feat(ec2): EFS interface VPC endpoint (#6961)

* feat(ec2): add efs interface vpc endpoint

fixes #6960

* Update package.json doc links

* Added test

Co-authored-by: Rico Huijbers <rix0rrr@gmail.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

packages/@aws-cdk/aws-ec2/README.md

@@ -438,6 +438,7 @@ Alternatively, existing security groups can be used by specifying the `securityG
 
 ## VPC endpoint services
 A VPC endpoint service enables you to expose a Network Load Balancer(s) as a provider service to consumers, who connect to your service over a VPC endpoint. You can restrict access to your service via whitelisted principals (anything that extends ArnPrincipal), and require that new connections be manually accepted.
+
 ```ts
 new VpcEndpointService(this, "EndpointService", {
   vpcEndpointServiceLoadBalancers: [networkLoadBalancer1, networkLoadBalancer2],

packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts

@@ -254,6 +254,8 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
   public static readonly ECS = new InterfaceVpcEndpointAwsService('ecs');
   public static readonly ECS_AGENT = new InterfaceVpcEndpointAwsService('ecs-agent');
   public static readonly ECS_TELEMETRY = new InterfaceVpcEndpointAwsService('ecs-telemetry');
+  public static readonly ELASTIC_FILESYSTEM = new InterfaceVpcEndpointAwsService('elasticfilesystem');
+  public static readonly ELASTIC_FILESYSTEM_FIPS = new InterfaceVpcEndpointAwsService('elasticfilesystem-fips');
   public static readonly ELASTIC_INFERENCE_RUNTIME = new InterfaceVpcEndpointAwsService('elastic-inference.runtime');
   public static readonly ELASTIC_LOAD_BALANCING = new InterfaceVpcEndpointAwsService('elasticloadbalancing');
   public static readonly CLOUDWATCH_EVENTS = new InterfaceVpcEndpointAwsService('events');

packages/@aws-cdk/aws-ec2/package.json

@@ -204,6 +204,8 @@
       "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ECS",
       "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ECS_AGENT",
       "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ECS_TELEMETRY",
+      "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM",
+      "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM_FIPS",
       "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ELASTIC_INFERENCE_RUNTIME",
       "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ELASTIC_LOAD_BALANCING",
       "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.KINESIS_STREAMS",

packages/@aws-cdk/aws-ec2/test/test.vpc-endpoint.ts

@@ -309,6 +309,24 @@ export = {
 
       test.done();
     },
+    'with existing security groups for efs'(test: Test) {
+      // GIVEN
+      const stack = new Stack();
+      const vpc = new Vpc(stack, 'VpcNetwork');
+
+      // WHEN
+      vpc.addInterfaceEndpoint('Efs', {
+        service: InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM,
+        securityGroups: [SecurityGroup.fromSecurityGroupId(stack, 'SG', 'existing-id')]
+      });
+
+      // THEN
+      expect(stack).to(haveResource('AWS::EC2::VPCEndpoint', {
+        SecurityGroupIds: ['existing-id'],
+      }));
+
+      test.done();
+    },
     'security group has ingress by default'(test: Test) {
       // GIVEN
       const stack = new Stack();