From 9c9f067a017384ce536a9276baec6b75234e97ca Mon Sep 17 00:00:00 2001 From: Andor Markus <51825189+andormarkus@users.noreply.github.com> Date: Fri, 29 Jan 2021 13:48:55 +0100 Subject: [PATCH] feat: Adding VPC endpoint for DMS (#564) --- README.md | 9 ++++++++- outputs.tf | 16 +++++++++++++++- variables.tf | 24 ++++++++++++++++++++++++ vpc-endpoints.tf | 24 ++++++++++++++++++++++++ 4 files changed, 71 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index da69edae0..24b5851da 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Git-Codecommit, Textract, Transfer Server, Kinesis Streams, Kinesis Firehose, Sa CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog, AppStream API, AppStream Streaming, Athena, Rekognition, Elastic File System (EFS), Cloud Directory, Elastic Beanstalk (+ Health), Elastic Map Reduce(EMR), DataSync, EBS, SMS, Elastic Inference Runtime, QLDB Session, Step Functions, Access Analyzer, Auto Scaling Plans, -Application Auto Scaling, Workspaces, ACM PCA, RDS, CodeDeploy, CodeDeploy Commands Secure +Application Auto Scaling, Workspaces, ACM PCA, RDS, CodeDeploy, CodeDeploy Commands Secure, DMS * [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html) * [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html) @@ -350,6 +350,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | dhcp\_options\_netbios\_node\_type | Specify netbios node\_type for DHCP options set (requires enable\_dhcp\_options set to true) | `string` | `""` | no | | dhcp\_options\_ntp\_servers | Specify a list of NTP servers for DHCP options set (requires enable\_dhcp\_options set to true) | `list(string)` | `[]` | no | | dhcp\_options\_tags | Additional tags for the DHCP option set (requires enable\_dhcp\_options set to true) | `map(string)` | `{}` | no | +| dms\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for DMS endpoint | `bool` | `false` | no | +| dms\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for DMS endpoint | `list(string)` | `[]` | no | +| dms\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for DMS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no | | ebs\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EBS endpoint | `bool` | `false` | no | | ebs\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EBS endpoint | `list(string)` | `[]` | no | | ebs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EBS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no | @@ -428,6 +431,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | enable\_config\_endpoint | Should be true if you want to provision an config endpoint to the VPC | `bool` | `false` | no | | enable\_datasync\_endpoint | Should be true if you want to provision an Data Sync endpoint to the VPC | `bool` | `false` | no | | enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | `bool` | `false` | no | +| enable\_dms\_endpoint | Should be true if you want to provision a DMS endpoint to the VPC | `bool` | `false` | no | | enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | `bool` | `false` | no | | enable\_dns\_support | Should be true to enable DNS support in the VPC | `bool` | `true` | no | | enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | `bool` | `false` | no | @@ -799,6 +803,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | vpc\_endpoint\_datasync\_dns\_entry | The DNS entries for the VPC Endpoint for DataSync. | | vpc\_endpoint\_datasync\_id | The ID of VPC endpoint for DataSync | | vpc\_endpoint\_datasync\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for DataSync. | +| vpc\_endpoint\_dms\_dns\_entry | The DNS entries for the VPC Endpoint for DMS. | +| vpc\_endpoint\_dms\_id | The ID of VPC endpoint for DMS | +| vpc\_endpoint\_dms\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for DMS. | | vpc\_endpoint\_dynamodb\_id | The ID of VPC endpoint for DynamoDB | | vpc\_endpoint\_dynamodb\_pl\_id | The prefix list for the DynamoDB VPC endpoint. | | vpc\_endpoint\_ebs\_dns\_entry | The DNS entries for the VPC Endpoint for EBS. | diff --git a/outputs.tf b/outputs.tf index 543f04398..c144fbb9d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1407,6 +1407,21 @@ output "vpc_endpoint_codeartifact_repositories_dns_entry" { value = flatten(aws_vpc_endpoint.codeartifact_repositories.*.dns_entry) } +output "vpc_endpoint_dms_id" { + description = "The ID of VPC endpoint for DMS" + value = concat(aws_vpc_endpoint.sns.*.id, [""])[0] +} + +output "vpc_endpoint_dms_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for DMS." + value = flatten(aws_vpc_endpoint.sns.*.network_interface_ids) +} + +output "vpc_endpoint_dms_dns_entry" { + description = "The DNS entries for the VPC Endpoint for DMS." + value = flatten(aws_vpc_endpoint.sns.*.dns_entry) +} + output "vpc_endpoint_rds_id" { description = "The ID of VPC endpoint for RDS" value = concat(aws_vpc_endpoint.rds.*.id, [""])[0] @@ -1422,7 +1437,6 @@ output "vpc_endpoint_rds_dns_entry" { value = flatten(aws_vpc_endpoint.rds.*.dns_entry) } - # VPC flow log output "vpc_flow_log_id" { description = "The ID of the Flow Log resource" diff --git a/variables.tf b/variables.tf index 35b888719..f673931de 100644 --- a/variables.tf +++ b/variables.tf @@ -1883,6 +1883,30 @@ variable "acm_pca_endpoint_private_dns_enabled" { default = false } +variable "enable_dms_endpoint" { + description = "Should be true if you want to provision a DMS endpoint to the VPC" + type = bool + default = false +} + +variable "dms_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for DMS endpoint" + type = list(string) + default = [] +} + +variable "dms_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for DMS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "dms_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for DMS endpoint" + type = bool + default = false +} + variable "map_public_ip_on_launch" { description = "Should be false if you do not want to auto-assign public IP on launch" type = bool diff --git a/vpc-endpoints.tf b/vpc-endpoints.tf index 1a3deddc4..8210551ac 100644 --- a/vpc-endpoints.tf +++ b/vpc-endpoints.tf @@ -1529,3 +1529,27 @@ resource "aws_vpc_endpoint" "codeartifact_repositories" { tags = local.vpce_tags } + + +############################################# +# VPC Endpoint for Database Migration Service +############################################# +data "aws_vpc_endpoint_service" "dms" { + count = var.create_vpc && var.dms_endpoint_subnet_ids ? 1 : 0 + + service = "dms" +} + +resource "aws_vpc_endpoint" "dms" { + count = var.create_vpc && var.enable_dms_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.dms[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.dms_endpoint_security_group_ids + subnet_ids = coalescelist(var.dms_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.dms_endpoint_private_dns_enabled + + tags = local.vpce_tags +}