CAUTION: You will need to keep enable_nat_gw = true in core-infra variables.tf if you intend to pull container images from Public ECR repositories. This is not supported and is currently blocked by this PR.
This solution blueprint creates VPC Endpoints for S3, ECS, ECR(Private Repositories only), Secrets Manager, and Systems Manager, CloudWatch. There are two steps to deploying this blueprint:
- Deploy the core-infra. Note if you have already deployed the infra then you can reuse it as well.
- NOTE: If you would like to disable the NAT Gateway, change
enable_nat_gw = trueincore-infravariables.tf. Please ensure that this solution blueprint deploys successfuly prior to disabling the NAT Gateway incore-infra.
- NOTE: If you would like to disable the NAT Gateway, change
- Deploy the terraform templates in this repository using
terraform initandterraform apply
VPC Endpoints optimize the network path by avoiding traffic to internet gateways and incurring cost associated with NAT gateways, NAT instances, or maintaining firewalls. VPC Endpoints also provide you with much finer control over how users and applications access AWS services. VPC Endpoints prevent sensitive data from traversing the Internet, which helps you maintain compliance with regulations such as HIPAA, EU/US Privacy Shield, and PCI.
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| aws | >= 3.72.0 |
| Name | Version |
|---|---|
| aws | >= 3.72.0 |
| Name | Source | Version |
|---|---|---|
| vpc_endpoints | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | n/a |
| Name | Type |
|---|---|
| aws_security_group.vpc_endpoints | resource |
| aws_route_table.private | data source |
| aws_subnet.private_cidr | data source |
| aws_subnets.private | data source |
| aws_vpc.vpc | data source |
No inputs.
No outputs.