awscc_ec2_vpc_endpoint (Resource)

Specifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS, an MKT Partner, or another AWS accounts in your organization. For more information, see the User Guide. An endpoint of type Interface establishes connections between the subnets in your VPC and an AWS-service, your own service, or a service hosted by another AWS-account. With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces. An endpoint of type gateway serves as a target for a route in your route table for traffic destined for S3 or DDB. You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to S3, see [W

Example Usage

To create a VPC endpoint for S3

#Basic

resource "awscc_ec2_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}

resource "awscc_ec2_vpc_endpoint" "s3" {
  vpc_id       = awscc_ec2_vpc.main.id
  service_name = "com.amazonaws.us-west-2.s3"
}

Interface Endpoint Type

To create a VPC Endpoint with Interface type

#Interface Endpoint Type

resource "awscc_ec2_vpc" "main" {
  cidr_block           = "10.0.0.0/16"
  enable_dns_support   = true
  enable_dns_hostnames = true
}

resource "aws_security_group" "sg1" {
  name        = "allow_tls"
  description = "Allow TLS inbound traffic"
  vpc_id      = awscc_ec2_vpc.main.id

  ingress {
    description = "TLS from VPC"
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = [awscc_ec2_vpc.main.cidr_block]
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  tags = {
    Name = "allow_tls"
  }
}

resource "awscc_ec2_vpc_endpoint" "ec2" {
  vpc_id            = awscc_ec2_vpc.main.id
  service_name      = "com.amazonaws.us-west-2.ec2"
  vpc_endpoint_type = "Interface"

  security_group_ids = [
    aws_security_group.sg1.id,
  ]

  private_dns_enabled = true
}

Gateway Load Balancer Endpoint Type

To create a VPC Endpoint with Gateway LB

data "aws_caller_identity" "current" {}

resource "awscc_ec2_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}

resource "awscc_ec2_subnet" "main" {
  vpc_id     = awscc_ec2_vpc.main.id
  cidr_block = "10.0.1.0/24"
  availability_zone = "us-west-1c"
}

resource "aws_internet_gateway" "ig" {
  vpc_id     = awscc_ec2_vpc.main.id
}

resource "aws_lb" "test" {
  name               = "test-lb-tf"
  load_balancer_type = "gateway"
  subnets            = [awscc_ec2_subnet.main.id]
}

resource "aws_vpc_endpoint_service" "example" {
  acceptance_required        = false
  gateway_load_balancer_arns = [aws_lb.test.arn]
}

resource "awscc_ec2_vpc_endpoint" "example" {
  service_name      = aws_vpc_endpoint_service.example.service_name
  vpc_endpoint_type = aws_vpc_endpoint_service.example.service_type
  vpc_id            = awscc_ec2_vpc.main.id
}

Schema

Required

Optional

Read-Only

Import

Import is supported using the following syntax:

$ terraform import awscc_ec2_vpc_endpoint.example <resource ID>