|
|
@@ -36,20 +36,54 @@ module "vpc" {
|
|
|
enable_nat_gateway = false
|
|
|
enable_vpn_gateway = false
|
|
|
enable_dns_hostnames = true
|
|
|
- enable_s3_endpoint = true
|
|
|
- enable_dynamodb_endpoint = true
|
|
|
- enable_sts_endpoint = true
|
|
|
- enable_kms_endpoint = true
|
|
|
enable_dhcp_options = true
|
|
|
|
|
|
+
|
|
|
+ # Endpoints without a DNS setting
|
|
|
+ enable_dynamodb_endpoint = true
|
|
|
+ enable_s3_endpoint = true
|
|
|
+
|
|
|
+ # Endpoints with a dns setting
|
|
|
enable_ec2_endpoint = true
|
|
|
ec2_endpoint_private_dns_enabled = true
|
|
|
- kms_endpoint_private_dns_enabled = true
|
|
|
- sts_endpoint_private_dns_enabled = true
|
|
|
ec2_endpoint_security_group_ids = [ "${module.aws_endpoints_sg.this_security_group_id}" ]
|
|
|
+
|
|
|
+ enable_ec2messages_endpoint = true
|
|
|
+ ec2messages_endpoint_private_dns_enabled = true
|
|
|
+ ec2messages_endpoint_security_group_ids = [ "${module.aws_endpoints_sg.this_security_group_id}" ]
|
|
|
+
|
|
|
+ enable_ecr_api_endpoint = true
|
|
|
+ ecr_api_endpoint_private_dns_enabled = true
|
|
|
+ ecr_api_endpoint_security_group_ids = [ "${module.aws_endpoints_sg.this_security_group_id}" ]
|
|
|
+
|
|
|
+ enable_ecr_dkr_endpoint = true
|
|
|
+ ecr_dkr_endpoint_private_dns_enabled = true
|
|
|
+ ecr_dkr_endpoint_security_group_ids = [ "${module.aws_endpoints_sg.this_security_group_id}" ]
|
|
|
+
|
|
|
+ enable_kms_endpoint = true
|
|
|
+ kms_endpoint_private_dns_enabled = true
|
|
|
kms_endpoint_security_group_ids = [ "${module.aws_endpoints_sg.this_security_group_id}" ]
|
|
|
+
|
|
|
+ enable_logs_endpoint = true
|
|
|
+ logs_endpoint_private_dns_enabled = true
|
|
|
+ logs_endpoint_security_group_ids = [ "${module.aws_endpoints_sg.this_security_group_id}" ]
|
|
|
+
|
|
|
+ enable_ssm_endpoint = true
|
|
|
+ ssm_endpoint_private_dns_enabled = true
|
|
|
+ ssm_endpoint_security_group_ids = [ "${module.aws_endpoints_sg.this_security_group_id}" ]
|
|
|
+
|
|
|
+ enable_ssmmessages_endpoint = true
|
|
|
+ ssmmessages_endpoint_private_dns_enabled = true
|
|
|
+ ssmmessages_endpoint_security_group_ids = [ "${module.aws_endpoints_sg.this_security_group_id}" ]
|
|
|
+
|
|
|
+ enable_sts_endpoint = true
|
|
|
+ sts_endpoint_private_dns_enabled = true
|
|
|
sts_endpoint_security_group_ids = [ "${module.aws_endpoints_sg.this_security_group_id}" ]
|
|
|
|
|
|
+ enable_monitoring_endpoint = true
|
|
|
+ monitoring_endpoint_private_dns_enabled = true
|
|
|
+ monitoring_endpoint_security_group_ids = [ "${module.aws_endpoints_sg.this_security_group_id}" ]
|
|
|
+
|
|
|
dhcp_options_domain_name = var.dns_info["private"]["zone"]
|
|
|
dhcp_options_domain_name_servers = var.dns_servers
|
|
|
dhcp_options_ntp_servers = [ "169.254.169.123" ]
|
|
|
@@ -71,91 +105,3 @@ resource "aws_flow_log" "flowlogs" {
|
|
|
vpc_id = module.vpc.vpc_id
|
|
|
tags = merge(var.standard_tags, var.tags)
|
|
|
}
|
|
|
-
|
|
|
-
|
|
|
-resource "aws_vpc_endpoint" "ec2messages" {
|
|
|
- vpc_id = module.vpc.vpc_id
|
|
|
- service_name = "com.amazonaws.${var.aws_region}.ec2messages"
|
|
|
- vpc_endpoint_type = "Interface"
|
|
|
-
|
|
|
- subnet_ids = slice(module.vpc.public_subnets,0,3)
|
|
|
- security_group_ids = [
|
|
|
- module.aws_endpoints_sg.this_security_group_id
|
|
|
- ]
|
|
|
- private_dns_enabled = true
|
|
|
-}
|
|
|
-
|
|
|
-resource "aws_vpc_endpoint" "ssm" {
|
|
|
- vpc_id = module.vpc.vpc_id
|
|
|
- service_name = "com.amazonaws.${var.aws_region}.ssm"
|
|
|
- vpc_endpoint_type = "Interface"
|
|
|
-
|
|
|
- subnet_ids = slice(module.vpc.public_subnets,0,3)
|
|
|
- security_group_ids = [
|
|
|
- module.aws_endpoints_sg.this_security_group_id
|
|
|
- ]
|
|
|
- private_dns_enabled = true
|
|
|
-}
|
|
|
-data "aws_vpc_endpoint_service" "ecr_api_endpoint" {
|
|
|
- service = "ecr.api"
|
|
|
-}
|
|
|
-
|
|
|
-data "aws_vpc_endpoint_service" "ecr_dkr_endpoint" {
|
|
|
- service = "ecr.dkr"
|
|
|
-}
|
|
|
-
|
|
|
-resource "aws_vpc_endpoint" "ecr_api" {
|
|
|
- vpc_id = module.vpc.vpc_id
|
|
|
- service_name = data.aws_vpc_endpoint_service.ecr_api_endpoint.service_name
|
|
|
- vpc_endpoint_type = "Interface"
|
|
|
-
|
|
|
- subnet_ids = module.vpc.private_subnets
|
|
|
- security_group_ids = [
|
|
|
- module.aws_endpoints_sg.this_security_group_id
|
|
|
- ]
|
|
|
- private_dns_enabled = true
|
|
|
-}
|
|
|
-
|
|
|
-resource "aws_vpc_endpoint" "ecr_dkr" {
|
|
|
- vpc_id = module.vpc.vpc_id
|
|
|
- service_name = data.aws_vpc_endpoint_service.ecr_dkr_endpoint.service_name
|
|
|
- vpc_endpoint_type = "Interface"
|
|
|
-
|
|
|
- subnet_ids = module.vpc.private_subnets
|
|
|
- security_group_ids = [
|
|
|
- module.aws_endpoints_sg.this_security_group_id
|
|
|
- ]
|
|
|
- private_dns_enabled = true
|
|
|
-}
|
|
|
-
|
|
|
-data "aws_vpc_endpoint_service" "logs_endpoint" {
|
|
|
- service = "logs"
|
|
|
-}
|
|
|
-
|
|
|
-resource "aws_vpc_endpoint" "logs" {
|
|
|
- vpc_id = module.vpc.vpc_id
|
|
|
- service_name = data.aws_vpc_endpoint_service.logs_endpoint.service_name
|
|
|
- vpc_endpoint_type = "Interface"
|
|
|
-
|
|
|
- subnet_ids = module.vpc.private_subnets
|
|
|
- security_group_ids = [
|
|
|
- module.aws_endpoints_sg.this_security_group_id
|
|
|
- ]
|
|
|
- private_dns_enabled = true
|
|
|
-}
|
|
|
-
|
|
|
-data "aws_vpc_endpoint_service" "monitoring_endpoint" {
|
|
|
- service = "monitoring"
|
|
|
-}
|
|
|
-
|
|
|
-resource "aws_vpc_endpoint" "monitoring" {
|
|
|
- vpc_id = module.vpc.vpc_id
|
|
|
- service_name = data.aws_vpc_endpoint_service.monitoring_endpoint.service_name
|
|
|
- vpc_endpoint_type = "Interface"
|
|
|
-
|
|
|
- subnet_ids = module.vpc.private_subnets
|
|
|
- security_group_ids = [
|
|
|
- module.aws_endpoints_sg.this_security_group_id
|
|
|
- ]
|
|
|
- private_dns_enabled = true
|
|
|
-}
|
Fred Damstra