1. Answers
  2. Creating an AWS EC2 VPC Endpoint with Pulumi

How do I build an AWS EC2 VPC Endpoint with Pulumi?

In this guide, we will create an AWS EC2 VPC Endpoint using Pulumi. A VPC Endpoint allows you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.

Key Points:

  • We will create a VPC with public and private subnets.
  • We will create a VPC Endpoint within this VPC.
  • The VPC Endpoint will be associated with the private subnets.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create a VPC
const vpc = new aws.ec2.Vpc("myVpc", {
    cidrBlock: "10.0.0.0/16",
    enableDnsSupport: true,
    enableDnsHostnames: true,
    tags: { Name: "myVpc" },
});

// Create an Internet Gateway
const internetGateway = new aws.ec2.InternetGateway("myInternetGateway", {
    vpcId: vpc.id,
    tags: { Name: "myInternetGateway" },
});

// Create a Public Subnet
const publicSubnet = new aws.ec2.Subnet("myPublicSubnet", {
    vpcId: vpc.id,
    cidrBlock: "10.0.1.0/24",
    mapPublicIpOnLaunch: true,
    tags: { Name: "myPublicSubnet" },
});

// Create a Private Subnet
const privateSubnet = new aws.ec2.Subnet("myPrivateSubnet", {
    vpcId: vpc.id,
    cidrBlock: "10.0.2.0/24",
    tags: { Name: "myPrivateSubnet" },
});

// Create a Route Table for the Public Subnet
const publicRouteTable = new aws.ec2.RouteTable("myPublicRouteTable", {
    vpcId: vpc.id,
    routes: [
        {
            cidrBlock: "0.0.0.0/0",
            gatewayId: internetGateway.id,
        },
    ],
    tags: { Name: "myPublicRouteTable" },
});

// Associate the Public Route Table with the Public Subnet
new aws.ec2.RouteTableAssociation("myPublicRouteTableAssociation", {
    subnetId: publicSubnet.id,
    routeTableId: publicRouteTable.id,
});

// Create a VPC Endpoint for S3 in the Private Subnet
const vpcEndpoint = new aws.ec2.VpcEndpoint("myVpcEndpoint", {
    vpcId: vpc.id,
    serviceName: `com.amazonaws.${aws.config.region}.s3`,
    vpcEndpointType: "Gateway",
    routeTableIds: [publicRouteTable.id],
    tags: { Name: "myVpcEndpoint" },
});

// Export the VPC ID and VPC Endpoint ID
export const vpcId = vpc.id;
export const vpcEndpointId = vpcEndpoint.id;

Summary

In this guide, we created a VPC with both public and private subnets. We then created a VPC Endpoint for S3 within this VPC, associating it with the private subnets. This setup allows secure and private access to S3 from within the VPC without needing an internet gateway or NAT device.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up