diff --git a/modules/networking/vpc-endpoints/README.md b/modules/networking/vpc-endpoints/README.md index 3b5fe1b..4ebbf98 100644 --- a/modules/networking/vpc-endpoints/README.md +++ b/modules/networking/vpc-endpoints/README.md @@ -16,8 +16,7 @@ Automatically, this module performs the following additional tasks # Types of endpoints ## Gateway endpoints -At time of writing, AWS provides 2 gateway endpoints at no charge. These endpoints are deployed by default, -unless an empty list `[]` is provided as input. +At time of writing, AWS provides 2 gateway endpoints at no charge. * s3 * dynamodb diff --git a/modules/networking/vpc-endpoints/main.tf b/modules/networking/vpc-endpoints/main.tf index 9dc9412..22f4ff6 100644 --- a/modules/networking/vpc-endpoints/main.tf +++ b/modules/networking/vpc-endpoints/main.tf @@ -55,14 +55,15 @@ resource "aws_security_group" "vpc-ep-sg" { from_port = 443 to_port = 443 protocol = "tcp" - cidr_blocks = [data.aws_vpc.this-vpc.cidr_block] + # cidr_blocks = [data.aws_vpc.this-vpc.cidr_block] + cidr_blocks = data.aws_vpc.this-vpc.cidr_block_associations.*.cidr_block } egress { from_port = 0 to_port = 0 protocol = "-1" - cidr_blocks = compact(concat(["0.0.0.0/0"], var.secondary_cidrs)) + cidr_blocks = ["0.0.0.0/0"] } tags = { "Name" : "VpcEpAccess" } diff --git a/modules/networking/vpc-endpoints/variables.tf b/modules/networking/vpc-endpoints/variables.tf index 3fa355f..8fe041d 100644 --- a/modules/networking/vpc-endpoints/variables.tf +++ b/modules/networking/vpc-endpoints/variables.tf @@ -5,8 +5,8 @@ variable interface-ep-services { } variable gateway-ep-services { type = list(string) - default = ["s3","dynamodb"] - description = "Gateway endpoints are free, so deploy for all supported services by default." + default = [] + description = "s3 and dynamodb gateway endpoints are free." } variable resource-prefix {} variable secondary_cidrs {