* 2.11.1 -- 2024-12-17

  - routing
    - update filter for vpc endpoint for dynamodb to use Gateway type

CHANGELOG.md

@@ -435,3 +435,7 @@
   - flowlog
     - added field enable_s3 so we can stop creating S3 flow logs (and go only to data firehose)
     - remove splunk resources, as splunk is gone from our environment
+
+* 2.11.1 -- 2024-12-17
+  - routing
+    - update filter for vpc endpoint for dynamodb to use Gateway type

common/version.tf

@@ -1,5 +1,5 @@
 locals {
-  _module_version = "2.11.0"
+  _module_version = "2.11.1"
   _module_names = {
     "_main_" = "aws-vpc-setup"
 

routing/README.md

@@ -110,3 +110,118 @@ No modules.
 | <a name="output_vpc_endpoint_dynamodb_id"></a> [vpc\_endpoint\_dynamodb\_id](#output\_vpc\_endpoint\_dynamodb\_id) | VPC Endpoint ID for DynamoDB |
 | <a name="output_vpc_endpoint_s3_cidr_blocks"></a> [vpc\_endpoint\_s3\_cidr\_blocks](#output\_vpc\_endpoint\_s3\_cidr\_blocks) | VPC Endpoint CIDR Blocks for S3 |
 | <a name="output_vpc_endpoint_s3_id"></a> [vpc\_endpoint\_s3\_id](#output\_vpc\_endpoint\_s3\_id) | VPC Endpoint ID for S3 |
+
+<!-- BEGIN_TF_DOCS -->
+# About aws-vpc-setup :: routing
+
+This submodule creates route tables, one for private subnets and one for public subnets
+
+# Usage
+
+```hcl
+module "routing" {
+  source               = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//routing"
+  vpc_id               = var.vpc_id
+  vpc_full_name        = var.vpc_full_name
+  availability_zones   = var.availability_zones
+
+  vpc_name             = var.vpc_name
+  vpc_short_name       = var.vpc_short_name
+
+  vpc_cidr_block       = var.vpc_cidr_block
+  vpc_index            = var.vpc_index
+  vpc_environment      = var.vpc_environment
+
+  tags = {}
+}
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.66.0 |
+| <a name="requirement_ldap"></a> [ldap](#requirement\_ldap) | >= 0.5.4 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.0.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.0 |
+| <a name="requirement_template"></a> [template](#requirement\_template) | >= 2.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.66.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_eip.nat](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
+| [aws_internet_gateway.gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource |
+| [aws_nat_gateway.nat](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway) | resource |
+| [aws_route.nat_private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_route.nat_public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_route_table.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
+| [aws_route_table.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
+| [aws_route_table_association.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |
+| [aws_route_table_association.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |
+| [aws_vpc_endpoint.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |
+| [aws_vpc_endpoint.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |
+| [aws_vpc_endpoint_route_table_association.private_dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint_route_table_association) | resource |
+| [aws_vpc_endpoint_route_table_association.private_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint_route_table_association) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_availability_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
+| [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_vpc_endpoint_service.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | data source |
+| [aws_vpc_endpoint_service.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
+| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
+| <a name="input_create_private_route_table"></a> [create\_private\_route\_table](#input\_create\_private\_route\_table) | Flag to enable creation of private route tables (default: true) | `bool` | `true` | no |
+| <a name="input_create_public_route_table"></a> [create\_public\_route\_table](#input\_create\_public\_route\_table) | Flag to enable creation of public route tables (default: true) | `bool` | `true` | no |
+| <a name="input_enable_igw"></a> [enable\_igw](#input\_enable\_igw) | Flag to enable AWS Internet Gateway (IGW) in the VPC (default: false) | `bool` | `false` | no |
+| <a name="input_enable_nat"></a> [enable\_nat](#input\_enable\_nat) | Flag to enable AWS NAT Gateway in the VPC (default: false) | `bool` | `false` | no |
+| <a name="input_enable_vpc_endpoint_dynamodb"></a> [enable\_vpc\_endpoint\_dynamodb](#input\_enable\_vpc\_endpoint\_dynamodb) | Flag to enable\|disable DynamoDB VPC Endpoint (default: true) | `bool` | `true` | no |
+| <a name="input_enable_vpc_endpoint_s3"></a> [enable\_vpc\_endpoint\_s3](#input\_enable\_vpc\_endpoint\_s3) | Flag to enable\|disable S3 VPC Endpoint (default: true) | `bool` | `true` | no |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_private_route_table_label"></a> [private\_route\_table\_label](#input\_private\_route\_table\_label) | Label to include in the route table description for private subnets (default: private) | `string` | `"private"` | no |
+| <a name="input_private_subnets_ids"></a> [private\_subnets\_ids](#input\_private\_subnets\_ids) | List of private subnet objects including: subnet, label, availability\_zone, id | <pre>list(object({<br/>    subnet            = string<br/>    label             = string<br/>    availability_zone = string<br/>    id                = string<br/>    tags              = optional(map(string))<br/>  }))</pre> | `[]` | no |
+| <a name="input_public_route_table_label"></a> [public\_route\_table\_label](#input\_public\_route\_table\_label) | Label to include in the route table description for public subnets (default: public) | `string` | `"public"` | no |
+| <a name="input_public_subnets_ids"></a> [public\_subnets\_ids](#input\_public\_subnets\_ids) | List of public subnet objects including: subnet, label, availability\_zone, id | <pre>list(object({<br/>    subnet            = string<br/>    label             = string<br/>    availability_zone = string<br/>    id                = string<br/>    tags              = optional(map(string))<br/>  }))</pre> | `[]` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+| <a name="input_vpc_cidr_block"></a> [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | VPC CIDR Block | `string` | n/a | yes |
+| <a name="input_vpc_environment"></a> [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
+| <a name="input_vpc_full_name"></a> [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes |
+| <a name="input_vpc_index"></a> [vpc\_index](#input\_vpc\_index) | VPC index number (integer starting at 1) | `number` | `null` | no |
+| <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | VPC name component used through the VPC descrbing its purpose (ex: dice-dev) | `string` | `null` | no |
+| <a name="input_vpc_short_name"></a> [vpc\_short\_name](#input\_vpc\_short\_name) | VPC short name component (vpc{index}) | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_availability_zone_ids"></a> [availability\_zone\_ids](#output\_availability\_zone\_ids) | VPC Availability zone id list (3) |
+| <a name="output_availability_zone_names"></a> [availability\_zone\_names](#output\_availability\_zone\_names) | VPC Availability zone name list (3) |
+| <a name="output_availability_zone_suffixes"></a> [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list (3) |
+| <a name="output_private_route_table_ids"></a> [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | Private route table IDs map by availability zone |
+| <a name="output_public_route_table_ids"></a> [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | Public route table IDs map by availability zone |
+| <a name="output_vpc_endpoint_dynamodb_cidr_blocks"></a> [vpc\_endpoint\_dynamodb\_cidr\_blocks](#output\_vpc\_endpoint\_dynamodb\_cidr\_blocks) | VPC Endpoint CIDR Blocks for DynamoDB |
+| <a name="output_vpc_endpoint_dynamodb_id"></a> [vpc\_endpoint\_dynamodb\_id](#output\_vpc\_endpoint\_dynamodb\_id) | VPC Endpoint ID for DynamoDB |
+| <a name="output_vpc_endpoint_s3_cidr_blocks"></a> [vpc\_endpoint\_s3\_cidr\_blocks](#output\_vpc\_endpoint\_s3\_cidr\_blocks) | VPC Endpoint CIDR Blocks for S3 |
+| <a name="output_vpc_endpoint_s3_id"></a> [vpc\_endpoint\_s3\_id](#output\_vpc\_endpoint\_s3\_id) | VPC Endpoint ID for S3 |
+<!-- END_TF_DOCS -->

routing/vpc-endpoints.tf

@@ -44,6 +44,10 @@ resource "aws_vpc_endpoint_route_table_association" "private_s3" {
 data "aws_vpc_endpoint_service" "dynamodb" {
   service = "dynamodb"
   #  service_name = "com.amazonaws.${local.region}.dynamodb"
+  filter {
+    name   = "service-type"
+    values = ["Gateway"]
+  }
 }
 
 resource "aws_vpc_endpoint" "dynamodb" {