Merge pull request #267 from Ibotta/add-gateway-route-table-association

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 6.0.0
+current_version = 6.1.0
 commit = True
 message = Bumps version to {new_version}
 tag = False

CHANGELOG.md

@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+### 6.1.0
+
+** Released**: 2021.02.05
+
+**Commit Delta**: [Change from 6.0.0 release](https://github.com/plus3it/terraform-aws-tardigrade-vpc-endpoints/compare/6.0.0...6.1.0)
+
+**Summary**:
+
+*   Adds `route_table_ids` to create route entries for Gateway endpoint services
+
 ### 4.0.1
 
 ** Released**: 2020.04.10

README.md

@@ -75,9 +75,10 @@ make mockstack/clean
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | Target Subnet IDs for "Interface" services. Also used to resolve the `vpc_id` for "Gateway" services | `list(string)` | n/a | yes |
+| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | Target Subnet IDs for "Interface" services. Also used to resolve the `vpc_id`. | `list(string)` | n/a | yes |
 | <a name="input_vpc_endpoint_services"></a> [vpc\_endpoint\_services](#input\_vpc\_endpoint\_services) | List of AWS Endpoint service names and types. Both Gateway and Interface Endpoints are supported. See https://docs.aws.amazon.com/general/latest/gr/rande.html for full list. | <pre>list(object({<br>    name = string<br>    type = string<br>  }))</pre> | n/a | yes |
 | <a name="input_create_sg_per_endpoint"></a> [create\_sg\_per\_endpoint](#input\_create\_sg\_per\_endpoint) | Toggle to create a SecurityGroup for each VPC Endpoint. Defaults to using just one for all Interface Endpoints. Note that Gateway Endpoints don't support SecurityGroups. | `bool` | `false` | no |
+| <a name="input_route_table_ids"></a> [route\_table\_ids](#input\_route\_table\_ids) | Target Route Table IDs to register "Gateway" services with. "Gateway" Endpoints use Route Tables while "Interface" Endpoints use DNS. | `list(string)` | `[]` | no |
 | <a name="input_sg_egress_rules"></a> [sg\_egress\_rules](#input\_sg\_egress\_rules) | Egress rules for the VPC Endpoint SecurityGroup(s). Set to empty list to disable default rules. | <pre>list(object({<br>    description      = string<br>    prefix_list_ids  = list(string)<br>    from_port        = number<br>    to_port          = number<br>    protocol         = string<br>    cidr_blocks      = list(string)<br>    ipv6_cidr_blocks = list(string)<br>    security_groups  = list(string)<br>  }))</pre> | <pre>[<br>  {<br>    "cidr_blocks": [<br>      "0.0.0.0/0"<br>    ],<br>    "description": null,<br>    "from_port": 0,<br>    "ipv6_cidr_blocks": null,<br>    "prefix_list_ids": null,<br>    "protocol": "-1",<br>    "security_groups": null,<br>    "to_port": 0<br>  }<br>]</pre> | no |
 | <a name="input_sg_ingress_rules"></a> [sg\_ingress\_rules](#input\_sg\_ingress\_rules) | Ingress rules for the VPC Endpoint SecurityGroup(s). Set to empty list to disable default rules. | <pre>list(object({<br>    description      = string<br>    prefix_list_ids  = list(string)<br>    from_port        = number<br>    to_port          = number<br>    protocol         = string<br>    cidr_blocks      = list(string)<br>    ipv6_cidr_blocks = list(string)<br>    security_groups  = list(string)<br>  }))</pre> | <pre>[<br>  {<br>    "cidr_blocks": [<br>      "0.0.0.0/0"<br>    ],<br>    "description": null,<br>    "from_port": 0,<br>    "ipv6_cidr_blocks": null,<br>    "prefix_list_ids": null,<br>    "protocol": "-1",<br>    "security_groups": null,<br>    "to_port": 0<br>  }<br>]</pre> | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to the VPC Endpoint and to the SecurityGroup(s). | `map(string)` | `{}` | no |

main.tf

@@ -83,8 +83,7 @@ resource "aws_vpc_endpoint" "interface_services" {
   tags              = var.tags
   vpc_endpoint_type = "Interface"
   vpc_id            = local.vpc_id
-
-  subnet_ids = var.subnet_ids
+  subnet_ids        = var.subnet_ids
 
   security_group_ids = var.create_sg_per_endpoint ? [aws_security_group.this[each.key].id] : [aws_security_group.this["shared"].id]
 
@@ -100,4 +99,5 @@ resource "aws_vpc_endpoint" "gateway_services" {
   tags              = var.tags
   vpc_endpoint_type = "Gateway"
   vpc_id            = local.vpc_id
+  route_table_ids   = var.route_table_ids
 }

tests/gateway_type_endpoint/main.tf

@@ -26,5 +26,6 @@ module "gateway_type_endpoint" {
     },
   ]
 
-  subnet_ids = module.vpc.private_subnets
+  subnet_ids      = module.vpc.private_subnets
+  route_table_ids = module.vpc.private_route_table_ids
 }

tests/multiple_endpoints/main.tf

@@ -40,7 +40,12 @@ module "config_endpoint" {
       name = "s3"
       type = "Interface"
     },
+    {
+      name = "dynamodb"
+      type = "Gateway"
+    },
   ]
 
-  subnet_ids = module.vpc.private_subnets
+  subnet_ids      = module.vpc.private_subnets
+  route_table_ids = module.vpc.private_route_table_ids
 }

variables.tf

@@ -53,10 +53,16 @@ variable "sg_ingress_rules" {
 }
 
 variable "subnet_ids" {
-  description = "Target Subnet IDs for \"Interface\" services. Also used to resolve the `vpc_id` for \"Gateway\" services"
+  description = "Target Subnet IDs for \"Interface\" services. Also used to resolve the `vpc_id`."
   type        = list(string)
 }
 
+variable "route_table_ids" {
+  description = "Target Route Table IDs to register \"Gateway\" services with. \"Gateway\" Endpoints use Route Tables while \"Interface\" Endpoints use DNS."
+  type        = list(string)
+  default     = []
+}
+
 variable "vpc_endpoint_services" {
   description = "List of AWS Endpoint service names and types. Both Gateway and Interface Endpoints are supported. See https://docs.aws.amazon.com/general/latest/gr/rande.html for full list."
   type = list(object({