S3 VPC Gateway Endpoint
๐ฆ Overviewโ
This Terraform module provisions a Gateway VPC Endpoint for Amazon S3, enabling private communication from your VPC to S3 without routing traffic over the public internet.
It attaches the endpoint to one or more route tables, improving performance and security by eliminating the need for NAT gateways in S3 access paths.
โ Key Featuresโ
- Creates a VPC Gateway Endpoint for Amazon S3
- Attaches to one or more route tables for internal routing
- Avoids public internet traversal and NAT Gateway costs
- Adds environment-based resource tagging
๐ผ Use Casesโ
- Secure access to S3 buckets from private subnets
- Cost optimization by avoiding NAT Gateway for S3 traffic
- Compliance-driven environments requiring internal-only routing
๐ฅ Input Variablesโ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region to deploy the VPC endpoint |
| vpc_id | string | The ID of the VPC where the endpoint will reside |
| route_table_ids | list(string) | List of route table IDs to associate with endpoint |
| environment | string | Environment tag (e.g., dev, prod) |
๐ค Outputsโ
| Name | Description |
|---|---|
| vpc_endpoint_id | The ID of the created Gateway VPC Endpoint |
| service_name | The AWS service name (e.g., com.amazonaws.us-east-1.s3) |
| vpc_id | The VPC where the endpoint was deployed |
๐ Deployment Readinessโ
- โ Compatible with Terraform 1.0+
- โ Requires AWS Provider 5.x or later
- ๐งช Assumes route tables and VPC are already provisioned
๐ ๏ธ Example Usageโ
module "vpc_endpoint_s3" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//network/vpc-endpoint-s3?ref=v1.0.0"
region = "us-east-1"
vpc_id = "vpc-0123456789abcdef0"
route_table_ids = ["rtb-abc123", "rtb-def456"]
environment = "prod"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
๐งน Cleanup Optionsโ
Terraform Destroy (For isolated use):
terraform destroy
or
tofu destroy
Manual Deletion (Recommended for production environments):
aws ec2 delete-vpc-endpoints --vpc-endpoint-ids "endpoint_id"
๐ก๏ธ Notesโ
This is a Level 1 networking module designed specifically for Amazon S3 Gateway Endpoints. For accessing AWS services that require Interface Endpoints, such as SSM or Secrets Manager, use the vpc-endpoint-interface module instead.
๐ Deployment Package Noticeโ
This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.