DynamoDB VPC Endpoint
๐ฆ Overviewโ
This Terraform module provisions a Gateway VPC Endpoint for Amazon DynamoDB, enabling private network access from your VPC without traversing the public internet.
It securely connects your VPC to DynamoDB by integrating with one or more route tables.
โ Key Featuresโ
- Provisions a Gateway-type VPC Endpoint for DynamoDB
- Associates with one or more route tables
- Supports tagging for environment and visibility
- Enhances compliance by keeping traffic internal to AWS
๐ผ Use Casesโ
- Access DynamoDB securely from private subnets without public IPs
- Improve performance and compliance for internal AWS workloads
- Remove reliance on NAT Gateways or Internet Gateways for DynamoDB traffic
๐ฅ Input Variablesโ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region where the VPC endpoint will be created |
| vpc_id | string | The ID of the VPC to attach the endpoint to |
| route_table_ids | list(string) | List of route table IDs to associate with the endpoint |
| environment | string | Environment tag (e.g., dev, staging, prod) |
๐ค Outputsโ
| Name | Description |
|---|---|
| vpc_endpoint_id | The ID of the created DynamoDB VPC endpoint |
| vpc_endpoint_type | The type of endpoint provisioned (Gateway) |
| service_name | The name of the DynamoDB endpoint service |
๐ Deployment Readinessโ
- โ Compatible with Terraform 1.0+
- โ Tested with AWS provider 5.x
- ๐งช Requires route tables to be pre-existing
๐ ๏ธ Example Usageโ
module "vpc_endpoint_dynamodb" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//network/vpc-endpoint-dynamodb?ref=v1.0.0"
region = "us-east-1"
vpc_id = "vpc-0123456789abcdef0"
route_table_ids = ["rtb-0a1b2c3d4e5f67890"]
environment = "prod"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
๐งน Cleanup Optionsโ
Terraform Destroy:
terraform destroy
or
tofu destroy
Manual Deletion (recommended for production):
aws ec2 delete-vpc-endpoints --vpc-endpoint-ids "endpoint_id"
๐ก๏ธ Notesโ
This is a Level 1 networking module that provisions a Gateway endpoint for DynamoDB.
It does not support interface-type services or security group associations. For private access to services like SQS, EC2, or SNS, use the vpc-endpoint-interface module instead.
๐ Deployment Package Noticeโ
This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.