Interface VPC Endpoint
๐ฆ Overviewโ
This Terraform module provisions an Interface VPC Endpoint (AWS PrivateLink) for a specified AWS service, allowing secure private connectivity from within your VPC to supported AWS APIs.
It automatically attaches to one or more private subnets and associates with specified security groups for traffic control.
โ Key Featuresโ
- Creates a VPC Interface Endpoint for any supported AWS service
- Associates with private subnets and security groups
- Tags resources for environment and visibility
- Supports PrivateLink for secure service-to-service communication
๐ผ Use Casesโ
- Access AWS APIs (e.g., EC2, SSM, Secrets Manager) without traversing the public internet
- Improve compliance by restricting service traffic to internal VPC-only paths
- Integrate VPC-based applications with supported AWS services securely
๐ฅ Input Variablesโ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region to deploy the interface endpoint |
| vpc_id | string | The ID of the VPC where the endpoint will reside |
| subnet_ids | list(string) | List of private subnet IDs to associate with the endpoint |
| security_group_ids | list(string) | Security group IDs to attach to the endpoint's ENIs |
| service_name | string | The full service name (e.g., com.amazonaws.us-east-1.ec2) |
| environment | string | Environment tag for visibility and tracking |
๐ค Outputsโ
| Name | Description |
|---|---|
| vpc_endpoint_id | The ID of the Interface VPC Endpoint |
| vpc_endpoint_dns_entry | The DNS name used to access the service privately |
| service_name | The AWS service this interface endpoint connects to |
๐ Deployment Readinessโ
- โ Compatible with Terraform 1.0+
- โ Works with AWS provider 5.x
- ๐งช Requires pre-existing VPC, subnets, and security groups
๐ ๏ธ Example Usageโ
module "vpc_endpoint_interface" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//network/vpc-endpoint-interface?ref=v1.0.0"
region = "us-east-1"
vpc_id = "vpc-0123456789abcdef0"
subnet_ids = ["subnet-abc123", "subnet-def456"]
security_group_ids = ["sg-01234abcd5678efgh"]
service_name = "com.amazonaws.us-east-1.ec2"
environment = "prod"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
๐งน Cleanup Optionsโ
Terraform Destroy:
terraform destroy
or
tofu destroy
Manual Deletion (recommended for production):
aws ec2 delete-vpc-endpoints --vpc-endpoint-ids "endpoint_id"
๐ก๏ธ Notesโ
This is a Level 1 networking module for deploying AWS Interface VPC Endpoints via PrivateLink.
Do not use this for gateway services like DynamoDB or S3. Make sure the service you're connecting to supports Interface Endpoints and PrivateLink functionality.
๐ Deployment Package Noticeโ
This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.