xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity

initial commit

Browse Source
This commit is contained in:
xpk
2026-02-13 15:44:24 +08:00
parent 66be8224f4
commit 09ce4c881a
570 changed files with 61807 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/networking/vpc-endpoints/README.md
+275
View File
@@ -0,0 +1,275 @@
# vpc-endpoints module
This module deploys VPC endpoints.
Automatically, this module performs the following additional tasks
- Create and attach security group which allows access from the same VPC
- Associate endpoints with 1 subnet in each availability zone
# Inputs
| Variable | Type | Required | Description |
|-----------------------|--------------|----------|-------------------------------------------------|
| voc-id | string | yes | ID of VPC to deploy endpoints to |
| interface-ep-services | list(string) | yes | Interface endpoint names |
| gateway-ep-services | list(string) | no | Gateway endpoint names |
| resource-prefix | string | yes | Prefix that will be added to resource name tags |
# Types of endpoints
## Gateway endpoints
At time of writing, AWS provides 2 gateway endpoints at no charge.
* s3
* dynamodb
For gateway endpoints, all route tables in the VPC will be updated with routes to the private links.
Full documentation: https://docs.aws.amazon.com/vpc/latest/privatelink/gateway-endpoints.html
## Interface endpoints
Interface endpoints are placed in one subnet for every AZ. Security group is created automatically
and allow access from the VPC's cidr, plus all additional CIDRs if applicable.
At time of writing, AWS provides 200+ interface endpoints:
* access-analyzer
* account
* execute-api
* appmesh
* appmesh-envoy-management
* apprunner
* apprunner.requests
* application-autoscaling
* mgn
* appstream.api
* appstream.streaming
* appsync-api
* athena
* auditmanager
* rds
* autoscaling-plans
* backup
* backup-gateway
* batch
* billingconductor
* braket
* cleanrooms
* cloudcontrolapi
* cloudcontrolapi-fips
* clouddirectory
* cloudformation
* cloudhsmv2
* cloudtrail
* evidently
* evidently-dataplane
* monitoring
* rum
* rum-dataplane
* synthetics
* events
* logs
* codeartifact.api
* codeartifact.repositories
* codebuild
* codebuild-fips
* codecommit
* codecommit-fips
* git-codecommit
* git-codecommit-fips
* codedeploy
* codedeploy-commands-secure
* codeguru-profiler
* codeguru-reviewer
* codepipeline
* codestar-connections.api
* comprehend
* comprehendmedical
* config
* app-integrations
* cases
* connect-campaigns
* profile
* voiceid
* wisdom
* dataexchange
* dms
* dms-fips
* datasync
* devops-guru
* ds
* ebs
* ec2
* autoscaling
* imagebuilder
* ecr.api
* ecr.dkr
* ecs
* ecs-agent
* ecs-telemetry
* eks
* elasticbeanstalk
* elasticbeanstalk-health
* drs
* elasticfilesystem
* elasticfilesystem-fips
* elastic-inference.runtime
* elasticloadbalancing
* elasticache
* elasticache-fips
* elasticmapreduce
* emr-containers
* emr-serverless
* events
* fis
* finspace
* finspace-api
* forecast
* forecastquery
* forecast-fips
* forecastquery-fips
* frauddetector
* fsx
* fsx-fips
* glue
* databrew
* grafana
* grafana-workspace
* groundstation
* guardduty-data
* guardduty-data-fips
* healthlake
* identitystore
* rolesanywhere
* inspector2
* iot.data
* iot.fleethub.api
* deviceadvisor.iot
* iotwireless.api
* lorawan.cups
* lorawan.lns
* iotfleetwise
* greengrass
* iotroborunner
* iotsitewise.api
* iotsitewise.data
* iottwinmaker.api
* iottwinmaker.data
* kendra
* kendra-ranking
* kms
* kms-fips
* cassandra
* cassandra-fips
* kinesis-firehose
* kinesis-streams
* lakeformation
* lambda
* models-v2-lex
* runtime-v2-lex
* license-manager
* license-manager-fips
* lookoutequipment
* lookoutmetrics
* lookoutvision
* macie2
* m2
* aps
* aps-workspaces
* airflow.api
* airflow.env
* airflow.ops
* console
* signin
* memory-db
* memorydb-fips
* migrationhub-orchestrator
* refactor-spaces
* migrationhub-strategy
* nimble
* analytics-omics
* control-storage-omics
* storage-omics
* tags-omics
* workflows-omics
* service-managed
* panorama
* payment-cryptography.controlplane
* payment-cryptography.dataplane
* personalize
* personalize-events
* personalize-runtime
* pinpoint
* pinpoint-sms-voice-v2
* polly
* private-networks
* acm-pca
* proton
* qldb.session
* rds
* rds-data
* redshift
* redshift-fips
* redshift-data
* rekognition
* rekognition-fips
* streaming-rekognition
* streaming-rekognition-fips
* robomaker
* s3
* com.amazonaws.s3-global.accesspoint
* s3-outposts
* aws.sagemaker.region.notebook
* aws.sagemaker.region.studio
* sagemaker.api
* sagemaker.featurestore-runtime
* sagemaker.metrics
* sagemaker.runtime
* sagemaker.runtime-fips
* secretsmanager
* securityhub
* sts
* servicecatalog
* servicecatalog-appregistry
* email-smtp
* simspaceweaver
* snow-device-management
* sns
* sqs
* swf
* swf-fips
* states
* sync-states
* storagegateway
* ec2messages
* ssm
* ssm-contacts
* ssm-incidents
* ssmmessages
* tnb
* textract
* textract-fips
* transcribe
* transcribestreaming
* transcribe
* transcribestreaming
* transfer
* transfer.server
* translate
* verifiedpermissions
* vpc-lattice
* workspaces
* xray
Full documentation: https://docs.aws.amazon.com/vpc/latest/privatelink/aws-services-privatelink-support.html
## Example
```hcl
module "vpc-ep" {
count = var.create-free-vpc-endpoints ? 1 : 0
source = "../vpc-endpoints"
gateway-ep-services = ["s3", "dynamodb"]
interface-ep-services = []
resource-prefix = var.resource-prefix
vpc-id = aws_vpc.vpc.id
}
```