Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tags to VPC Endpoints #292

Merged
merged 11 commits into from
Sep 2, 2019
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -437,6 +437,7 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
| transferserver\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Transfer Server endpoint | bool | `"false"` | no |
| transferserver\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Transfer Server endpoint | list(string) | `[]` | no |
| transferserver\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Transfer Server endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list(string) | `[]` | no |
| vpc\_endpoint\_tags | Additional tags for the VPC Endpoints | map(string) | `{}` | no |
| vpc\_tags | Additional tags for the VPC | map(string) | `{}` | no |
| vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `""` | no |
| vpn\_gateway\_tags | Additional tags for the VPN gateway | map(string) | `{}` | no |
Expand Down
5 changes: 5 additions & 0 deletions examples/complete-vpc/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -97,5 +97,10 @@ module "vpc" {
Environment = "staging"
Name = "complete"
}

vpc_endpoint_tags = {
Project = "Secret"
Endpoint = "true"
}
}

5 changes: 5 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,11 @@ locals {
),
0,
)

vpce_tags = merge(
var.tags,
var.vpc_endpoint_tags,
)
}

######
Expand Down
6 changes: 6 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -1177,6 +1177,12 @@ variable "vpn_gateway_tags" {
default = {}
}

variable "vpc_endpoint_tags" {
description = "Additional tags for the VPC Endpoints"
type = map(string)
default = {}
}

variable "enable_dhcp_options" {
description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type"
type = bool
Expand Down
31 changes: 31 additions & 0 deletions vpc-endpoints.tf
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ resource "aws_vpc_endpoint" "s3" {

vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.s3[0].service_name
tags = local.vpce_tags
}

resource "aws_vpc_endpoint_route_table_association" "private_s3" {
Expand Down Expand Up @@ -49,6 +50,7 @@ resource "aws_vpc_endpoint" "dynamodb" {

vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.dynamodb[0].service_name
tags = local.vpce_tags
}

resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" {
Expand Down Expand Up @@ -92,6 +94,7 @@ resource "aws_vpc_endpoint" "codebuild" {
security_group_ids = var.codebuild_endpoint_security_group_ids
subnet_ids = coalescelist(var.codebuild_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.codebuild_endpoint_private_dns_enabled
tags = local.vpce_tags
}

###############################
Expand All @@ -113,6 +116,7 @@ resource "aws_vpc_endpoint" "codecommit" {
security_group_ids = var.codecommit_endpoint_security_group_ids
subnet_ids = coalescelist(var.codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.codecommit_endpoint_private_dns_enabled
tags = local.vpce_tags
}

###################################
Expand All @@ -134,6 +138,7 @@ resource "aws_vpc_endpoint" "git_codecommit" {
security_group_ids = var.git_codecommit_endpoint_security_group_ids
subnet_ids = coalescelist(var.git_codecommit_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.git_codecommit_endpoint_private_dns_enabled
tags = local.vpce_tags
}

##########################
Expand All @@ -155,6 +160,7 @@ resource "aws_vpc_endpoint" "config" {
security_group_ids = var.config_endpoint_security_group_ids
subnet_ids = coalescelist(var.config_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.config_endpoint_private_dns_enabled
tags = local.vpce_tags
}

#######################
Expand All @@ -176,6 +182,7 @@ resource "aws_vpc_endpoint" "sqs" {
security_group_ids = var.sqs_endpoint_security_group_ids
subnet_ids = coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.sqs_endpoint_private_dns_enabled
tags = local.vpce_tags
}

###################################
Expand All @@ -197,6 +204,7 @@ resource "aws_vpc_endpoint" "secretsmanager" {
security_group_ids = var.secretsmanager_endpoint_security_group_ids
subnet_ids = coalescelist(var.secretsmanager_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.secretsmanager_endpoint_private_dns_enabled
tags = local.vpce_tags
}

#######################
Expand All @@ -218,6 +226,7 @@ resource "aws_vpc_endpoint" "ssm" {
security_group_ids = var.ssm_endpoint_security_group_ids
subnet_ids = coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ssm_endpoint_private_dns_enabled
tags = local.vpce_tags
}

###############################
Expand All @@ -239,6 +248,7 @@ resource "aws_vpc_endpoint" "ssmmessages" {
security_group_ids = var.ssmmessages_endpoint_security_group_ids
subnet_ids = coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ssmmessages_endpoint_private_dns_enabled
tags = local.vpce_tags
}

#######################
Expand All @@ -260,6 +270,7 @@ resource "aws_vpc_endpoint" "ec2" {
security_group_ids = var.ec2_endpoint_security_group_ids
subnet_ids = coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ec2_endpoint_private_dns_enabled
tags = local.vpce_tags
}

###############################
Expand All @@ -281,6 +292,7 @@ resource "aws_vpc_endpoint" "ec2messages" {
security_group_ids = var.ec2messages_endpoint_security_group_ids
subnet_ids = coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ec2messages_endpoint_private_dns_enabled
tags = local.vpce_tags
}

###################################
Expand All @@ -302,6 +314,7 @@ resource "aws_vpc_endpoint" "transferserver" {
security_group_ids = var.transferserver_endpoint_security_group_ids
subnet_ids = coalescelist(var.transferserver_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.transferserver_endpoint_private_dns_enabled
tags = local.vpce_tags
}

###########################
Expand All @@ -323,6 +336,7 @@ resource "aws_vpc_endpoint" "ecr_api" {
security_group_ids = var.ecr_api_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecr_api_endpoint_private_dns_enabled
tags = local.vpce_tags
}

###########################
Expand All @@ -344,6 +358,7 @@ resource "aws_vpc_endpoint" "ecr_dkr" {
security_group_ids = var.ecr_dkr_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecr_dkr_endpoint_private_dns_enabled
tags = local.vpce_tags
}

#######################
Expand All @@ -365,6 +380,7 @@ resource "aws_vpc_endpoint" "apigw" {
security_group_ids = var.apigw_endpoint_security_group_ids
subnet_ids = coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.apigw_endpoint_private_dns_enabled
tags = local.vpce_tags
}

#######################
Expand All @@ -386,6 +402,7 @@ resource "aws_vpc_endpoint" "kms" {
security_group_ids = var.kms_endpoint_security_group_ids
subnet_ids = coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.kms_endpoint_private_dns_enabled
tags = local.vpce_tags
}

#######################
Expand All @@ -407,6 +424,7 @@ resource "aws_vpc_endpoint" "ecs" {
security_group_ids = var.ecs_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecs_endpoint_private_dns_enabled
tags = local.vpce_tags
}


Expand All @@ -429,6 +447,7 @@ resource "aws_vpc_endpoint" "ecs_agent" {
security_group_ids = var.ecs_agent_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecs_agent_endpoint_private_dns_enabled
tags = local.vpce_tags
}


Expand All @@ -451,6 +470,7 @@ resource "aws_vpc_endpoint" "ecs_telemetry" {
security_group_ids = var.ecs_telemetry_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecs_telemetry_endpoint_private_dns_enabled
tags = local.vpce_tags
}


Expand All @@ -473,6 +493,7 @@ resource "aws_vpc_endpoint" "sns" {
security_group_ids = var.sns_endpoint_security_group_ids
subnet_ids = coalescelist(var.sns_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.sns_endpoint_private_dns_enabled
tags = local.vpce_tags
}


Expand All @@ -495,6 +516,7 @@ resource "aws_vpc_endpoint" "monitoring" {
security_group_ids = var.monitoring_endpoint_security_group_ids
subnet_ids = coalescelist(var.monitoring_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.monitoring_endpoint_private_dns_enabled
tags = local.vpce_tags
}


Expand All @@ -517,6 +539,7 @@ resource "aws_vpc_endpoint" "logs" {
security_group_ids = var.logs_endpoint_security_group_ids
subnet_ids = coalescelist(var.logs_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.logs_endpoint_private_dns_enabled
tags = local.vpce_tags
}


Expand All @@ -539,6 +562,7 @@ resource "aws_vpc_endpoint" "events" {
security_group_ids = var.events_endpoint_security_group_ids
subnet_ids = coalescelist(var.events_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.events_endpoint_private_dns_enabled
tags = local.vpce_tags
}


Expand All @@ -561,6 +585,7 @@ resource "aws_vpc_endpoint" "elasticloadbalancing" {
security_group_ids = var.elasticloadbalancing_endpoint_security_group_ids
subnet_ids = coalescelist(var.elasticloadbalancing_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.elasticloadbalancing_endpoint_private_dns_enabled
tags = local.vpce_tags
}


Expand All @@ -583,6 +608,7 @@ resource "aws_vpc_endpoint" "cloudtrail" {
security_group_ids = var.cloudtrail_endpoint_security_group_ids
subnet_ids = coalescelist(var.cloudtrail_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.cloudtrail_endpoint_private_dns_enabled
tags = local.vpce_tags
}


Expand All @@ -605,6 +631,7 @@ resource "aws_vpc_endpoint" "kinesis_streams" {
security_group_ids = var.kinesis_streams_endpoint_security_group_ids
subnet_ids = coalescelist(var.kinesis_streams_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.kinesis_streams_endpoint_private_dns_enabled
tags = local.vpce_tags
}


Expand All @@ -627,6 +654,7 @@ resource "aws_vpc_endpoint" "kinesis_firehose" {
security_group_ids = var.kinesis_firehose_endpoint_security_group_ids
subnet_ids = coalescelist(var.kinesis_firehose_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.kinesis_firehose_endpoint_private_dns_enabled
tags = local.vpce_tags
}

#######################
Expand All @@ -648,6 +676,7 @@ resource "aws_vpc_endpoint" "glue" {
security_group_ids = var.glue_endpoint_security_group_ids
subnet_ids = coalescelist(var.glue_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.glue_endpoint_private_dns_enabled
tags = local.vpce_tags
}

######################################
Expand All @@ -669,6 +698,7 @@ resource "aws_vpc_endpoint" "sagemaker_notebook" {
security_group_ids = var.sagemaker_notebook_endpoint_security_group_ids
subnet_ids = coalescelist(var.sagemaker_notebook_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.sagemaker_notebook_endpoint_private_dns_enabled
tags = local.vpce_tags
}

#######################
Expand All @@ -690,4 +720,5 @@ resource "aws_vpc_endpoint" "sts" {
security_group_ids = var.sts_endpoint_security_group_ids
subnet_ids = coalescelist(var.sts_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.sts_endpoint_private_dns_enabled
tags = local.vpce_tags
}