diff --git a/.circleci/config.yml b/.circleci/config.yml
index e8c4b96b0..d0b402ed8 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -8,17 +8,22 @@ terraform: &terraform
jobs:
validate:
<<: *terraform
+ environment:
+ AWS_DEFAULT_REGION: us-east-1
steps:
- checkout
+ - run:
+ name: Install curl
+ command: apk add --update curl
# - run:
# name: Add github.com to ~/.ssh/known_hosts
# command: mkdir ~/.ssh && ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
- run:
name: terraform init
- command: terraform init -input=false
+ command: find . -type f -name "*.tf" -exec dirname {} \;|sort -u | while read m; do (cd "$m" && terraform init -input=false -backend=false) || exit 1; done
- run:
name: Validate Terraform configurations
- command: find . -type f -name "*.tf" -exec dirname {} \;|sort -u | while read m; do (terraform validate -check-variables=false "$m" && echo "√ $m") || exit 1 ; done
+ command: find . -name ".terraform" -prune -o -type f -name "*.tf" -exec dirname {} \;|sort -u | while read m; do (cd "$m" && terraform validate && echo "√ $m") || exit 1 ; done
- run:
name: Check if Terraform configurations are properly formatted
command: if [[ -n "$(terraform fmt -write=false)" ]]; then echo "Some terraform files need be formatted, run 'terraform fmt' to fix"; exit 1; fi
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index d6a452afd..150a8c859 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: git://github.com/antonbabenko/pre-commit-terraform
- rev: v1.15.0
+ rev: v1.17.0
hooks:
- id: terraform_fmt
- id: terraform_docs
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8578537b3..70e3a97d1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,9 +3,31 @@
+
+## [v2.9.0] - 2019-07-21
+
+- Fixed README after merge
+- Output var.name ([#303](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/303))
+
+
+
+## [v2.8.0] - 2019-07-21
+
+- Updated CHANGELOG
+- Fixed README after merge
+- Additional VPC Endpoints ([#302](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/302))
+- Added Kinesis streams and firehose VPC endpoints ([#301](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/301))
+- adding transfer server vpc end point support
+- adding codebuild, codecommit and git-codecommit vpc end point support
+- adding config vpc end point support
+- adding secrets manager vpc end point support
+- Updated version of pre-commit-terraform
+
+
## [v2.7.0] - 2019-06-17
+- Updated CHANGELOG
- Updated pre-commit-terraform to support terraform-docs and Terraform 0.12 ([#288](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/288))
@@ -525,13 +547,13 @@
- Reverted bad merge, fixed [#33](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/33)
-
-## [v1.5.1] - 2017-11-23
+
+## [v1.5.0] - 2017-11-23
-
-## [v1.5.0] - 2017-11-23
+
+## [v1.5.1] - 2017-11-23
- Reverted bad merge, fixed [#33](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/33)
- Set enable_dns_support=true by default
@@ -609,7 +631,9 @@
- Initial commit
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.7.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.9.0...HEAD
+[v2.9.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.8.0...v2.9.0
+[v2.8.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.7.0...v2.8.0
[v2.7.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.6.0...v2.7.0
[v2.6.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.67.0...v2.6.0
[v1.67.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.5.0...v1.67.0
@@ -684,9 +708,9 @@
[v1.8.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.7.0...v1.8.0
[v1.7.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.6.0...v1.7.0
[v1.6.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.4.1...v1.6.0
-[v1.4.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.5.1...v1.4.1
-[v1.5.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.5.0...v1.5.1
-[v1.5.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.4.0...v1.5.0
+[v1.4.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.5.0...v1.4.1
+[v1.5.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.5.1...v1.5.0
+[v1.5.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.4.0...v1.5.1
[v1.4.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.3.0...v1.4.0
[v1.3.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.2.0...v1.3.0
[v1.2.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.1.0...v1.2.0
diff --git a/README.md b/README.md
index b69e66985..77f3f8054 100644
--- a/README.md
+++ b/README.md
@@ -16,9 +16,8 @@ These types of resources are supported:
* [VPN Gateway](https://www.terraform.io/docs/providers/aws/r/vpn_gateway.html)
* [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html):
* Gateway: S3, DynamoDB
- * Interface: EC2, SSM, EC2 Messages, SSM Messages, SQS, ECR API, ECR DKR, API Gateway, KMS,
- ECS, ECS Agent, ECS Telemetry, SNS, CloudWatch(Monitoring, Logs, Events), Elastic Load Balancing,
- CloudTrail
+ * Interface: EC2, SSM, EC2 Messages, SSM Messages, SQS, ECR API, ECR DKR, API Gateway, KMS,
+ECS, ECS Agent, ECS Telemetry, SNS, CloudWatch(Monitoring, Logs, Events), Elastic Load Balancing, CloudTrail, Secrets Manager, Config, Codebuild, Codecommit, Git-Codecommit, Transfer Server, Kinesis Streams, Kinesis Firehose
* [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html)
* [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html)
* [Redshift Subnet Group](https://www.terraform.io/docs/providers/aws/r/redshift_subnet_group.html)
@@ -214,6 +213,15 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
| cloudtrail\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CloudTrail endpoint | bool | `"false"` | no |
| cloudtrail\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CloudTrail endpoint | list(string) | `[]` | no |
| cloudtrail\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CloudTrail endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
+| codebuild\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Codebuild endpoint | string | `"false"` | no |
+| codebuild\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Codebuild endpoint | list | `[]` | no |
+| codebuild\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Codebuilt endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| codecommit\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Codecommit endpoint | string | `"false"` | no |
+| codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Codecommit endpoint | list | `[]` | no |
+| codecommit\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| config\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for config endpoint | string | `"false"` | no |
+| config\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for config endpoint | list | `[]` | no |
+| config\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for config endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
| create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | bool | `"false"` | no |
| create\_database\_nat\_gateway\_route | Controls if a nat gateway route should be created to give internet access to the database subnets | bool | `"false"` | no |
| create\_database\_subnet\_group | Controls if database subnet group should be created | bool | `"true"` | no |
@@ -281,6 +289,9 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
| elasticloadbalancing\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Elastic Load Balancing endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
| enable\_apigw\_endpoint | Should be true if you want to provision an api gateway endpoint to the VPC | bool | `"false"` | no |
| enable\_cloudtrail\_endpoint | Should be true if you want to provision a CloudTrail endpoint to the VPC | bool | `"false"` | no |
+| enable\_codebuild\_endpoint | Should be true if you want to provision an Codebuild endpoint to the VPC | string | `"false"` | no |
+| enable\_codecommit\_endpoint | Should be true if you want to provision an Codecommit endpoint to the VPC | string | `"false"` | no |
+| enable\_config\_endpoint | Should be true if you want to provision an config endpoint to the VPC | string | `"false"` | no |
| enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | bool | `"false"` | no |
| enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | bool | `"false"` | no |
| enable\_dns\_support | Should be true to enable DNS support in the VPC | bool | `"true"` | no |
@@ -294,21 +305,29 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
| enable\_ecs\_telemetry\_endpoint | Should be true if you want to provision a ECS Telemetry endpoint to the VPC | bool | `"false"` | no |
| enable\_elasticloadbalancing\_endpoint | Should be true if you want to provision a Elastic Load Balancing endpoint to the VPC | bool | `"false"` | no |
| enable\_events\_endpoint | Should be true if you want to provision a CloudWatch Events endpoint to the VPC | bool | `"false"` | no |
+| enable\_git\_codecommit\_endpoint | Should be true if you want to provision an Git Codecommit endpoint to the VPC | string | `"false"` | no |
+| enable\_kinesis\_firehose\_endpoint | Should be true if you want to provision a Kinesis Firehose endpoint to the VPC | bool | `"false"` | no |
+| enable\_kinesis\_streams\_endpoint | Should be true if you want to provision a Kinesis Streams endpoint to the VPC | bool | `"false"` | no |
| enable\_kms\_endpoint | Should be true if you want to provision a KMS endpoint to the VPC | bool | `"false"` | no |
| enable\_logs\_endpoint | Should be true if you want to provision a CloudWatch Logs endpoint to the VPC | bool | `"false"` | no |
| enable\_monitoring\_endpoint | Should be true if you want to provision a CloudWatch Monitoring endpoint to the VPC | bool | `"false"` | no |
| enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | bool | `"false"` | no |
| enable\_public\_redshift | Controls if redshift should have public routing table | bool | `"false"` | no |
| enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | bool | `"false"` | no |
+| enable\_secretsmanager\_endpoint | Should be true if you want to provision an Secrets Manager endpoint to the VPC | bool | `"false"` | no |
| enable\_sns\_endpoint | Should be true if you want to provision a SNS endpoint to the VPC | bool | `"false"` | no |
| enable\_sqs\_endpoint | Should be true if you want to provision an SQS endpoint to the VPC | string | `"false"` | no |
| enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | bool | `"false"` | no |
| enable\_ssmmessages\_endpoint | Should be true if you want to provision a SSMMESSAGES endpoint to the VPC | bool | `"false"` | no |
+| enable\_transferserver\_endpoint | Should be true if you want to provision a Transer Server endpoint to the VPC | bool | `"false"` | no |
| enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | bool | `"false"` | no |
| events\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Events endpoint | bool | `"false"` | no |
| events\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CloudWatch Events endpoint | list(string) | `[]` | no |
| events\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CloudWatch Events endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
| external\_nat\_ip\_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list(string) | `[]` | no |
+| git\_codecommit\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint | string | `"false"` | no |
+| git\_codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint | list | `[]` | no |
+| git\_codecommit\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Git Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
| igw\_tags | Additional tags for the internet gateway | map(string) | `{}` | no |
| instance\_tenancy | A tenancy option for instances launched into the VPC | string | `"default"` | no |
| intra\_acl\_tags | Additional tags for the intra subnets network ACL | map(string) | `{}` | no |
@@ -319,6 +338,12 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
| intra\_subnet\_suffix | Suffix to append to intra subnets name | string | `"intra"` | no |
| intra\_subnet\_tags | Additional tags for the intra subnets | map(string) | `{}` | no |
| intra\_subnets | A list of intra subnets | list(string) | `[]` | no |
+| kinesis\_firehose\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Kinesis Firehose endpoint | bool | `"false"` | no |
+| kinesis\_firehose\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Kinesis Firehose endpoint | list(string) | `[]` | no |
+| kinesis\_firehose\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Kinesis Firehose endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
+| kinesis\_streams\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Kinesis Streams endpoint | bool | `"false"` | no |
+| kinesis\_streams\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Kinesis Streams endpoint | list(string) | `[]` | no |
+| kinesis\_streams\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Kinesis Streams endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
| kms\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for KMS endpoint | bool | `"false"` | no |
| kms\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for KMS endpoint | list(string) | `[]` | no |
| kms\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for KMS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
@@ -364,6 +389,9 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
| redshift\_subnets | A list of redshift subnets | list(string) | `[]` | no |
| reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | bool | `"false"` | no |
| secondary\_cidr\_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list(string) | `[]` | no |
+| secretsmanager\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Secrets Manager endpoint | bool | `"false"` | no |
+| secretsmanager\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Secrets Manager endpoint | list(string) | `[]` | no |
+| secretsmanager\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Secrets Manager endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
| single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | bool | `"false"` | no |
| sns\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SNS endpoint | bool | `"false"` | no |
| sns\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SNS endpoint | list(string) | `[]` | no |
@@ -378,6 +406,9 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
| ssmmessages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint | list(string) | `[]` | no |
| ssmmessages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
| tags | A map of tags to add to all resources | map(string) | `{}` | no |
+| transferserver\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Transfer Server endpoint | bool | `"false"` | no |
+| transferserver\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Transfer Server endpoint | list(string) | `[]` | no |
+| transferserver\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Transfer Server endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
| vpc\_tags | Additional tags for the VPC | map(string) | `{}` | no |
| vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `""` | no |
| vpn\_gateway\_tags | Additional tags for the VPN gateway | map(string) | `{}` | no |
@@ -418,6 +449,7 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
| intra\_subnet\_arns | List of ARNs of intra subnets |
| intra\_subnets | List of IDs of intra subnets |
| intra\_subnets\_cidr\_blocks | List of cidr_blocks of intra subnets |
+| name | The name of the VPC specified as argument to this module |
| nat\_ids | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway |
| natgw\_ids | List of NAT Gateway IDs |
diff --git a/main.tf b/main.tf
index 456a6bb0c..e6146968e 100644
--- a/main.tf
+++ b/main.tf
@@ -899,6 +899,90 @@ resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
}
+#############################
+# VPC Endpoint for Codebuild
+#############################
+data "aws_vpc_endpoint_service" "codebuild" {
+ count = var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0
+
+ service = "codebuild"
+}
+
+resource "aws_vpc_endpoint" "codebuild" {
+ count = var.create_vpc && var.enable_codebuild_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.codebuild[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.codebuild_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.codebuild_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.codebuild_endpoint_private_dns_enabled
+}
+
+###############################
+# VPC Endpoint for Code Commit
+###############################
+data "aws_vpc_endpoint_service" "codecommit" {
+ count = var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0
+
+ service = "codecommit"
+}
+
+resource "aws_vpc_endpoint" "codecommit" {
+ count = var.create_vpc && var.enable_codecommit_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.codecommit[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.codecommit_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.codecommit_endpoint_private_dns_enabled
+}
+
+###################################
+# VPC Endpoint for Git Code Commit
+###################################
+data "aws_vpc_endpoint_service" "git_codecommit" {
+ count = var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0
+
+ service = "git-codecommit"
+}
+
+resource "aws_vpc_endpoint" "git_codecommit" {
+ count = var.create_vpc && var.enable_git_codecommit_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.git_codecommit[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.git_codecommit_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.git_codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.git_codecommit_endpoint_private_dns_enabled
+}
+
+##########################
+# VPC Endpoint for Config
+##########################
+data "aws_vpc_endpoint_service" "config" {
+ count = var.create_vpc && var.enable_config_endpoint ? 1 : 0
+
+ service = "config"
+}
+
+resource "aws_vpc_endpoint" "config" {
+ count = var.create_vpc && var.enable_config_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.config[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.config_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.config_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.config_endpoint_private_dns_enabled
+}
+
#######################
# VPC Endpoint for SQS
#######################
@@ -920,6 +1004,27 @@ resource "aws_vpc_endpoint" "sqs" {
private_dns_enabled = var.sqs_endpoint_private_dns_enabled
}
+###################################
+# VPC Endpoint for Secrets Manager
+###################################
+data "aws_vpc_endpoint_service" "secretsmanager" {
+ count = var.create_vpc && var.enable_secretsmanager_endpoint ? 1 : 0
+
+ service = "secretsmanager"
+}
+
+resource "aws_vpc_endpoint" "secretsmanager" {
+ count = var.create_vpc && var.enable_secretsmanager_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.secretsmanager[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.secretsmanager_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.secretsmanager_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.secretsmanager_endpoint_private_dns_enabled
+}
+
#######################
# VPC Endpoint for SSM
#######################
@@ -1004,6 +1109,27 @@ resource "aws_vpc_endpoint" "ec2messages" {
private_dns_enabled = var.ec2messages_endpoint_private_dns_enabled
}
+###################################
+# VPC Endpoint for Transfer Server
+###################################
+data "aws_vpc_endpoint_service" "transferserver" {
+ count = var.create_vpc && var.enable_transferserver_endpoint ? 1 : 0
+
+ service = "transfer.server"
+}
+
+resource "aws_vpc_endpoint" "transferserver" {
+ count = var.create_vpc && var.enable_transferserver_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.transferserver[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.transferserver_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.transferserver_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.transferserver_endpoint_private_dns_enabled
+}
+
###########################
# VPC Endpoint for ECR API
###########################
@@ -1286,6 +1412,50 @@ resource "aws_vpc_endpoint" "cloudtrail" {
}
+#######################
+# VPC Endpoint for Kinesis Streams
+#######################
+data "aws_vpc_endpoint_service" "kinesis_streams" {
+ count = var.create_vpc && var.enable_kinesis_streams_endpoint ? 1 : 0
+
+ service = "kinesis-streams"
+}
+
+resource "aws_vpc_endpoint" "kinesis_streams" {
+ count = var.create_vpc && var.enable_kinesis_streams_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.kinesis_streams[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.kinesis_streams_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.kinesis_streams_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.kinesis_streams_endpoint_private_dns_enabled
+}
+
+
+#######################
+# VPC Endpoint for Kinesis Firehose
+#######################
+data "aws_vpc_endpoint_service" "kinesis_firehose" {
+ count = var.create_vpc && var.enable_kinesis_firehose_endpoint ? 1 : 0
+
+ service = "kinesis-firehose"
+}
+
+resource "aws_vpc_endpoint" "kinesis_firehose" {
+ count = var.create_vpc && var.enable_kinesis_firehose_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.kinesis_firehose[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.kinesis_firehose_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.kinesis_firehose_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.kinesis_firehose_endpoint_private_dns_enabled
+}
+
+
##########################
# Route table association
##########################
diff --git a/outputs.tf b/outputs.tf
index 71164fcd6..1f43e8151 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -624,3 +624,7 @@ output "azs" {
value = var.azs
}
+output "name" {
+ description = "The name of the VPC specified as argument to this module"
+ value = var.name
+}
diff --git a/variables.tf b/variables.tf
index e063fe2cb..e83983643 100644
--- a/variables.tf
+++ b/variables.tf
@@ -218,6 +218,86 @@ variable "enable_s3_endpoint" {
default = false
}
+variable "enable_codebuild_endpoint" {
+ description = "Should be true if you want to provision an Codebuild endpoint to the VPC"
+ default = false
+}
+
+variable "codebuild_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Codebuild endpoint"
+ default = []
+}
+
+variable "codebuild_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Codebuilt endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+ default = []
+}
+
+variable "codebuild_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Codebuild endpoint"
+ default = false
+}
+
+variable "enable_codecommit_endpoint" {
+ description = "Should be true if you want to provision an Codecommit endpoint to the VPC"
+ default = false
+}
+
+variable "codecommit_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Codecommit endpoint"
+ default = []
+}
+
+variable "codecommit_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+ default = []
+}
+
+variable "codecommit_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Codecommit endpoint"
+ default = false
+}
+
+variable "enable_git_codecommit_endpoint" {
+ description = "Should be true if you want to provision an Git Codecommit endpoint to the VPC"
+ default = false
+}
+
+variable "git_codecommit_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint"
+ default = []
+}
+
+variable "git_codecommit_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Git Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+ default = []
+}
+
+variable "git_codecommit_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint"
+ default = false
+}
+
+variable "enable_config_endpoint" {
+ description = "Should be true if you want to provision an config endpoint to the VPC"
+ default = false
+}
+
+variable "config_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for config endpoint"
+ default = []
+}
+
+variable "config_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for config endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+ default = []
+}
+
+variable "config_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for config endpoint"
+ default = false
+}
+
variable "enable_sqs_endpoint" {
description = "Should be true if you want to provision an SQS endpoint to the VPC"
default = false
@@ -262,8 +342,26 @@ variable "ssm_endpoint_private_dns_enabled" {
default = false
}
-variable "enable_ssmmessages_endpoint" {
- description = "Should be true if you want to provision a SSMMESSAGES endpoint to the VPC"
+variable "enable_secretsmanager_endpoint" {
+ description = "Should be true if you want to provision an Secrets Manager endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "secretsmanager_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Secrets Manager endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "secretsmanager_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Secrets Manager endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "secretsmanager_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Secrets Manager endpoint"
type = bool
default = false
}
@@ -292,6 +390,12 @@ variable "apigw_endpoint_subnet_ids" {
default = []
}
+variable "enable_ssmmessages_endpoint" {
+ description = "Should be true if you want to provision a SSMMESSAGES endpoint to the VPC"
+ type = bool
+ default = false
+}
+
variable "ssmmessages_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint"
type = list(string)
@@ -310,6 +414,31 @@ variable "ssmmessages_endpoint_private_dns_enabled" {
default = false
}
+variable "enable_transferserver_endpoint" {
+ description = "Should be true if you want to provision a Transer Server endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "transferserver_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Transfer Server endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "transferserver_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Transfer Server endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "transferserver_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Transfer Server endpoint"
+ type = bool
+ default = false
+}
+
+
variable "enable_ec2_endpoint" {
description = "Should be true if you want to provision an EC2 endpoint to the VPC"
type = bool
@@ -646,6 +775,54 @@ variable "cloudtrail_endpoint_private_dns_enabled" {
default = false
}
+variable "enable_kinesis_streams_endpoint" {
+ description = "Should be true if you want to provision a Kinesis Streams endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "kinesis_streams_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Kinesis Streams endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "kinesis_streams_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Kinesis Streams endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "kinesis_streams_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Kinesis Streams endpoint"
+ type = bool
+ default = false
+}
+
+variable "enable_kinesis_firehose_endpoint" {
+ description = "Should be true if you want to provision a Kinesis Firehose endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "kinesis_firehose_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for Kinesis Firehose endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "kinesis_firehose_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for Kinesis Firehose endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "kinesis_firehose_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for Kinesis Firehose endpoint"
+ type = bool
+ default = false
+}
+
variable "map_public_ip_on_launch" {
description = "Should be false if you do not want to auto-assign public IP on launch"
type = bool