Merge pull request #13 from opzkit/s3endpoint

feat: s3 service endpoint
opzkit · Jan 5, 2023 · e12837a · e12837a
2 parents 602be17 + 600a6aa
commit e12837a
Show file tree

Hide file tree

Showing 7 changed files with 117 additions and 36 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -11,6 +11,11 @@ jobs:
         os: [ ubuntu-latest ]
         tf-version: [ 1.1.9, 1.2.9, 1.3.2 ]
     steps:
+      - name: Start LocalStack
+        uses: HarshCasper/setup-localstack@v0.1.1
+        with:
+          image-tag: 'latest'
+
       - name: Install terraform v${{ matrix.tf-version }}
         run: |
           curl -LO https://releases.hashicorp.com/terraform/${{ matrix.tf-version }}/terraform_${{ matrix.tf-version }}_linux_amd64.zip

diff --git a/examples/basic/provider.tf b/examples/basic/provider.tf
@@ -1,18 +1,35 @@
 provider "aws" {
-  skip_requesting_account_id  = true
+  access_key                  = "test"
+  secret_key                  = "test"
+  region                      = "us-east-1"
+  s3_use_path_style           = false
   skip_credentials_validation = true
   skip_metadata_api_check     = true
-  s3_use_path_style           = true
-  region                      = "eu-west-1"
-  access_key                  = "mock_access_key"
-  secret_key                  = "mock_secret_key"
-}
+  skip_requesting_account_id  = true
 
-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 4.0"
-    }
+  endpoints {
+    apigateway     = "http://localhost:4566"
+    apigatewayv2   = "http://localhost:4566"
+    cloudformation = "http://localhost:4566"
+    cloudwatch     = "http://localhost:4566"
+    dynamodb       = "http://localhost:4566"
+    ec2            = "http://localhost:4566"
+    es             = "http://localhost:4566"
+    elasticache    = "http://localhost:4566"
+    firehose       = "http://localhost:4566"
+    iam            = "http://localhost:4566"
+    kinesis        = "http://localhost:4566"
+    lambda         = "http://localhost:4566"
+    rds            = "http://localhost:4566"
+    redshift       = "http://localhost:4566"
+    route53        = "http://localhost:4566"
+    s3             = "http://s3.localhost.localstack.cloud:4566"
+    secretsmanager = "http://localhost:4566"
+    ses            = "http://localhost:4566"
+    sns            = "http://localhost:4566"
+    sqs            = "http://localhost:4566"
+    ssm            = "http://localhost:4566"
+    stepfunctions  = "http://localhost:4566"
+    sts            = "http://localhost:4566"
   }
 }
diff --git a/examples/override/provider.tf b/examples/override/provider.tf
@@ -1,18 +1,35 @@
 provider "aws" {
-  skip_requesting_account_id  = true
+  access_key                  = "test"
+  secret_key                  = "test"
+  region                      = "us-east-1"
+  s3_use_path_style           = false
   skip_credentials_validation = true
   skip_metadata_api_check     = true
-  s3_use_path_style           = true
-  region                      = "eu-west-1"
-  access_key                  = "mock_access_key"
-  secret_key                  = "mock_secret_key"
-}
+  skip_requesting_account_id  = true
 
-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 4.0"
-    }
+  endpoints {
+    apigateway     = "http://localhost:4566"
+    apigatewayv2   = "http://localhost:4566"
+    cloudformation = "http://localhost:4566"
+    cloudwatch     = "http://localhost:4566"
+    dynamodb       = "http://localhost:4566"
+    ec2            = "http://localhost:4566"
+    es             = "http://localhost:4566"
+    elasticache    = "http://localhost:4566"
+    firehose       = "http://localhost:4566"
+    iam            = "http://localhost:4566"
+    kinesis        = "http://localhost:4566"
+    lambda         = "http://localhost:4566"
+    rds            = "http://localhost:4566"
+    redshift       = "http://localhost:4566"
+    route53        = "http://localhost:4566"
+    s3             = "http://s3.localhost.localstack.cloud:4566"
+    secretsmanager = "http://localhost:4566"
+    ses            = "http://localhost:4566"
+    sns            = "http://localhost:4566"
+    sqs            = "http://localhost:4566"
+    ssm            = "http://localhost:4566"
+    stepfunctions  = "http://localhost:4566"
+    sts            = "http://localhost:4566"
   }
 }
diff --git a/examples/public/main.tf b/examples/public/main.tf
@@ -3,4 +3,5 @@ module "network" {
   name                = "name"
   region              = "eu-west-1"
   public_subnet_zones = ["a", "b", "c"]
+  s3_service_endpoint = true
 }
diff --git a/examples/public/provider.tf b/examples/public/provider.tf
@@ -1,18 +1,35 @@
 provider "aws" {
-  skip_requesting_account_id  = true
+  access_key                  = "test"
+  secret_key                  = "test"
+  region                      = "us-east-1"
+  s3_use_path_style           = false
   skip_credentials_validation = true
   skip_metadata_api_check     = true
-  s3_use_path_style           = true
-  region                      = "eu-west-1"
-  access_key                  = "mock_access_key"
-  secret_key                  = "mock_secret_key"
-}
+  skip_requesting_account_id  = true
 
-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 4.0"
-    }
+  endpoints {
+    apigateway     = "http://localhost:4566"
+    apigatewayv2   = "http://localhost:4566"
+    cloudformation = "http://localhost:4566"
+    cloudwatch     = "http://localhost:4566"
+    dynamodb       = "http://localhost:4566"
+    ec2            = "http://localhost:4566"
+    es             = "http://localhost:4566"
+    elasticache    = "http://localhost:4566"
+    firehose       = "http://localhost:4566"
+    iam            = "http://localhost:4566"
+    kinesis        = "http://localhost:4566"
+    lambda         = "http://localhost:4566"
+    rds            = "http://localhost:4566"
+    redshift       = "http://localhost:4566"
+    route53        = "http://localhost:4566"
+    s3             = "http://s3.localhost.localstack.cloud:4566"
+    secretsmanager = "http://localhost:4566"
+    ses            = "http://localhost:4566"
+    sns            = "http://localhost:4566"
+    sqs            = "http://localhost:4566"
+    ssm            = "http://localhost:4566"
+    stepfunctions  = "http://localhost:4566"
+    sts            = "http://localhost:4566"
   }
 }
diff --git a/s3_service_endpoint.tf b/s3_service_endpoint.tf
@@ -0,0 +1,19 @@
+data "aws_vpc_endpoint_service" "s3" {
+  service      = "s3"
+  service_type = "Gateway"
+}
+
+resource "aws_vpc_endpoint" "s3" {
+  tags = {
+    "Name" = "${var.name}-s3-endpoint"
+  }
+
+  count        = var.s3_service_endpoint ? 1 : 0
+  service_name = data.aws_vpc_endpoint_service.s3.service_name
+  vpc_id       = aws_vpc.vpc.id
+
+  route_table_ids = flatten([
+    [aws_route_table.public.id],
+    [for k in aws_route_table.private : k.id]
+  ])
+}
diff --git a/vars.tf b/vars.tf
@@ -54,6 +54,11 @@ variable "private_subnet_cidrs" {
   description = "Override generated CIDRs for private subnets. If specified, this list must match private_subnet_zones."
 }
 
+variable "s3_service_endpoint" {
+  type        = bool
+  default     = false
+  description = "Generate a Service Endpoint to S3 for the created VPC. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html"
+}
 
 resource "null_resource" "private_subnet_zones_check" {
   count = length(var.private_subnet_zones) > 3 ? "No more than 3 private zones can be provided." : 0