Skip to content


Latest commit





Folders and files

Last commit message
Last commit date

parent directory


AWS VPC Endpoints Terraform sub-module

Terraform sub-module which creates VPC endpoint resources on AWS.


See examples directory for working examples to reference:

module "endpoints" {
  source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"

  vpc_id             = "vpc-12345678"
  security_group_ids = ["sg-12345678"]

  endpoints = {
    s3 = {
      # interface endpoint
      service             = "s3"
      tags                = { Name = "s3-vpc-endpoint" }
    dynamodb = {
      # gateway endpoint
      service         = "dynamodb"
      route_table_ids = ["rt-12322456", "rt-43433343", "rt-11223344"]
      tags            = { Name = "dynamodb-vpc-endpoint" }
    sns = {
      service    = "sns"
      subnet_ids = ["subnet-12345678", "subnet-87654321"]
      tags       = { Name = "sns-vpc-endpoint" }
    sqs = {
      service             = "sqs"
      private_dns_enabled = true
      security_group_ids  = ["sg-987654321"]
      subnet_ids          = ["subnet-12345678", "subnet-87654321"]
      tags                = { Name = "sqs-vpc-endpoint" }

  tags = {
    Owner       = "user"
    Environment = "dev"



Name Version
terraform >= 1.0
aws >= 5.83


Name Version
aws >= 5.83


No modules.


Name Type
aws_security_group.this resource
aws_security_group_rule.this resource
aws_vpc_endpoint.this resource
aws_vpc_endpoint_service.this data source


Name Description Type Default Required
create Determines whether resources will be created bool true no
create_security_group Determines if a security group is created bool false no
endpoints A map of interface and/or gateway endpoints containing their properties and configurations any {} no
security_group_description Description of the security group created string null no
security_group_ids Default security group IDs to associate with the VPC endpoints list(string) [] no
security_group_name Name to use on security group created. Conflicts with security_group_name_prefix string null no
security_group_name_prefix Name prefix to use on security group created. Conflicts with security_group_name string null no
security_group_rules Security group rules to add to the security group created any {} no
security_group_tags A map of additional tags to add to the security group created map(string) {} no
subnet_ids Default subnets IDs to associate with the VPC endpoints list(string) [] no
tags A map of tags to use on all resources map(string) {} no
timeouts Define maximum timeout for creating, updating, and deleting VPC endpoint resources map(string) {} no
vpc_id The ID of the VPC in which the endpoint will be used string null no


Name Description
endpoints Array containing the full resource object and attributes for all endpoints created
security_group_arn Amazon Resource Name (ARN) of the security group
security_group_id ID of the security group