pulumi-aws-kotlin/com.pulumi.aws.ec2.kotlin/VpcEndpoint

VpcEndpoint

class VpcEndpoint : KotlinCustomResource

Provides a VPC Endpoint resource.

NOTE on VPC Endpoints and VPC Endpoint Associations: The provider provides both standalone VPC Endpoint Associations for Route Tables - (an association between a VPC endpoint and a single route_table_id), Security Groups - (an association between a VPC endpoint and a single security_group_id), and Subnets - (an association between a VPC endpoint and a single subnet_id) and a VPC Endpoint resource with route_table_ids and subnet_ids attributes. Do not use the same resource ID in both a VPC Endpoint resource and a VPC Endpoint Association resource. Doing so will cause a conflict of associations and will overwrite the association.

Example Usage

Basic

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var s3 = new VpcEndpoint("s3", VpcEndpointArgs.builder()
            .vpcId(aws_vpc.main().id())
            .serviceName("com.amazonaws.us-west-2.s3")
            .build());
    }
}

Basic w/ Tags

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var s3 = new VpcEndpoint("s3", VpcEndpointArgs.builder()
            .vpcId(aws_vpc.main().id())
            .serviceName("com.amazonaws.us-west-2.s3")
            .tags(Map.of("Environment", "test"))
            .build());
    }
}

Interface Endpoint Type

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var ec2 = new VpcEndpoint("ec2", VpcEndpointArgs.builder()
            .vpcId(aws_vpc.main().id())
            .serviceName("com.amazonaws.us-west-2.ec2")
            .vpcEndpointType("Interface")
            .securityGroupIds(aws_security_group.sg1().id())
            .privateDnsEnabled(true)
            .build());
    }
}

Gateway Load Balancer Endpoint Type

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.ec2.VpcEndpointService;
import com.pulumi.aws.ec2.VpcEndpointServiceArgs;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var current = AwsFunctions.getCallerIdentity();
        var exampleVpcEndpointService = new VpcEndpointService("exampleVpcEndpointService", VpcEndpointServiceArgs.builder()
            .acceptanceRequired(false)
            .allowedPrincipals(current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.arn()))
            .gatewayLoadBalancerArns(aws_lb.example().arn())
            .build());
        var exampleVpcEndpoint = new VpcEndpoint("exampleVpcEndpoint", VpcEndpointArgs.builder()
            .serviceName(exampleVpcEndpointService.serviceName())
            .subnetIds(aws_subnet.example().id())
            .vpcEndpointType(exampleVpcEndpointService.serviceType())
            .vpcId(aws_vpc.example().id())
            .build());
    }
}

Import

VPC Endpoints can be imported using the vpc endpoint id, e.g.,

$ pulumi import aws:ec2/vpcEndpoint:VpcEndpoint endpoint1 vpce-3ecf2a57

Properties

arn

val arn: Output<String>

The Amazon Resource Name (ARN) of the VPC endpoint.

autoAccept

val autoAccept: Output<Boolean>?

Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).

cidrBlocks

val cidrBlocks: Output<List<String>>

The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.

dnsEntries

val dnsEntries: Output<List<VpcEndpointDnsEntry>>

The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.

dnsOptions

val dnsOptions: Output<VpcEndpointDnsOptions>

The DNS options for the endpoint. See dns_options below.

val id: Output<String>

ipAddressType

val ipAddressType: Output<String>

The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.

networkInterfaceIds

val networkInterfaceIds: Output<List<String>>

One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.

ownerId

val ownerId: Output<String>

The ID of the AWS account that owns the VPC endpoint.

policy

val policy: Output<String>

A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.

prefixListId

val prefixListId: Output<String>

The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.

privateDnsEnabled

val privateDnsEnabled: Output<Boolean>?

Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

requesterManaged

val requesterManaged: Output<Boolean>

Whether or not the VPC Endpoint is being managed by its service - true or false.

routeTableIds

val routeTableIds: Output<List<String>>

One or more route table IDs. Applicable for endpoints of type Gateway.

securityGroupIds

val securityGroupIds: Output<List<String>>

The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.

serviceName

val serviceName: Output<String>

The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook).

state

val state: Output<String>

The state of the VPC endpoint.

subnetIds

val subnetIds: Output<List<String>>

The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.