# vpc-endpoints module
This module deploys VPC endpoints.

Automatically, this module performs the following additional tasks
- Create and attach security group which allows access from the same VPC
- Associate endpoints with 1 subnet in each availability zone

# Inputs
| Variable              | Type         | Required | Description                                     | 
|-----------------------|--------------|----------|-------------------------------------------------|
| voc-id                | string       | yes      | ID of VPC to deploy endpoints to                |
| interface-ep-services | list(string) | yes      | Interface endpoint names                        |
| gateway-ep-services   | list(string) | no       | Gateway endpoint names                          |
| resource-prefix       | string       | yes      | Prefix that will be added to resource name tags |


# Types of endpoints
## Gateway endpoints
At time of writing, AWS provides 2 gateway endpoints at no charge. 
* s3
* dynamodb

For gateway endpoints, all route tables in the VPC will be updated with routes to the private links.

Full documentation: https://docs.aws.amazon.com/vpc/latest/privatelink/gateway-endpoints.html

## Interface endpoints
Interface endpoints are placed in one subnet for every AZ. Security group is created automatically
and allow access from the VPC's cidr, plus all additional CIDRs if applicable.

At time of writing, AWS provides 200+ interface endpoints:
* access-analyzer
* account
* execute-api
* appmesh
* appmesh-envoy-management
* apprunner
* apprunner.requests
* application-autoscaling
* mgn
* appstream.api
* appstream.streaming
* appsync-api
* athena
* auditmanager
* rds
* autoscaling-plans
* backup
* backup-gateway
* batch
* billingconductor
* braket
* cleanrooms
* cloudcontrolapi
* cloudcontrolapi-fips
* clouddirectory
* cloudformation
* cloudhsmv2
* cloudtrail
* evidently
* evidently-dataplane
* monitoring
* rum
* rum-dataplane
* synthetics
* events
* logs
* codeartifact.api
* codeartifact.repositories
* codebuild
* codebuild-fips
* codecommit
* codecommit-fips
* git-codecommit
* git-codecommit-fips
* codedeploy
* codedeploy-commands-secure
* codeguru-profiler
* codeguru-reviewer
* codepipeline
* codestar-connections.api
* comprehend
* comprehendmedical
* config
* app-integrations
* cases
* connect-campaigns
* profile
* voiceid
* wisdom
* dataexchange
* dms
* dms-fips
* datasync
* devops-guru
* ds
* ebs
* ec2
* autoscaling
* imagebuilder
* ecr.api
* ecr.dkr
* ecs
* ecs-agent
* ecs-telemetry
* eks
* elasticbeanstalk
* elasticbeanstalk-health
* drs
* elasticfilesystem
* elasticfilesystem-fips
* elastic-inference.runtime
* elasticloadbalancing
* elasticache
* elasticache-fips
* elasticmapreduce
* emr-containers
* emr-serverless
* events
* fis
* finspace
* finspace-api
* forecast
* forecastquery
* forecast-fips
* forecastquery-fips
* frauddetector
* fsx
* fsx-fips
* glue
* databrew
* grafana
* grafana-workspace
* groundstation
* guardduty-data
* guardduty-data-fips
* healthlake
* identitystore
* rolesanywhere
* inspector2
* iot.data
* iot.fleethub.api
* deviceadvisor.iot
* iotwireless.api
* lorawan.cups
* lorawan.lns
* iotfleetwise
* greengrass
* iotroborunner
* iotsitewise.api
* iotsitewise.data
* iottwinmaker.api
* iottwinmaker.data
* kendra
* kendra-ranking
* kms
* kms-fips
* cassandra
* cassandra-fips
* kinesis-firehose
* kinesis-streams
* lakeformation
* lambda
* models-v2-lex
* runtime-v2-lex
* license-manager
* license-manager-fips
* lookoutequipment
* lookoutmetrics
* lookoutvision
* macie2
* m2
* aps
* aps-workspaces
* airflow.api
* airflow.env
* airflow.ops
* console
* signin
* memory-db
* memorydb-fips
* migrationhub-orchestrator
* refactor-spaces
* migrationhub-strategy
* nimble
* analytics-omics
* control-storage-omics
* storage-omics
* tags-omics
* workflows-omics
* service-managed
* panorama
* payment-cryptography.controlplane
* payment-cryptography.dataplane
* personalize
* personalize-events
* personalize-runtime
* pinpoint
* pinpoint-sms-voice-v2
* polly
* private-networks
* acm-pca
* proton
* qldb.session
* rds
* rds-data
* redshift
* redshift-fips
* redshift-data
* rekognition
* rekognition-fips
* streaming-rekognition
* streaming-rekognition-fips
* robomaker
* s3
* com.amazonaws.s3-global.accesspoint
* s3-outposts
* aws.sagemaker.region.notebook
* aws.sagemaker.region.studio
* sagemaker.api
* sagemaker.featurestore-runtime
* sagemaker.metrics
* sagemaker.runtime
* sagemaker.runtime-fips
* secretsmanager
* securityhub
* sts
* servicecatalog
* servicecatalog-appregistry
* email-smtp
* simspaceweaver
* snow-device-management
* sns
* sqs
* swf
* swf-fips
* states
* sync-states
* storagegateway
* ec2messages
* ssm
* ssm-contacts
* ssm-incidents
* ssmmessages
* tnb
* textract
* textract-fips
* transcribe
* transcribestreaming
* transcribe
* transcribestreaming
* transfer
* transfer.server
* translate
* verifiedpermissions
* vpc-lattice
* workspaces
* xray


Full documentation: https://docs.aws.amazon.com/vpc/latest/privatelink/aws-services-privatelink-support.html


## Example
```hcl
module "vpc-ep" {
  count  = var.create-free-vpc-endpoints ? 1 : 0
  source = "../vpc-endpoints"

  gateway-ep-services   = ["s3", "dynamodb"]
  interface-ep-services = []
  resource-prefix       = var.resource-prefix
  vpc-id                = aws_vpc.vpc.id
}
```