hashicorp · bflad · Nov 2, 2019 · Oct 14, 2019 · bflad · Nov 2, 2019
diff --git a/aws/data_source_aws_vpc_endpoint.go b/aws/data_source_aws_vpc_endpoint.go
@@ -36,6 +36,7 @@ func dataSourceAwsVpcEndpoint() *schema.Resource {
 					},
 				},
 			},
+			"filter": ec2CustomFiltersSchema(),
 			"id": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -125,6 +126,12 @@ func dataSourceAwsVpcEndpointRead(d *schema.ResourceData, meta interface{}) erro
 			"service-name":       d.Get("service_name").(string),
 		},
 	)
+	req.Filters = append(req.Filters, buildEC2TagFilterList(
+		tagsFromMap(d.Get("tags").(map[string]interface{})),
+	)...)
+	req.Filters = append(req.Filters, buildEC2CustomFilterList(
+		d.Get("filter").(*schema.Set),
+	)...)
 	if len(req.Filters) == 0 {
 		// Don't send an empty filters list; the EC2 API won't accept it.
 		req.Filters = nil

diff --git a/aws/data_source_aws_vpc_endpoint_test.go b/aws/data_source_aws_vpc_endpoint_test.go
@@ -64,6 +64,62 @@ func TestAccDataSourceAwsVpcEndpoint_byId(t *testing.T) {
 	})
 }
 
+func TestAccDataSourceAwsVpcEndpoint_byFilter(t *testing.T) {
+	datasourceName := "data.aws_vpc_endpoint.test"
+	rName := fmt.Sprintf("tf-testacc-vpce-%s", acctest.RandStringFromCharSet(16, acctest.CharSetAlphaNum))
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAwsVpcEndpointConfig_byFilter(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(datasourceName, "vpc_endpoint_type", "Gateway"),
+					resource.TestCheckResourceAttrSet(datasourceName, "prefix_list_id"),
+					resource.TestCheckResourceAttrSet(datasourceName, "cidr_blocks.#"),
+					resource.TestCheckResourceAttr(datasourceName, "route_table_ids.#", "0"),
+					resource.TestCheckResourceAttr(datasourceName, "subnet_ids.#", "0"),
+					resource.TestCheckResourceAttr(datasourceName, "network_interface_ids.#", "0"),
+					resource.TestCheckResourceAttr(datasourceName, "security_group_ids.#", "0"),
+					resource.TestCheckResourceAttr(datasourceName, "private_dns_enabled", "false"),
+					resource.TestCheckResourceAttr(datasourceName, "requester_managed", "false"),
+					resource.TestCheckResourceAttr(datasourceName, "tags.%", "0"),
+					testAccCheckResourceAttrAccountID(datasourceName, "owner_id"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAwsVpcEndpoint_byTags(t *testing.T) {
+	datasourceName := "data.aws_vpc_endpoint.test"
+	rName := fmt.Sprintf("tf-testacc-vpce-%s", acctest.RandStringFromCharSet(16, acctest.CharSetAlphaNum))
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAwsVpcEndpointConfig_byTags(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(datasourceName, "vpc_endpoint_type", "Gateway"),
+					resource.TestCheckResourceAttrSet(datasourceName, "prefix_list_id"),
+					resource.TestCheckResourceAttrSet(datasourceName, "cidr_blocks.#"),
+					resource.TestCheckResourceAttr(datasourceName, "route_table_ids.#", "0"),
+					resource.TestCheckResourceAttr(datasourceName, "subnet_ids.#", "0"),
+					resource.TestCheckResourceAttr(datasourceName, "network_interface_ids.#", "0"),
+					resource.TestCheckResourceAttr(datasourceName, "security_group_ids.#", "0"),
+					resource.TestCheckResourceAttr(datasourceName, "private_dns_enabled", "false"),
+					resource.TestCheckResourceAttr(datasourceName, "requester_managed", "false"),
+					resource.TestCheckResourceAttr(datasourceName, "tags.%", "3"),
+					testAccCheckResourceAttrAccountID(datasourceName, "owner_id"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccDataSourceAwsVpcEndpoint_gatewayWithRouteTableAndTags(t *testing.T) {
 	datasourceName := "data.aws_vpc_endpoint.test"
 	rName := fmt.Sprintf("tf-testacc-vpce-%s", acctest.RandStringFromCharSet(16, acctest.CharSetAlphaNum))
@@ -170,6 +226,67 @@ data "aws_vpc_endpoint" "test" {
 `, rName)
 }
 
+func testAccDataSourceAwsVpcEndpointConfig_byFilter(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_vpc" "test" {
+  cidr_block = "10.1.0.0/16"
+
+  tags = {
+    Name = %[1]q
+  }
+}
+
+data "aws_region" "current" {}
+
+resource "aws_vpc_endpoint" "test" {
+  vpc_id       = "${aws_vpc.test.id}"
+  service_name = "com.amazonaws.${data.aws_region.current.name}.s3"
+}
+
+data "aws_vpc_endpoint" "test" {
+  filter {
+    name   = "vpc-endpoint-id"
+    values = ["${aws_vpc_endpoint.test.id}"]
+  }
+}
+`, rName)
+}
+
+func testAccDataSourceAwsVpcEndpointConfig_byTags(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_vpc" "test" {
+  cidr_block = "10.1.0.0/16"
+
+  tags = {
+    Name = %[1]q
+  }
+}
+
+data "aws_region" "current" {}
+
+resource "aws_vpc_endpoint" "test" {
+  vpc_id       = "${aws_vpc.test.id}"
+  service_name = "com.amazonaws.${data.aws_region.current.name}.s3"
+
+  tags = {
+    Key1 = "Value1"
+    Key2 = "Value2"
+    Key3 = "Value3"
+  }
+}
+
+data "aws_vpc_endpoint" "test" {
+  vpc_id = "${aws_vpc_endpoint.test.vpc_id}"
+
+  tags = {
+    Key1 = "Value1"
+    Key2 = "Value2"
+    Key3 = "Value3"
+  }
+}
+`, rName)
+}
+
 func testAccDataSourceAwsVpcEndpointConfig_gatewayWithRouteTableAndTags(rName string) string {
 	return fmt.Sprintf(`
 resource "aws_vpc" "test" {

diff --git a/website/docs/d/vpc_endpoint.html.markdown b/website/docs/d/vpc_endpoint.html.markdown
@@ -30,14 +30,25 @@ resource "aws_vpc_endpoint_route_table_association" "private_s3" {
 The arguments of this data source act as filters for querying the available VPC endpoints.
 The given filters must match exactly one VPC endpoint whose data will be exported as attributes.
 
+* `filter` - (Optional) Custom filter block as described below.
 * `id` - (Optional) The ID of the specific VPC Endpoint to retrieve.
 * `service_name` - (Optional) The AWS service name of the specific VPC Endpoint to retrieve.
 * `state` - (Optional) The state of the specific VPC Endpoint to retrieve.
+* `tags` - (Optional) A mapping of tags, each pair of which must exactly match
+  a pair on the specific VPC Endpoint to retrieve.
 * `vpc_id` - (Optional) The ID of the VPC in which the specific VPC Endpoint is used.
 
+More complex filters can be expressed using one or more `filter` sub-blocks,
+which take the following arguments:
+
+* `name` - (Required) The name of the field to filter by, as defined by
+  [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html).
+* `values` - (Required) Set of values that are accepted for the given field.
+  A VPC Endpoint will be selected if any one of the given values matches.
+
 ## Attributes Reference
 
-In addition to all arguments above, the following attributes are exported:
+In addition to all arguments above except `filter`, the following attributes are exported:
 
 * `cidr_blocks` - The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type `Gateway`.
 * `dns_entry` - The DNS entries for the VPC Endpoint. Applicable for endpoints of type `Interface`. DNS blocks are documented below.
@@ -50,7 +61,6 @@ In addition to all arguments above, the following attributes are exported:
 * `route_table_ids` - One or more route tables associated with the VPC Endpoint. Applicable for endpoints of type `Gateway`.
 * `security_group_ids` - One or more security groups associated with the network interfaces. Applicable for endpoints of type `Interface`.
 * `subnet_ids` - One or more subnets in which the VPC Endpoint is located. Applicable for endpoints of type `Interface`.
-* `tags` - A mapping of tags assigned to the resource.
 * `vpc_endpoint_type` - The VPC Endpoint type, `Gateway` or `Interface`.
 
 DNS blocks (for `dns_entry`) support the following attributes: