From d276bc59c8c6ea0d05556f92386adc33d6b4491a Mon Sep 17 00:00:00 2001 From: Peter Svensson Date: Wed, 4 Jan 2023 16:33:55 +0100 Subject: [PATCH 1/2] feat: s3 service endpoint --- s3_service_endpoint.tf | 19 +++++++++++++++++++ vars.tf | 5 +++++ 2 files changed, 24 insertions(+) create mode 100644 s3_service_endpoint.tf diff --git a/s3_service_endpoint.tf b/s3_service_endpoint.tf new file mode 100644 index 0000000..97c15fd --- /dev/null +++ b/s3_service_endpoint.tf @@ -0,0 +1,19 @@ +data "aws_vpc_endpoint_service" "s3" { + service = "s3" + service_type = "Gateway" +} + +resource "aws_vpc_endpoint" "s3" { + tags = { + "Name" = "${var.name}-s3-endpoint" + } + + count = var.s3_service_endpoint ? 1 : 0 + service_name = data.aws_vpc_endpoint_service.s3.service_name + vpc_id = aws_vpc.vpc.id + + route_table_ids = flatten([ + [aws_route_table.public.id], + [for k in aws_route_table.private : k.id] + ]) +} diff --git a/vars.tf b/vars.tf index 352e574..ad6d6e7 100644 --- a/vars.tf +++ b/vars.tf @@ -54,6 +54,11 @@ variable "private_subnet_cidrs" { description = "Override generated CIDRs for private subnets. If specified, this list must match private_subnet_zones." } +variable "s3_service_endpoint" { + type = bool + default = false + description = "Generate a Service Endpoint to S3 for the created VPC. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html" +} resource "null_resource" "private_subnet_zones_check" { count = length(var.private_subnet_zones) > 3 ? "No more than 3 private zones can be provided." : 0 From 600a6aa66ab7edf81e3ffa241394100710519acf Mon Sep 17 00:00:00 2001 From: Peter Svensson Date: Thu, 5 Jan 2023 08:25:45 +0100 Subject: [PATCH 2/2] ci: localstack tests --- .github/workflows/build.yml | 5 +++++ examples/basic/provider.tf | 41 +++++++++++++++++++++++++---------- examples/override/provider.tf | 41 +++++++++++++++++++++++++---------- examples/public/main.tf | 1 + examples/public/provider.tf | 41 +++++++++++++++++++++++++---------- 5 files changed, 93 insertions(+), 36 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d1bd675..6e0de3f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,6 +11,11 @@ jobs: os: [ ubuntu-latest ] tf-version: [ 1.1.9, 1.2.9, 1.3.2 ] steps: + - name: Start LocalStack + uses: HarshCasper/setup-localstack@v0.1.1 + with: + image-tag: 'latest' + - name: Install terraform v${{ matrix.tf-version }} run: | curl -LO https://releases.hashicorp.com/terraform/${{ matrix.tf-version }}/terraform_${{ matrix.tf-version }}_linux_amd64.zip diff --git a/examples/basic/provider.tf b/examples/basic/provider.tf index fb886af..69d1a96 100644 --- a/examples/basic/provider.tf +++ b/examples/basic/provider.tf @@ -1,18 +1,35 @@ provider "aws" { - skip_requesting_account_id = true + access_key = "test" + secret_key = "test" + region = "us-east-1" + s3_use_path_style = false skip_credentials_validation = true skip_metadata_api_check = true - s3_use_path_style = true - region = "eu-west-1" - access_key = "mock_access_key" - secret_key = "mock_secret_key" -} + skip_requesting_account_id = true -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 4.0" - } + endpoints { + apigateway = "http://localhost:4566" + apigatewayv2 = "http://localhost:4566" + cloudformation = "http://localhost:4566" + cloudwatch = "http://localhost:4566" + dynamodb = "http://localhost:4566" + ec2 = "http://localhost:4566" + es = "http://localhost:4566" + elasticache = "http://localhost:4566" + firehose = "http://localhost:4566" + iam = "http://localhost:4566" + kinesis = "http://localhost:4566" + lambda = "http://localhost:4566" + rds = "http://localhost:4566" + redshift = "http://localhost:4566" + route53 = "http://localhost:4566" + s3 = "http://s3.localhost.localstack.cloud:4566" + secretsmanager = "http://localhost:4566" + ses = "http://localhost:4566" + sns = "http://localhost:4566" + sqs = "http://localhost:4566" + ssm = "http://localhost:4566" + stepfunctions = "http://localhost:4566" + sts = "http://localhost:4566" } } diff --git a/examples/override/provider.tf b/examples/override/provider.tf index fb886af..69d1a96 100644 --- a/examples/override/provider.tf +++ b/examples/override/provider.tf @@ -1,18 +1,35 @@ provider "aws" { - skip_requesting_account_id = true + access_key = "test" + secret_key = "test" + region = "us-east-1" + s3_use_path_style = false skip_credentials_validation = true skip_metadata_api_check = true - s3_use_path_style = true - region = "eu-west-1" - access_key = "mock_access_key" - secret_key = "mock_secret_key" -} + skip_requesting_account_id = true -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 4.0" - } + endpoints { + apigateway = "http://localhost:4566" + apigatewayv2 = "http://localhost:4566" + cloudformation = "http://localhost:4566" + cloudwatch = "http://localhost:4566" + dynamodb = "http://localhost:4566" + ec2 = "http://localhost:4566" + es = "http://localhost:4566" + elasticache = "http://localhost:4566" + firehose = "http://localhost:4566" + iam = "http://localhost:4566" + kinesis = "http://localhost:4566" + lambda = "http://localhost:4566" + rds = "http://localhost:4566" + redshift = "http://localhost:4566" + route53 = "http://localhost:4566" + s3 = "http://s3.localhost.localstack.cloud:4566" + secretsmanager = "http://localhost:4566" + ses = "http://localhost:4566" + sns = "http://localhost:4566" + sqs = "http://localhost:4566" + ssm = "http://localhost:4566" + stepfunctions = "http://localhost:4566" + sts = "http://localhost:4566" } } diff --git a/examples/public/main.tf b/examples/public/main.tf index d4ef5a6..2c71097 100644 --- a/examples/public/main.tf +++ b/examples/public/main.tf @@ -3,4 +3,5 @@ module "network" { name = "name" region = "eu-west-1" public_subnet_zones = ["a", "b", "c"] + s3_service_endpoint = true } diff --git a/examples/public/provider.tf b/examples/public/provider.tf index fb886af..69d1a96 100644 --- a/examples/public/provider.tf +++ b/examples/public/provider.tf @@ -1,18 +1,35 @@ provider "aws" { - skip_requesting_account_id = true + access_key = "test" + secret_key = "test" + region = "us-east-1" + s3_use_path_style = false skip_credentials_validation = true skip_metadata_api_check = true - s3_use_path_style = true - region = "eu-west-1" - access_key = "mock_access_key" - secret_key = "mock_secret_key" -} + skip_requesting_account_id = true -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 4.0" - } + endpoints { + apigateway = "http://localhost:4566" + apigatewayv2 = "http://localhost:4566" + cloudformation = "http://localhost:4566" + cloudwatch = "http://localhost:4566" + dynamodb = "http://localhost:4566" + ec2 = "http://localhost:4566" + es = "http://localhost:4566" + elasticache = "http://localhost:4566" + firehose = "http://localhost:4566" + iam = "http://localhost:4566" + kinesis = "http://localhost:4566" + lambda = "http://localhost:4566" + rds = "http://localhost:4566" + redshift = "http://localhost:4566" + route53 = "http://localhost:4566" + s3 = "http://s3.localhost.localstack.cloud:4566" + secretsmanager = "http://localhost:4566" + ses = "http://localhost:4566" + sns = "http://localhost:4566" + sqs = "http://localhost:4566" + ssm = "http://localhost:4566" + stepfunctions = "http://localhost:4566" + sts = "http://localhost:4566" } }