92 lines
2.2 KiB
HCL
92 lines
2.2 KiB
HCL
data "aws_region" "this" {}
|
|
|
|
resource "aws_vpc_endpoint" "vpc-interface-ep" {
|
|
for_each = toset(var.interface-ep-services)
|
|
vpc_id = data.aws_vpc.this-vpc.id
|
|
service_name = "com.amazonaws.${data.aws_region.this.name}.${each.value}"
|
|
vpc_endpoint_type = "Interface"
|
|
|
|
security_group_ids = [
|
|
aws_security_group.vpc-ep-sg.id,
|
|
]
|
|
|
|
# deploy to all subnets
|
|
subnet_ids = local.one_subnet_in_each_az
|
|
|
|
private_dns_enabled = true
|
|
tags = merge({ "Name" : "${var.resource-prefix}-vpcep-${each.value}" }, var.default-tags)
|
|
|
|
lifecycle {
|
|
precondition {
|
|
condition = data.aws_vpc.this-vpc.enable_dns_support
|
|
error_message = "enableDnsSupport needs to be turned on."
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "aws_vpc_endpoint" "vpc-gateway-ep" {
|
|
for_each = toset(var.gateway-ep-services)
|
|
vpc_id = data.aws_vpc.this-vpc.id
|
|
service_name = "com.amazonaws.${data.aws_region.this.name}.${each.value}"
|
|
vpc_endpoint_type = "Gateway"
|
|
|
|
tags = merge({ "Name" : "${var.resource-prefix}-vpcep-${each.value}" }, var.default-tags)
|
|
}
|
|
|
|
resource random_id rid {
|
|
byte_length = 2
|
|
}
|
|
|
|
resource "aws_security_group" "vpc-ep-sg" {
|
|
name = "HttpsAccessToVpcEndpoints-${random_id.rid.dec}"
|
|
description = "HttpsAccessToVpcEndpoints-${random_id.rid.dec}"
|
|
vpc_id = data.aws_vpc.this-vpc.id
|
|
|
|
ingress {
|
|
description = "TLS from VPC"
|
|
from_port = 443
|
|
to_port = 443
|
|
protocol = "tcp"
|
|
cidr_blocks = [data.aws_vpc.this-vpc.cidr_block]
|
|
}
|
|
|
|
egress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
tags = merge({ "Name" : "VpcEpAccess" }, var.default-tags)
|
|
}
|
|
|
|
|
|
|
|
data "aws_vpc" "this-vpc" {
|
|
id = var.vpc-id
|
|
}
|
|
|
|
data "aws_subnets" "this" {
|
|
filter {
|
|
name = "vpc-id"
|
|
values = [var.vpc-id]
|
|
}
|
|
}
|
|
|
|
data "aws_subnet" "this" {
|
|
for_each = toset(data.aws_subnets.this.ids)
|
|
id = each.key
|
|
}
|
|
|
|
locals {
|
|
subnets_azs = {
|
|
for s in data.aws_subnet.this : s.availability_zone => s.id
|
|
}
|
|
one_subnet_in_each_az = compact([
|
|
for az in data.aws_availability_zones.this.names : lookup(local.subnets_azs, az, "")
|
|
])
|
|
}
|
|
|
|
data "aws_availability_zones" "this" {
|
|
state = "available"
|
|
} |