FIX: corrected vpcep SG, removing default gateway endpoints, updated readme
This commit is contained in:
parent
fdd28c892a
commit
cf2667baf8
@ -16,8 +16,7 @@ Automatically, this module performs the following additional tasks
|
||||
|
||||
# Types of endpoints
|
||||
## Gateway endpoints
|
||||
At time of writing, AWS provides 2 gateway endpoints at no charge. These endpoints are deployed by default,
|
||||
unless an empty list `[]` is provided as input.
|
||||
At time of writing, AWS provides 2 gateway endpoints at no charge.
|
||||
* s3
|
||||
* dynamodb
|
||||
|
||||
|
@ -55,14 +55,15 @@ resource "aws_security_group" "vpc-ep-sg" {
|
||||
from_port = 443
|
||||
to_port = 443
|
||||
protocol = "tcp"
|
||||
cidr_blocks = [data.aws_vpc.this-vpc.cidr_block]
|
||||
# cidr_blocks = [data.aws_vpc.this-vpc.cidr_block]
|
||||
cidr_blocks = data.aws_vpc.this-vpc.cidr_block_associations.*.cidr_block
|
||||
}
|
||||
|
||||
egress {
|
||||
from_port = 0
|
||||
to_port = 0
|
||||
protocol = "-1"
|
||||
cidr_blocks = compact(concat(["0.0.0.0/0"], var.secondary_cidrs))
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
}
|
||||
|
||||
tags = { "Name" : "VpcEpAccess" }
|
||||
|
@ -5,8 +5,8 @@ variable interface-ep-services {
|
||||
}
|
||||
variable gateway-ep-services {
|
||||
type = list(string)
|
||||
default = ["s3","dynamodb"]
|
||||
description = "Gateway endpoints are free, so deploy for all supported services by default."
|
||||
default = []
|
||||
description = "s3 and dynamodb gateway endpoints are free."
|
||||
}
|
||||
variable resource-prefix {}
|
||||
variable secondary_cidrs {
|
||||
|
Loading…
Reference in New Issue
Block a user