-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.tf
100 lines (85 loc) · 2.07 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
provider "aws" {
region = "us-east-1"
}
data "aws_vpc" "default" {
default = true
}
data "aws_subnet" "default" {
for_each = toset(["use1-az1", "use1-az2"])
availability_zone_id = each.key
default_for_az = true
}
###################################################
# Interface Endpoint
###################################################
module "endpoint" {
source = "../../modules/vpc-interface-endpoint"
# source = "tedilabs/vpc-connectivity/aws//modules/vpc-interface-endpoint"
# version = "~> 0.2.0"
name = "interface-aws-s3"
service_name = "com.amazonaws.us-east-1.s3"
auto_accept = true
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Allow-callers-from-specific-account",
"Effect": "Allow",
"Principal": "*",
"Action": "*",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:PrincipalAccount": "111122223333"
}
}
}
]
}
EOF
## Network
vpc_id = data.aws_vpc.default.id
ip_address_type = "IPv4"
network_mapping = {
"use1-az1" = {
subnet = data.aws_subnet.default["use1-az1"].id
}
"use1-az2" = {
subnet = data.aws_subnet.default["use1-az2"].id
}
}
default_security_group = {
enabled = true
name = "interface-aws-s3"
description = "Managed by Terraform."
ingress_rules = [
{
id = "tcp/all"
description = "Allow all tcp traffic by default."
protocol = "tcp"
from_port = 0
to_port = 0
ipv4_cidrs = ["0.0.0.0/0"]
},
]
}
security_groups = []
## DNS
private_dns = {
enabled = true
record_ip_type = "IPv4"
only_for_inbound_resolver_endpoint = false
}
## Notifications
connection_notifications = [
{
name = "admin-email"
sns_topic = module.topic.arn
events = ["Accept", "Reject"]
}
]
tags = {
"project" = "terraform-aws-vpc-connectivity-examples"
}
}