Merge pull request #38 from xoap-io/dev

Updated latest snapshot
xoap-io · Dec 8, 2023 · 6cce107 · 6cce107
2 parents b9e0758 + 00c7b62
commit 6cce107
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 4 deletions.
diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml
@@ -11,7 +11,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.3.1
+        uses: dependabot/fetch-metadata@v1.3.2
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
       - name: Approve a PR

diff --git a/main.tf b/main.tf
@@ -1,3 +1,4 @@
+data "aws_region" "this" {}
 module "this_label" {
   source     = "git::github.com/xoap-io/terraform-aws-misc-label?ref=v0.1.0"
   context    = var.context
@@ -8,8 +9,6 @@ resource "aws_vpc" "this" {
   cidr_block                       = var.config.cidr
   enable_dns_hostnames             = var.config.dns_support
   enable_dns_support               = var.config.dns_support
-  enable_classiclink               = var.config.classic_link_support
-  enable_classiclink_dns_support   = var.config.classic_link_support
   assign_generated_ipv6_cidr_block = var.config.ipv6_support
 
   tags = merge(var.tags,
@@ -143,3 +142,55 @@ resource "aws_route" "nat" {
     create = "5m"
   }
 }
+module "sg_endpoints" {
+  source             = "git::github.com/xoap-io/terraform-aws-compute-security-group.git"
+  context            = var.context
+  name               = "aws_endpoints"
+  description        = "Security group for aws endpoints in vpc ${aws_vpc.this.id}"
+  allow_self_ingress = true
+  vpc_id             = aws_vpc.this.id
+  ingress = {
+    ingress = {
+      from        = 0
+      to          = 0
+      protocol    = "-1"
+      cidr_blocks = [aws_vpc.this.cidr_block]
+    }
+  }
+  egress = {
+    allow_any = {
+      from        = 0
+      to          = 0
+      protocol    = "-1"
+      cidr_blocks = [aws_vpc.this.cidr_block]
+    }
+  }
+}
+locals {
+  routes_services = toset([ "ecr.dkr", "ecr.api" ])
+  all_non_public_subnet_ids = setproduct(flatten([for k, v in module.this_subnets : v.all_subnet_ids if v.operation_mode != "public" ]), [for k,v in aws_vpc_endpoint.this : v.id])
+}
+resource "aws_vpc_endpoint" "this" {
+  for_each = local.routes_services
+  private_dns_enabled = true
+  service_name        = join(".", ["com.amazonaws", data.aws_region.this.name, each.key])
+  vpc_endpoint_type   = "Interface"
+  vpc_id              = aws_vpc.this.id
+
+  security_group_ids = [
+    module.sg_endpoints.aws_security_group.id
+  ]
+  subnet_ids = module.this_subnets["public"].all_subnet_ids
+}
+resource aws_vpc_endpoint "s3"{
+    vpc_id       = aws_vpc.this.id
+    service_name = "com.amazonaws.${data.aws_region.this.name}.s3"
+    vpc_endpoint_type   = "Gateway"
+    route_table_ids = [for k, v in module.this_subnets : v.route_table.id if v.operation_mode != "public" ]
+}
+resource aws_vpc_endpoint "dynamodb"{
+    vpc_id       = aws_vpc.this.id
+    service_name = "com.amazonaws.${data.aws_region.this.name}.dynamodb"
+    vpc_endpoint_type   = "Gateway"
+  route_table_ids = [for k, v in module.this_subnets : v.route_table.id if v.operation_mode != "public" ]
+}
diff --git a/outputs.tf b/outputs.tf
@@ -60,3 +60,8 @@ output "transit_gateway_routes" {
 
   description = "map of output from resource aws_subnet according to https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet"
 }
+
+
+output "temp" {
+  value = local.all_non_public_subnet_ids
+}
diff --git a/variables.tf b/variables.tf
@@ -8,7 +8,6 @@ variable "config" {
     cidr                 = string
     dns_support          = bool
     ipv6_support         = bool
-    classic_link_support = bool
     enable_nat_gateway   = bool
     nat_gateway_subnet   = string
   })