/terraform-aws-tardigrade-vpc-endpoints

Terraform module to create VPC Endpoints

Primary LanguageHCLApache License 2.0Apache-2.0

terraform-aws-tardigrade-vpc-endpoints

Terraform module to create VPC Endpoints

Default Security Group rules

Please be aware that the default Security Groups attached to Endpoints allow Ingress and Egress from anywhere (0.0.0.0/0). It is advised that users adjust these to fit their desired security posture. We recommend a minimum of restricting Ingress to the VPC cidr_block.

Terraform version requirements

Terraform >= 0.12.9 is required due to a bug fix related to empty sets with for_each. The fix was included in version 0.12.9 -- see the Changelog here. The original bug was reported as issue #22281.

Updating documentation

Portions of this module's README.md, and those in its tests directory, are generated automatically. To update the sections inside BEGIN TFDOCS and END TFDOCS run the following:

## This will run terraform-docs in the docker container, which of
## course requires that you have docker...
# The 'init' target is a one time task... it simply clones a "ci" repository to access shared make targets
make init
make docker/run target=docs/generate

## Or
## This will install terraform-docs to your local system, may not
## be desirable for you. And may not work if the make target does
## not account for your OS
make docs/generate

Then commit the updated files.

Requirements

Name Version
terraform >= 0.12.9

Providers

Name Version
aws n/a

Inputs

Name Description Type Default Required
create_sg_per_endpoint Toggle to create a SecurityGroup for each VPC Endpoint. Defaults to using just one for all Interface Endpoints. Note that Gateway Endpoints don't support SecurityGroups. bool false no
create_vpc_endpoints Toggle to create VPC Endpoints. bool true no
sg_egress_rules Egress rules for the VPC Endpoint SecurityGroup(s). Set to empty list to disable default rules. 
list(object({
    description      = string
    prefix_list_ids  = list(string)
    from_port        = number
    to_port          = number
    protocol         = string
    cidr_blocks      = list(string)
    ipv6_cidr_blocks = list(string)
    security_groups  = list(string)
  }))
 
[
  {
    "cidr_blocks": [
      "0.0.0.0/0"
    ],
    "description": null,
    "from_port": 0,
    "ipv6_cidr_blocks": null,
    "prefix_list_ids": null,
    "protocol": "-1",
    "security_groups": null,
    "to_port": 0
  }
]
 no
sg_ingress_rules Ingress rules for the VPC Endpoint SecurityGroup(s). Set to empty list to disable default rules. 
list(object({
    description      = string
    prefix_list_ids  = list(string)
    from_port        = number
    to_port          = number
    protocol         = string
    cidr_blocks      = list(string)
    ipv6_cidr_blocks = list(string)
    security_groups  = list(string)
  }))
 
[
  {
    "cidr_blocks": [
      "0.0.0.0/0"
    ],
    "description": null,
    "from_port": 0,
    "ipv6_cidr_blocks": null,
    "prefix_list_ids": null,
    "protocol": "-1",
    "security_groups": null,
    "to_port": 0
  }
]
 no
subnet_ids Target Subnet ids. list(string) [] no
tags A map of tags to add to the VPC Endpoint and to the SecurityGroup(s). map(string) {} no
vpc_endpoint_services List of AWS Endpoint service names that are used to create VPC Interface Endpoints. Both Gateway and Interface Endpoints are supported. See https://docs.aws.amazon.com/general/latest/gr/rande.html for full list. list(string) [] no

Outputs

Name Description
vpc_endpoint_gateway_services n/a
vpc_endpoint_interface_services n/a
vpc_endpoint_sgs n/a