#1 add vpc-endpoint

ryutaro-asada · Jul 17, 2023 · 7e34f48 · 7e34f48
1 parent daa6bae
commit 7e34f48
Showing 1 changed file with 47 additions and 0 deletions.
diff --git a/vpc-module/main.tf b/vpc-module/main.tf
@@ -1,3 +1,7 @@
+################################################################################
+# VPC Module
+################################################################################
+
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
   version = "5.1.0"
@@ -29,3 +33,46 @@ module "vpc" {
     Environment = "dev"
   }
 }
+
+################################################################################
+# VPC Endpoints Module
+################################################################################
+
+module "vpc_endpoints" {
+  source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
+  version = "5.1.0"
+
+  vpc_id = module.vpc.vpc_id
+
+  create_security_group      = true
+  security_group_name_prefix = "sample-vpc-endpoints-"
+  security_group_description = "VPC endpoint security group"
+  security_group_rules = {
+    ingress_https = {
+      description = "HTTPS from VPC"
+      cidr_blocks = [module.vpc.vpc_cidr_block]
+    }
+  }
+
+  endpoints = {
+    s3 = {
+      # geteway type
+      service = "s3"
+      service_type = "Gateway"
+      tags    = { Name = "s3-vpc-endpoint" }
+      # エンドポイントを設定したいサブネットのルートテーブル
+      route_table_ids = module.vpc.private_route_table_ids
+    },
+    ecr_dkr = {
+      service             = "ecr.dkr"
+      private_dns_enabled = true
+      subnet_ids          = module.vpc.private_subnets
+    },
+    cloudwatch_logs = {
+      service             = "logs"
+      private_dns_enabled = true
+      subnet_ids          = module.vpc.private_subnets
+    },
+  }
+}
+