Provides a VPC Endpoint Policy resource.
data "aws_vpc_endpoint_service" "example" {
service = "dynamodb"
}
resource "aws_vpc" "example" {
cidr_block = "10.0.0.0/16"
}
resource "aws_vpc_endpoint" "example" {
service_name = data.aws_vpc_endpoint_service.example.service_name
vpc_id = aws_vpc.example.id
}
resource "aws_vpc_endpoint_policy" "example" {
vpc_endpoint_id = aws_vpc_endpoint.example.id
policy = jsonencode({
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "AllowAll",
"Effect" : "Allow",
"Principal" : {
"AWS" : "*"
},
"Action" : [
"dynamodb:*"
],
"Resource" : "*"
}
]
})
}
This resource supports the following arguments:
vpc_endpoint_id
- (Required) The VPC Endpoint ID.policy
- (Optional) A policy to attach to the endpoint that controls access to the service. Defaults to full access. All Gateway
and some Interface
endpoints support policies - see the relevant AWS documentation for more details. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.This resource exports the following attributes in addition to the arguments above:
id
- The ID of the VPC endpoint.In Terraform v1.5.0 and later, use an import
block to import VPC Endpoint Policies using the id
. For example:
import {
to = aws_vpc_endpoint_policy.example
id = "vpce-3ecf2a57"
}
Using terraform import
, import VPC Endpoint Policies using the id
. For example:
% terraform import aws_vpc_endpoint_policy.example vpce-3ecf2a57