Endpoint

resource "aws_security_group" "prod-ep" { name = "wsc2024-prod-EP-SG" vpc_id = aws_vpc.prod.id ingress { protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] from_port = "443" to_port = "443" } egress { protocol = "-1" cidr_blocks = ["0.0.0.0/0"] from_port = "0" to_port = "0" } tags = { Name = "wsc2024-prod-EP-SG" } } resource "aws_security_group" "ma-ep" { name = "wsc2024-ma-EP-SG" vpc_id = aws_vpc.ma.id ingress { protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] from_port = "443" to_port = "443" } egress { protocol = "-1" cidr_blocks = ["0.0.0.0/0"] from_port = "0" to_port = "0" } tags = { Name = "wsc2024-ma-EP-SG" } } resource "aws_vpc_endpoint" "ecr" { vpc_id = aws_vpc.prod.id service_name = "com.amazonaws.us-east-1.ecr.dkr" vpc_endpoint_type = "Interface" security_group_ids = [aws_security_group.ep.id] private_dns_enabled = true tags = { Name = "wsc2024-ecr-endpoint" } } resource "aws_vpc_endpoint_subnet_association" "prod_a" { vpc_endpoint_id = aws_vpc_endpoint.ecr.id subnet_id = aws_subnet.private_a.id } resource "aws_vpc_endpoint_subnet_association" "prod_b" { vpc_endpoint_id = aws_vpc_endpoint.ecr.id subnet_id = aws_subnet.private_b.id } resource "aws_vpc_endpoint" "s3_ep" { vpc_id = aws_vpc.ma.id service_name = "com.amazonaws.us-east-1.s3" vpc_endpoint_type = "Gateway" policy = jsonencode({ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AllowAll", "Effect" : "Allow", "Principal": "*", "Action" : "s3:*", "Resource": "arn:aws:s3:::prod-us-east-1-starport-layer-bucket/*", "Condition": { "IpAddress": { "aws:SourceIp": "${aws_instance.bastion.private_ip}/32" } } }, { "Sid" : "AllowAll", "Effect" : "Allow", "Principal": "*", "Action" : "s3:*", "Resource": "*" } ] }) tags = { Name = "wsc2024-s3-endpoint" } } resource "aws_vpc_endpoint_subnet_association" "prod_a1" { vpc_endpoint_id = aws_vpc_endpoint.s3_ep.id subnet_id = aws_subnet.public_a.id } resource "aws_vpc_endpoint_subnet_association" "prod_b1 " { vpc_endpoint_id = aws_vpc_endpoint.s3_ep.id subnet_id = aws_subnet.public_b.id }