Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

private_dns_only_for_inbound_resolver_endpoint value for s3 vpc endpoints is ignored. #1028

Closed
1 task done
shadow-wheel opened this issue Jan 12, 2024 · 2 comments · Fixed by #1029
Closed
1 task done

private_dns_only_for_inbound_resolver_endpoint value for s3 vpc endpoints is ignored. #1028

shadow-wheel opened this issue Jan 12, 2024 · 2 comments · Fixed by #1029

Comments

@shadow-wheel
Copy link

Description

This is pretty simple. As a followup to my prior bug report in #982, I tested the fix in #1023 and noticed that when trying to set the following, the private_dns_only_for_inbound_resolver_endpoint flag was still set to false (Note: a prerequisite of this is to have an existing S3 Gateway endpoint so if testing is needed, that will need to be created first before the Interface endpoint with this flag enabled will succeed.)

private_dns_enabled = true
      dns_options = {
        private_dns_only_for_inbound_resolver_endpoint = true
      }

Upon investigation of the fix, I noticed that dns_options was omitted on

terraform-aws-vpc/modules/vpc-endpoints/main.tf

Line 42 in e476850

private_dns_only_for_inbound_resolver_endpoint = try(each.value.private_dns_only_for_inbound_resolver_endpoint, null)
so the flag passed into the module is ignored.

This can be fixed by updating to private_dns_only_for_inbound_resolver_endpoint = try(each.value.dns_options.private_dns_only_for_inbound_resolver_endpoint, null)

I've verified this fix locally but I don't have any experience with PRs to this repo.

  • ✋ I have searched the open/closed issues and my issue is not listed.

Versions

  • Module version [Required]:
    v5.5.0

  • Terraform version:
    v1.4.6

  • Provider version(s):

  • provider registry.terraform.io/hashicorp/aws v5.32.1

Reproduction Code [Required]

module "vpc_endpoints" {
  source  = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
  version = "v5.5.0"

  vpc_id             = module.vpc.vpc_id
  security_group_ids = [module.vpc_endpoints_sg.security_group_id]

  endpoints = {
    s3 = {
      service = "s3"
      service_type = "Interface"
      private_dns_enabled = true
      dns_options = {
        private_dns_only_for_inbound_resolver_endpoint = true
      }
      tags    = { Name = "s3-vpc-endpoint" }
    }
  }
}

Steps to reproduce the behavior:

explained above already.

Expected behavior

The flag private_dns_only_for_inbound_resolver_endpoint should be true

Actual behavior

The flag private_dns_only_for_inbound_resolver_endpoint is ignored
@bryantbiggs bryantbiggs mentioned this issue Jan 12, 2024
Merged
3 tasks
@antonbabenko
Copy link
Member

This issue has been resolved in version 5.5.1 🎉

@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 13, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Correct VPC endpoint private DNS resolver for_each key bryantbiggs/terraform-aws-vpc
2 participants
@antonbabenko @shadow-wheel