Skip to content

Commit c741b31

Browse files
jeremiasromajeremiasroma
authored
Merge pull request #14 from DNXLabs/s3-endpoint
Add a S3 endpoint to the network stack
2 parents 01e3ccc + 6e56669 commit c741b31

File tree

6 files changed

+52
-0
lines changed

6 files changed

+52
-0
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ The following resources will be created:
2121
- Nat Gateway
2222
- Network Access Control List (NACL) for all subnets
2323
- Database Subnet group - Provides an RDS DB subnet group resources
24+
- S3 VPC endpoint
2425

2526

2627

s3-endpoint.tf

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
resource "aws_vpc_endpoint" "s3" {
2+
vpc_id = aws_vpc.default.id
3+
service_name = "com.amazonaws.${data.aws_region.current.name}.s3"
4+
5+
policy = <<POLICY
6+
{
7+
"Statement": [
8+
{
9+
"Action": "*","Effect": "Allow","Resource": "*","Principal": "*"
10+
}
11+
]
12+
}
13+
POLICY
14+
15+
lifecycle {
16+
ignore_changes = [policy]
17+
}
18+
19+
tags = merge(
20+
var.tags,
21+
{
22+
"Name" = "${var.name}-S3-Endpoint"
23+
"EnvName" = var.name
24+
},
25+
)
26+
27+
depends_on = [aws_vpc.default]
28+
29+
}

subnet-private.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,12 @@ resource aws_route_table_association "private" {
6161
}
6262
}
6363

64+
resource "aws_vpc_endpoint_route_table_association" "private" {
65+
count = length(aws_subnet.private)
66+
route_table_id = var.multi_nat ? aws_route_table.private[count.index].id : aws_route_table.private[0].id
67+
vpc_endpoint_id = aws_vpc_endpoint.s3.id
68+
}
69+
6470
# resource "aws_route_table_association" "private_single" {
6571
# count = var.nat_count == length(data.aws_availability_zones.available.names) ? 0 : 1
6672
# subnet_id = aws_subnet.private.*.id[count.index]

subnet-public.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,3 +52,8 @@ resource "aws_route_table_association" "public" {
5252
create_before_destroy = true
5353
}
5454
}
55+
56+
resource "aws_vpc_endpoint_route_table_association" "public" {
57+
route_table_id = aws_route_table.public.id
58+
vpc_endpoint_id = aws_vpc_endpoint.s3.id
59+
}

subnet-secure.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,3 +44,8 @@ resource "aws_route_table_association" "secure" {
4444
create_before_destroy = true
4545
}
4646
}
47+
48+
resource "aws_vpc_endpoint_route_table_association" "secure" {
49+
route_table_id = aws_route_table.secure.id
50+
vpc_endpoint_id = aws_vpc_endpoint.s3.id
51+
}

subnet-transit.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,3 +54,9 @@ resource "aws_route_table_association" "transit" {
5454
create_before_destroy = true
5555
}
5656
}
57+
58+
resource "aws_vpc_endpoint_route_table_association" "transit" {
59+
count = var.transit_subnet ? 1 : 0
60+
route_table_id = aws_route_table.transit[0].id
61+
vpc_endpoint_id = aws_vpc_endpoint.s3.id
62+
}

0 commit comments

Comments
 (0)