an SMS endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "sms_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for SMS endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "sms_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for SMS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "sms_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for SMS endpoint"
+ type = bool
+ default = false
+}
+
+variable "enable_emr_endpoint" {
+ description = "Should be true if you want to provision an EMR endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "emr_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for EMR endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "emr_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for EMR endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "emr_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for EMR endpoint"
+ type = bool
+ default = false
+}
+
+variable "enable_qldb_session_endpoint" {
+ description = "Should be true if you want to provision an QLDB Session endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "qldb_session_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for QLDB Session endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "qldb_session_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for QLDB Session endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "qldb_session_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for QLDB Session endpoint"
+ type = bool
+ default = false
+}
+
+variable "enable_elasticbeanstalk_endpoint" {
+ description = "Should be true if you want to provision a Elastic Beanstalk endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "elasticbeanstalk_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Elastic Beanstalk endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "elasticbeanstalk_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Elastic Beanstalk endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "elasticbeanstalk_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk endpoint"
+ type = bool
+ default = false
+}
+
+variable "enable_elasticbeanstalk_health_endpoint" {
+ description = "Should be true if you want to provision a Elastic Beanstalk Health endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "elasticbeanstalk_health_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Elastic Beanstalk Health endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "elasticbeanstalk_health_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Elastic Beanstalk Health endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "elasticbeanstalk_health_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk Health endpoint"
+ type = bool
+ default = false
+}
+
+variable "enable_states_endpoint" {
+ description = "Should be true if you want to provision a Step Function endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "states_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Step Function endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "states_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Step Function endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "states_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Step Function endpoint"
+ type = bool
+ default = false
+}
+
+variable "enable_acm_pca_endpoint" {
+ description = "Should be true if you want to provision an ACM PCA endpoint to the VPC"
+ default = false
+}
+
+variable "acm_pca_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for ACM PCA endpoint"
+ default = []
+}
+
+variable "acm_pca_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Codebuilt endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+ default = []
+}
+
+variable "acm_pca_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for ACM PCA endpoint"
+ default = false
+}
variable "map_public_ip_on_launch" {
description = "Should be false if you do not want to auto-assign public IP on launch"
diff --git a/vpc-endpoints.tf b/vpc-endpoints.tf
index 3365cfe26..ddc4868a8 100644
--- a/vpc-endpoints.tf
+++ b/vpc-endpoints.tf
@@ -1027,6 +1027,305 @@ resource "aws_vpc_endpoint" "cloud_directory" {
tags = local.vpce_tags
}
+#######################
+# VPC Endpoint for Auto Scaling Plans
+#######################
+data "aws_vpc_endpoint_service" "auto_scaling_plans" {
+ count = var.create_vpc && var.enable_auto_scaling_plans_endpoint ? 1 : 0
+
+ service = "autoscaling-plans"
+}
+
+resource "aws_vpc_endpoint" "auto_scaling_plans" {
+ count = var.create_vpc && var.enable_auto_scaling_plans_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.auto_scaling_plans[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.auto_scaling_plans_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.auto_scaling_plans_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.auto_scaling_plans_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}
+
+#######################
+# VPC Endpoint for Workspaces
+#######################
+data "aws_vpc_endpoint_service" "workspaces" {
+ count = var.create_vpc && var.enable_workspaces_endpoint ? 1 : 0
+
+ service = "workspaces"
+}
+
+resource "aws_vpc_endpoint" "workspaces" {
+ count = var.create_vpc && var.enable_workspaces_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.workspaces[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.workspaces_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.workspaces_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.workspaces_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}
+
+#######################
+# VPC Endpoint for Access Analyzer
+#######################
+data "aws_vpc_endpoint_service" "access_analyzer" {
+ count = var.create_vpc && var.enable_access_analyzer_endpoint ? 1 : 0
+
+ service = "access-analyzer"
+}
+
+resource "aws_vpc_endpoint" "access_analyzer" {
+ count = var.create_vpc && var.enable_access_analyzer_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.access_analyzer[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.access_analyzer_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.access_analyzer_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.access_analyzer_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}
+
+#######################
+# VPC Endpoint for EBS
+#######################
+data "aws_vpc_endpoint_service" "ebs" {
+ count = var.create_vpc && var.enable_ebs_endpoint ? 1 : 0
+
+ service = "ebs"
+}
+
+resource "aws_vpc_endpoint" "ebs" {
+ count = var.create_vpc && var.enable_ebs_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.ebs[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.ebs_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.ebs_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.ebs_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}
+
+#######################
+# VPC Endpoint for Data Sync
+#######################
+data "aws_vpc_endpoint_service" "datasync" {
+ count = var.create_vpc && var.enable_datasync_endpoint ? 1 : 0
+
+ service = "datasync"
+}
+
+resource "aws_vpc_endpoint" "datasync" {
+ count = var.create_vpc && var.enable_datasync_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.datasync[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.datasync_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.datasync_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.datasync_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}
+
+#######################
+# VPC Endpoint for Elastic Inference Runtime
+#######################
+data "aws_vpc_endpoint_service" "elastic_inference_runtime" {
+ count = var.create_vpc && var.enable_elastic_inference_runtime_endpoint ? 1 : 0
+
+ service = "elastic-inference.runtime"
+}
+
+resource "aws_vpc_endpoint" "elastic_inference_runtime" {
+ count = var.create_vpc && var.enable_elastic_inference_runtime_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.elastic_inference_runtime[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.elastic_inference_runtime_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.elastic_inference_runtime_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.elastic_inference_runtime_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}
+
+#######################
+# VPC Endpoint for SMS
+#######################
+data "aws_vpc_endpoint_service" "sms" {
+ count = var.create_vpc && var.enable_sms_endpoint ? 1 : 0
+
+ service = "sms"
+}
+
+resource "aws_vpc_endpoint" "sms" {
+ count = var.create_vpc && var.enable_sms_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.sms[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.sms_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.sms_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.sms_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}
+
+#######################
+# VPC Endpoint for EMR
+#######################
+data "aws_vpc_endpoint_service" "emr" {
+ count = var.create_vpc && var.enable_emr_endpoint ? 1 : 0
+
+ service = "elasticmapreduce"
+}
+
+resource "aws_vpc_endpoint" "emr" {
+ count = var.create_vpc && var.enable_emr_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.emr[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.emr_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.emr_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.emr_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}
+
+#######################
+# VPC Endpoint for QLDB Session
+#######################
+data "aws_vpc_endpoint_service" "qldb_session" {
+ count = var.create_vpc && var.enable_qldb_session_endpoint ? 1 : 0
+
+ service = "qldb.session"
+}
+
+resource "aws_vpc_endpoint" "qldb_session" {
+ count = var.create_vpc && var.enable_qldb_session_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.qldb_session[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.qldb_session_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.qldb_session_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.qldb_session_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}
+
+#############################
+# VPC Endpoint for Step Function
+#############################
+data "aws_vpc_endpoint_service" "states" {
+ count = var.create_vpc && var.enable_states_endpoint ? 1 : 0
+
+ service = "states"
+}
+
+resource "aws_vpc_endpoint" "states" {
+ count = var.create_vpc && var.enable_states_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.states[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.states_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.states_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.states_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}
+
+#############################
+# VPC Endpoint for Elastic Beanstalk
+#############################
+data "aws_vpc_endpoint_service" "elasticbeanstalk" {
+ count = var.create_vpc && var.enable_elasticbeanstalk_endpoint ? 1 : 0
+
+ service = "elasticbeanstalk"
+}
+
+resource "aws_vpc_endpoint" "elasticbeanstalk" {
+ count = var.create_vpc && var.enable_elasticbeanstalk_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.elasticbeanstalk[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.elasticbeanstalk_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.elasticbeanstalk_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.elasticbeanstalk_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}
+
+#############################
+# VPC Endpoint for Elastic Beanstalk Health
+#############################
+data "aws_vpc_endpoint_service" "elasticbeanstalk_health" {
+ count = var.create_vpc && var.enable_elasticbeanstalk_health_endpoint ? 1 : 0
+
+ service = "elasticbeanstalk.health"
+}
+
+resource "aws_vpc_endpoint" "elasticbeanstalk_health" {
+ count = var.create_vpc && var.enable_elasticbeanstalk_health_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.elasticbeanstalk_health[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.elasticbeanstalk_health_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.elasticbeanstalk_health_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.elasticbeanstalk_health_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}
+
+#############################
+# VPC Endpoint for ACM PCA
+#############################
+data "aws_vpc_endpoint_service" "acm_pca" {
+ count = var.create_vpc && var.enable_acm_pca_endpoint ? 1 : 0
+
+ service = "acm-pca"
+}
+
+resource "aws_vpc_endpoint" "acm_pca" {
+ count = var.create_vpc && var.enable_acm_pca_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.acm_pca[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.acm_pca_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.acm_pca_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.acm_pca_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}
+
#######################
# VPC Endpoint for SES
#######################