Vpc
Provides a VPC Endpoint resource.
NOTE on VPC Endpoints and VPC Endpoint Associations: The provider provides both standalone VPC Endpoint Associations for Route Tables - (an association between a VPC endpoint and a single
route_table_id), Security Groups - (an association between a VPC endpoint and a singlesecurity_group_id), and Subnets - (an association between a VPC endpoint and a singlesubnet_id) and a VPC Endpoint resource withroute_table_idsandsubnet_idsattributes. Do not use the same resource ID in both a VPC Endpoint resource and a VPC Endpoint Association resource. Doing so will cause a conflict of associations and will overwrite the association.
Example Usage
Basic
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const s3 = new aws.ec2.VpcEndpoint("s3", {
vpcId: main.id,
serviceName: "com.amazonaws.us-west-2.s3",
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
s3 = aws.ec2.VpcEndpoint("s3",
vpc_id=main["id"],
service_name="com.amazonaws.us-west-2.s3")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var s3 = new Aws.Ec2.VpcEndpoint("s3", new()
{
VpcId = main.Id,
ServiceName = "com.amazonaws.us-west-2.s3",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.NewVpcEndpoint(ctx, "s3", &ec2.VpcEndpointArgs{
VpcId: pulumi.Any(main.Id),
ServiceName: pulumi.String("com.amazonaws.us-west-2.s3"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var s3 = new VpcEndpoint("s3", VpcEndpointArgs.builder()
.vpcId(main.id())
.serviceName("com.amazonaws.us-west-2.s3")
.build());
}
}Content copied to clipboard
resources:
s3:
type: aws:ec2:VpcEndpoint
properties:
vpcId: ${main.id}
serviceName: com.amazonaws.us-west-2.s3Content copied to clipboard
Basic w/ Tags
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const s3 = new aws.ec2.VpcEndpoint("s3", {
vpcId: main.id,
serviceName: "com.amazonaws.us-west-2.s3",
tags: {
Environment: "test",
},
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
s3 = aws.ec2.VpcEndpoint("s3",
vpc_id=main["id"],
service_name="com.amazonaws.us-west-2.s3",
tags={
"Environment": "test",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var s3 = new Aws.Ec2.VpcEndpoint("s3", new()
{
VpcId = main.Id,
ServiceName = "com.amazonaws.us-west-2.s3",
Tags =
{
{ "Environment", "test" },
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.NewVpcEndpoint(ctx, "s3", &ec2.VpcEndpointArgs{
VpcId: pulumi.Any(main.Id),
ServiceName: pulumi.String("com.amazonaws.us-west-2.s3"),
Tags: pulumi.StringMap{
"Environment": pulumi.String("test"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var s3 = new VpcEndpoint("s3", VpcEndpointArgs.builder()
.vpcId(main.id())
.serviceName("com.amazonaws.us-west-2.s3")
.tags(Map.of("Environment", "test"))
.build());
}
}Content copied to clipboard
resources:
s3:
type: aws:ec2:VpcEndpoint
properties:
vpcId: ${main.id}
serviceName: com.amazonaws.us-west-2.s3
tags:
Environment: testContent copied to clipboard
Interface Endpoint Type
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const ec2 = new aws.ec2.VpcEndpoint("ec2", {
vpcId: main.id,
serviceName: "com.amazonaws.us-west-2.ec2",
vpcEndpointType: "Interface",
securityGroupIds: [sg1.id],
privateDnsEnabled: true,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
ec2 = aws.ec2.VpcEndpoint("ec2",
vpc_id=main["id"],
service_name="com.amazonaws.us-west-2.ec2",
vpc_endpoint_type="Interface",
security_group_ids=[sg1["id"]],
private_dns_enabled=True)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var ec2 = new Aws.Ec2.VpcEndpoint("ec2", new()
{
VpcId = main.Id,
ServiceName = "com.amazonaws.us-west-2.ec2",
VpcEndpointType = "Interface",
SecurityGroupIds = new[]
{
sg1.Id,
},
PrivateDnsEnabled = true,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.NewVpcEndpoint(ctx, "ec2", &ec2.VpcEndpointArgs{
VpcId: pulumi.Any(main.Id),
ServiceName: pulumi.String("com.amazonaws.us-west-2.ec2"),
VpcEndpointType: pulumi.String("Interface"),
SecurityGroupIds: pulumi.StringArray{
sg1.Id,
},
PrivateDnsEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ec2 = new VpcEndpoint("ec2", VpcEndpointArgs.builder()
.vpcId(main.id())
.serviceName("com.amazonaws.us-west-2.ec2")
.vpcEndpointType("Interface")
.securityGroupIds(sg1.id())
.privateDnsEnabled(true)
.build());
}
}Content copied to clipboard
resources:
ec2:
type: aws:ec2:VpcEndpoint
properties:
vpcId: ${main.id}
serviceName: com.amazonaws.us-west-2.ec2
vpcEndpointType: Interface
securityGroupIds:
- ${sg1.id}
privateDnsEnabled: trueContent copied to clipboard
Gateway Load Balancer Endpoint Type
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getCallerIdentity({});
const example = new aws.ec2.VpcEndpointService("example", {
acceptanceRequired: false,
allowedPrincipals: [current.then(current => current.arn)],
gatewayLoadBalancerArns: [exampleAwsLb.arn],
});
const exampleVpcEndpoint = new aws.ec2.VpcEndpoint("example", {
serviceName: example.serviceName,
subnetIds: [exampleAwsSubnet.id],
vpcEndpointType: example.serviceType,
vpcId: exampleAwsVpc.id,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
current = aws.get_caller_identity()
example = aws.ec2.VpcEndpointService("example",
acceptance_required=False,
allowed_principals=[current.arn],
gateway_load_balancer_arns=[example_aws_lb["arn"]])
example_vpc_endpoint = aws.ec2.VpcEndpoint("example",
service_name=example.service_name,
subnet_ids=[example_aws_subnet["id"]],
vpc_endpoint_type=example.service_type,
vpc_id=example_aws_vpc["id"])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var current = Aws.GetCallerIdentity.Invoke();
var example = new Aws.Ec2.VpcEndpointService("example", new()
{
AcceptanceRequired = false,
AllowedPrincipals = new[]
{
current.Apply(getCallerIdentityResult => getCallerIdentityResult.Arn),
},
GatewayLoadBalancerArns = new[]
{
exampleAwsLb.Arn,
},
});
var exampleVpcEndpoint = new Aws.Ec2.VpcEndpoint("example", new()
{
ServiceName = example.ServiceName,
SubnetIds = new[]
{
exampleAwsSubnet.Id,
},
VpcEndpointType = example.ServiceType,
VpcId = exampleAwsVpc.Id,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := aws.GetCallerIdentity(ctx, nil, nil)
if err != nil {
return err
}
example, err := ec2.NewVpcEndpointService(ctx, "example", &ec2.VpcEndpointServiceArgs{
AcceptanceRequired: pulumi.Bool(false),
AllowedPrincipals: pulumi.StringArray{
pulumi.String(current.Arn),
},
GatewayLoadBalancerArns: pulumi.StringArray{
exampleAwsLb.Arn,
},
})
if err != nil {
return err
}
_, err = ec2.NewVpcEndpoint(ctx, "example", &ec2.VpcEndpointArgs{
ServiceName: example.ServiceName,
SubnetIds: pulumi.StringArray{
exampleAwsSubnet.Id,
},
VpcEndpointType: example.ServiceType,
VpcId: pulumi.Any(exampleAwsVpc.Id),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.ec2.VpcEndpointService;
import com.pulumi.aws.ec2.VpcEndpointServiceArgs;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AwsFunctions.getCallerIdentity();
var example = new VpcEndpointService("example", VpcEndpointServiceArgs.builder()
.acceptanceRequired(false)
.allowedPrincipals(current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.arn()))
.gatewayLoadBalancerArns(exampleAwsLb.arn())
.build());
var exampleVpcEndpoint = new VpcEndpoint("exampleVpcEndpoint", VpcEndpointArgs.builder()
.serviceName(example.serviceName())
.subnetIds(exampleAwsSubnet.id())
.vpcEndpointType(example.serviceType())
.vpcId(exampleAwsVpc.id())
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:ec2:VpcEndpointService
properties:
acceptanceRequired: false
allowedPrincipals:
- ${current.arn}
gatewayLoadBalancerArns:
- ${exampleAwsLb.arn}
exampleVpcEndpoint:
type: aws:ec2:VpcEndpoint
name: example
properties:
serviceName: ${example.serviceName}
subnetIds:
- ${exampleAwsSubnet.id}
vpcEndpointType: ${example.serviceType}
vpcId: ${exampleAwsVpc.id}
variables:
current:
fn::invoke:
Function: aws:getCallerIdentity
Arguments: {}Content copied to clipboard
Import
Using pulumi import, import VPC Endpoints using the VPC endpoint id. For example:
$ pulumi import aws:ec2/vpcEndpoint:VpcEndpoint endpoint1 vpce-3ecf2a57Content copied to clipboard
Properties
Link copied to clipboard
Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
Link copied to clipboard
The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
Link copied to clipboard
The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
Link copied to clipboard
The DNS options for the endpoint. See dns_options below.
Link copied to clipboard
The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.
Link copied to clipboard
One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
Link copied to clipboard
A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
Link copied to clipboard
The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
Link copied to clipboard
Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Whether or not the VPC Endpoint is being managed by its service - true or false.
Link copied to clipboard
One or more route table IDs. Applicable for endpoints of type Gateway.
Link copied to clipboard
The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.
Link copied to clipboard
The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook).
Link copied to clipboard
Link copied to clipboard
The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.