From 7cbe22a43523ba906c82c3709a09121fabfaac8c Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Wed, 20 Sep 2023 10:45:36 +0700 Subject: [PATCH 1/4] Add VPC Endpoint Gateway for S3 --- templates/addons/aws/modules/vpc/main.tf | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/templates/addons/aws/modules/vpc/main.tf b/templates/addons/aws/modules/vpc/main.tf index f288adba..c678c5df 100644 --- a/templates/addons/aws/modules/vpc/main.tf +++ b/templates/addons/aws/modules/vpc/main.tf @@ -15,3 +15,22 @@ module "vpc" { one_nat_gateway_per_az = false enable_dns_hostnames = true } + +data "aws_route_tables" "private_route_table" { + vpc_id = module.vpc.vpc_id + + filter { + name = "tag:Name" + values = ["${var.env_namespace}-vpc-private"] + } +} + +resource "aws_vpc_endpoint" "s3" { + vpc_id = module.vpc.vpc_id + service_name = "com.amazonaws.${var.region}.s3" + route_table_ids = data.aws_route_tables.private_route_table.ids + + tags = { + Name = "${var.env_namespace}-vpc-endpoint-s3" + } +} From 3e975e186d8047b2645e1825f26221311fe94a58 Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Wed, 20 Sep 2023 11:08:56 +0700 Subject: [PATCH 2/4] Update infrastructure diagram --- .github/wiki/assets/images/architecture/diagram-complete.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/wiki/assets/images/architecture/diagram-complete.svg b/.github/wiki/assets/images/architecture/diagram-complete.svg index e582dad5..8d2964b0 100644 --- a/.github/wiki/assets/images/architecture/diagram-complete.svg +++ b/.github/wiki/assets/images/architecture/diagram-complete.svg @@ -1 +1 @@ - \ No newline at end of file + From e00fd4552ec58b5356de0c239c22e949ff394ce1 Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Wed, 20 Sep 2023 14:04:13 +0700 Subject: [PATCH 3/4] Add the region variable to VPC --- src/generators/addons/aws/modules/core/vpc.ts | 1 + templates/addons/aws/modules/vpc/variables.tf | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/src/generators/addons/aws/modules/core/vpc.ts b/src/generators/addons/aws/modules/core/vpc.ts index 0858abe9..5702bc14 100644 --- a/src/generators/addons/aws/modules/core/vpc.ts +++ b/src/generators/addons/aws/modules/core/vpc.ts @@ -20,6 +20,7 @@ const vpcModuleContent = dedent` source = "../modules/vpc" env_namespace = local.env_namespace + region = var.region }`; const applyAwsVpc = async (options: AwsOptions) => { diff --git a/templates/addons/aws/modules/vpc/variables.tf b/templates/addons/aws/modules/vpc/variables.tf index aa8b9f5f..b06ba14d 100644 --- a/templates/addons/aws/modules/vpc/variables.tf +++ b/templates/addons/aws/modules/vpc/variables.tf @@ -2,3 +2,8 @@ variable "env_namespace" { description = "The namespace with environment for the VPCs, used as the prefix for the VPC names, e.g. acme-web-staging" type = string } + +variable "region" { + description = "AWS region" + type = string +} From 99d2e9e224d84bc121b0364705284768da4a8a7a Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Wed, 20 Sep 2023 14:47:37 +0700 Subject: [PATCH 4/4] Change to a logs VPC Endpoint Gateway --- .../wiki/assets/images/architecture/diagram-complete.svg | 2 +- templates/addons/aws/modules/vpc/main.tf | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/wiki/assets/images/architecture/diagram-complete.svg b/.github/wiki/assets/images/architecture/diagram-complete.svg index 8d2964b0..06b104e3 100644 --- a/.github/wiki/assets/images/architecture/diagram-complete.svg +++ b/.github/wiki/assets/images/architecture/diagram-complete.svg @@ -1 +1 @@ - + diff --git a/templates/addons/aws/modules/vpc/main.tf b/templates/addons/aws/modules/vpc/main.tf index c678c5df..f3762043 100644 --- a/templates/addons/aws/modules/vpc/main.tf +++ b/templates/addons/aws/modules/vpc/main.tf @@ -25,12 +25,12 @@ data "aws_route_tables" "private_route_table" { } } -resource "aws_vpc_endpoint" "s3" { +resource "aws_vpc_endpoint" "logs" { vpc_id = module.vpc.vpc_id - service_name = "com.amazonaws.${var.region}.s3" + service_name = "com.amazonaws.${var.region}.logs" route_table_ids = data.aws_route_tables.private_route_table.ids tags = { - Name = "${var.env_namespace}-vpc-endpoint-s3" + Name = "${var.env_namespace}-vpc-endpoint-logs" } }