-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add sample for getting shared endpoint info
- Loading branch information
Showing
6 changed files
with
119 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| # Getting VPC Endpoint IDs from the shared VPC endpoints | ||
|
|
||
| Most uses of the shared VPC endpoints require no additional code. | ||
|
|
||
| There are some things which do require the use of the VPC Endpoint ID. The API Gateway is one of them. | ||
| To avoid hardcoding the ID, use the code in this directory to extract the appropriate VPC id. | ||
|
|
||
| ## Copy files into your working directory | ||
|
|
||
| Copy these files into your working directory, where you are creating your resource(s) that need a VPC id. | ||
|
|
||
| * provider.shared-vpce.tf | ||
| * variables.shared-vpce.auto.tfvars | ||
| * variables.shared-vpce.tf | ||
| * variables.username.tf | ||
| * vpc-endpoints.shared-vpce.tf | ||
|
|
||
| ## Plan and apply | ||
|
|
||
| Note that this does not _create_ any resources, so it is safe to plan, apply, and then commit to git and do a PR. | ||
| This sets up data resources, which are read only. | ||
|
|
||
| ```console | ||
| % tf-plan | ||
| Changes to Outputs: | ||
| + account_caller_arn = "arn:aws-us-gov:sts::331530919105:assumed-role/AWSReservedSSO_inf-terraform_4bbd54df73a53293/donald.e.badrak.ii@census.gov" | ||
| + account_caller_arn_partition = "aws-us-gov" | ||
| + caller_account_id = "331530919105" | ||
| + profile = "331530919105-erd-dcdl-dev-gov" | ||
| + region = "us-gov-east-1" | ||
| + vpc_endpoints_ids = { | ||
| + autoscaling = "vpce-01c6af9f27490ee9d" | ||
| + cloudformation = "vpce-096d4cbf21b3f8ccf" | ||
| + config = "vpce-0aadc646f78015f6d" | ||
| + dms = "vpce-09ac407ee750c5654" | ||
| + ebs = "vpce-063d9f043c8ef1d76" | ||
| + ec2 = "vpce-0cb3367e8693fb574" | ||
| + ec2messages = "vpce-0efce59dd7f0feaed" | ||
| + "ecr.api" = "vpce-0333be5f12b2a1823" | ||
| + "ecr.dkr" = "vpce-04c9026cde229b311" | ||
| + ecs = "vpce-0a4cdd2a132ab73d4" | ||
| + elasticfilesystem = "vpce-098adf721886da73e" | ||
| + elasticloadbalancing = "vpce-02792e4f78be19ad7" | ||
| + execute-api = "vpce-01e9ec76f02f979b4" | ||
| + kms = "vpce-023a85ad2620a0ded" | ||
| + lambda = "vpce-0378285401827b3c9" | ||
| + logs = "vpce-0256e7aa79fc594e7" | ||
| + rds = "vpce-03033056010baea20" | ||
| + s3 = "vpce-012898031dcb55506" | ||
| + secretsmanager = "vpce-075883b5f6245aa3c" | ||
| + sns = "vpce-0a22902ce3e578077" | ||
| + sqs = "vpce-0607ba5b0b39f06fc" | ||
| + ssm = "vpce-0cd20111535ba290e" | ||
| + ssmmessages = "vpce-0762a94dda725e466" | ||
| + states = "vpce-0087fcbd2b314a49d" | ||
| + storagegateway = "vpce-021048fc1bf109629" | ||
| + sts = "vpce-0ffeee74d1e9e8666" | ||
| + sync-states = "vpce-0e2bc1d1555ec640b" | ||
| } | ||
| + vpc_full_name = "" | ||
| ``` | ||
|
|
||
| and now apply: | ||
|
|
||
| ```console | ||
| % tf-apply | ||
| ``` | ||
|
|
||
| ## Using the results | ||
|
|
||
| The `local` variable `vpc_endpoints` contains the vpc endpoint id: | ||
|
|
||
| ```console | ||
| % tf-console | ||
| > local.vpc_endpoints["execute-api"] | ||
| "vpce-01e9ec76f02f979b4" | ||
| ``` |
10 changes: 10 additions & 0 deletions
10
examples/vpc-shared-endpoints-info/provider.shared-vpce.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| provider "aws" { | ||
| alias = "shared_endpoints" | ||
| region = var.region | ||
| profile = var.profile | ||
| assume_role { | ||
| role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.shared_endpoints_account_id) | ||
| session_name = var.os_username | ||
| } | ||
| } | ||
|
|
8 changes: 8 additions & 0 deletions
8
examples/vpc-shared-endpoints-info/variables.shared-vpce.auto.tfvars
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| # 057405694017-ent-gov-network-prod | ||
| shared_endpoints_account_id = "057405694017" | ||
|
|
||
| # 273715889907-ent-gov-dmz-network-prod | ||
| ## shared_endpoints_account_id = "273715889907" | ||
|
|
||
| # 269244441389-lab-gov-network-nonprod | ||
| ## shared_endpoints_account_id = "269244441389" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| variable "shared_endpoints_account_id" { | ||
| description = "AWS Account ID of the VPC shared endpoints" | ||
| type = string | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| variable "os_username" { | ||
| description = "OS username from environment variable, ideally as $USER" | ||
| type = string | ||
| default = null | ||
| } |
15 changes: 15 additions & 0 deletions
15
examples/vpc-shared-endpoints-info/vpc-endpoints.shared-vpce.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| data "aws_ssm_parameters_by_path" "shared_endpoints" { | ||
| provider = aws.shared_endpoints | ||
| path = format("/enterprise/%v/vpc-endpoints/%v", data.aws_arn.current.partition, var.region) | ||
| recursive = true | ||
| } | ||
|
|
||
| locals { | ||
| vpc_endpoints_ssm = { for k, v in zipmap(data.aws_ssm_parameters_by_path.shared_endpoints.names, data.aws_ssm_parameters_by_path.shared_endpoints.values) : k => jsondecode(v) } | ||
| vpc_endpoints = { for k, v in nonsensitive(local.vpc_endpoints_ssm) : v.name => v.id } | ||
| } | ||
|
|
||
| output "vpc_endpoints_ids" { | ||
| description = "VPC Endpoints with ID created by SSM parameter" | ||
| value = local.vpc_endpoints | ||
| } |