From 8ca9e39be732cfcc530c5fce33923be3e9357e79 Mon Sep 17 00:00:00 2001 From: Dennis Johnson Date: Thu, 4 Feb 2021 10:08:32 -0700 Subject: [PATCH] break out s3 endpoint service into tag based calls for interface and gateway endpoints --- main.tf | 26 ++++++++++++++++++++++++-- variables.tf | 17 +++++++++++++++++ 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index babc124..145947f 100644 --- a/main.tf +++ b/main.tf @@ -18,12 +18,34 @@ data "aws_vpc_endpoint_service" "this" { service_name = length(regexall(data.aws_region.selected.name, each.key)) == 1 ? each.key : "com.amazonaws.${data.aws_region.selected.name}.${each.key}" } +data "aws_vpc_endpoint_service" "s3_gateway" { + service_name = "com.amazonaws.${data.aws_region.selected.name}.s3" + + tags = { + "vpc-endpoint-type" : "gateway" + } +} + +data "aws_vpc_endpoint_service" "s3_interface" { + service_name = "com.amazonaws.${data.aws_region.selected.name}.s3" + + tags = { + "vpc-endpoint-type" : "interface" + } +} + locals { vpc_id = join("", data.aws_subnet.selected.*.vpc_id) # Split Endpoints by their type - gateway_endpoints = toset([for e in data.aws_vpc_endpoint_service.this : e.service_name if e.service_type == "Gateway"]) - interface_endpoints = toset([for e in data.aws_vpc_endpoint_service.this : e.service_name if e.service_type == "Interface"]) + service_gateway_endpoints = toset([for e in data.aws_vpc_endpoint_service.this : e.service_name if e.service_type == "Gateway"]) + service_interface_endpoints = toset([for e in data.aws_vpc_endpoint_service.this : e.service_name if e.service_type == "Interface"]) + + s3_gateway_endpoint = local.s3_service_found ? [data.aws_vpc_endpoint_service.s3_gateway] : [] + s3_interface_endpoint = local.s3_service_found ? [data.aws_vpc_endpoint_service.s3_interface] : [] + + gateway_endpoints = concat(local.service_gateway_endpoints, local.s3_gateway_endpoint) + interfrace_endpoints = concat(local.service_interface_endpoints, local.s3_gateway_endpoint) # Only Interface Endpoints support SGs security_groups = toset(var.create_vpc_endpoints ? var.create_sg_per_endpoint ? local.interface_endpoints : ["shared"] : []) diff --git a/variables.tf b/variables.tf index 3603a02..26aa27b 100644 --- a/variables.tf +++ b/variables.tf @@ -76,3 +76,20 @@ variable "tags" { default = {} } +locals { + # if list contains s3 + + s3_service_found = contains(var.vpc_endpoint_services, "s3") + + # slice out everything but the s3 bit + + s3_service_index = local.s3_service_found ? index(var.vpc_endpoint_services, "s3") : -1 + + # assumes s3 index not at ends + pre_s3_part = local.s3_service_found ? slice(var.vpc_endpoint_services, 0, local.s3_service_index) : [] + post_s3_part = local.s3_service_found ? slice(var.vpc_endpoint_services, local.s3_service_index + 1, length(var.vpc_endpoint_services) - 1) : var.vpc_endpoint_services + + # merge non-s3 pieces together + + vpc_endpoint_services = concat(local.pre_s3_part, local.post_s3_part) +}