feat: s3 service endpoint

opzkit · Jan 4, 2023 · d276bc5 · d276bc5
1 parent 602be17
commit d276bc5
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/s3_service_endpoint.tf b/s3_service_endpoint.tf
@@ -0,0 +1,19 @@
+data "aws_vpc_endpoint_service" "s3" {
+  service      = "s3"
+  service_type = "Gateway"
+}
+
+resource "aws_vpc_endpoint" "s3" {
+  tags = {
+    "Name" = "${var.name}-s3-endpoint"
+  }
+
+  count        = var.s3_service_endpoint ? 1 : 0
+  service_name = data.aws_vpc_endpoint_service.s3.service_name
+  vpc_id       = aws_vpc.vpc.id
+
+  route_table_ids = flatten([
+    [aws_route_table.public.id],
+    [for k in aws_route_table.private : k.id]
+  ])
+}
diff --git a/vars.tf b/vars.tf
@@ -54,6 +54,11 @@ variable "private_subnet_cidrs" {
   description = "Override generated CIDRs for private subnets. If specified, this list must match private_subnet_zones."
 }
 
+variable "s3_service_endpoint" {
+  type        = bool
+  default     = false
+  description = "Generate a Service Endpoint to S3 for the created VPC. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html"
+}
 
 resource "null_resource" "private_subnet_zones_check" {
   count = length(var.private_subnet_zones) > 3 ? "No more than 3 private zones can be provided." : 0