VpcEndpoint

Provides a VPC Endpoint resource.

NOTE on VPC Endpoints and VPC Endpoint Associations: This provider provides both standalone VPC Endpoint Associations for Route Tables - (an association between a VPC endpoint and a single route_table_id) and Subnets - (an association between a VPC endpoint and a single subnet_id) and a VPC Endpoint resource with route_table_ids and subnet_ids attributes. Do not use the same resource ID in both a VPC Endpoint resource and a VPC Endpoint Association resource. Doing so will cause a conflict of associations and will overwrite the association.

Example Usage

Basic

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var s3 = new Aws.Ec2.VpcEndpoint("s3", new Aws.Ec2.VpcEndpointArgs
        {
            VpcId = aws_vpc.Main.Id,
            ServiceName = "com.amazonaws.us-west-2.s3",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.NewVpcEndpoint(ctx, "s3", &ec2.VpcEndpointArgs{
			VpcId:       pulumi.Any(aws_vpc.Main.Id),
			ServiceName: pulumi.String("com.amazonaws.us-west-2.s3"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

s3 = aws.ec2.VpcEndpoint("s3",
    vpc_id=aws_vpc["main"]["id"],
    service_name="com.amazonaws.us-west-2.s3")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const s3 = new aws.ec2.VpcEndpoint("s3", {
    vpcId: aws_vpc.main.id,
    serviceName: "com.amazonaws.us-west-2.s3",
});

Basic w/ Tags

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var s3 = new Aws.Ec2.VpcEndpoint("s3", new Aws.Ec2.VpcEndpointArgs
        {
            VpcId = aws_vpc.Main.Id,
            ServiceName = "com.amazonaws.us-west-2.s3",
            Tags = 
            {
                { "Environment", "test" },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.NewVpcEndpoint(ctx, "s3", &ec2.VpcEndpointArgs{
			VpcId:       pulumi.Any(aws_vpc.Main.Id),
			ServiceName: pulumi.String("com.amazonaws.us-west-2.s3"),
			Tags: pulumi.StringMap{
				"Environment": pulumi.String("test"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

s3 = aws.ec2.VpcEndpoint("s3",
    vpc_id=aws_vpc["main"]["id"],
    service_name="com.amazonaws.us-west-2.s3",
    tags={
        "Environment": "test",
    })
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const s3 = new aws.ec2.VpcEndpoint("s3", {
    vpcId: aws_vpc.main.id,
    serviceName: "com.amazonaws.us-west-2.s3",
    tags: {
        Environment: "test",
    },
});

Interface Endpoint Type

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var ec2 = new Aws.Ec2.VpcEndpoint("ec2", new Aws.Ec2.VpcEndpointArgs
        {
            VpcId = aws_vpc.Main.Id,
            ServiceName = "com.amazonaws.us-west-2.ec2",
            VpcEndpointType = "Interface",
            SecurityGroupIds = 
            {
                aws_security_group.Sg1.Id,
            },
            PrivateDnsEnabled = true,
        });
    }

}

Coming soon!

import pulumi
import pulumi_aws as aws

ec2 = aws.ec2.VpcEndpoint("ec2",
    vpc_id=aws_vpc["main"]["id"],
    service_name="com.amazonaws.us-west-2.ec2",
    vpc_endpoint_type="Interface",
    security_group_ids=[aws_security_group["sg1"]["id"]],
    private_dns_enabled=True)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ec2 = new aws.ec2.VpcEndpoint("ec2", {
    vpcId: aws_vpc.main.id,
    serviceName: "com.amazonaws.us-west-2.ec2",
    vpcEndpointType: "Interface",
    securityGroupIds: [aws_security_group.sg1.id],
    privateDnsEnabled: true,
});

Gateway Load Balancer Endpoint Type

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
        var exampleVpcEndpointService = new Aws.Ec2.VpcEndpointService("exampleVpcEndpointService", new Aws.Ec2.VpcEndpointServiceArgs
        {
            AcceptanceRequired = false,
            AllowedPrincipals = 
            {
                current.Apply(current => current.Arn),
            },
            GatewayLoadBalancerArns = 
            {
                aws_lb.Example.Arn,
            },
        });
        var exampleVpcEndpoint = new Aws.Ec2.VpcEndpoint("exampleVpcEndpoint", new Aws.Ec2.VpcEndpointArgs
        {
            ServiceName = exampleVpcEndpointService.ServiceName,
            SubnetIds = 
            {
                aws_subnet.Example.Id,
            },
            VpcEndpointType = exampleVpcEndpointService.ServiceType,
            VpcId = aws_vpc.Example.Id,
        });
    }

}

Coming soon!

import pulumi
import pulumi_aws as aws

current = aws.get_caller_identity()
example_vpc_endpoint_service = aws.ec2.VpcEndpointService("exampleVpcEndpointService",
    acceptance_required=False,
    allowed_principals=[current.arn],
    gateway_load_balancer_arns=[aws_lb["example"]["arn"]])
example_vpc_endpoint = aws.ec2.VpcEndpoint("exampleVpcEndpoint",
    service_name=example_vpc_endpoint_service.service_name,
    subnet_ids=[aws_subnet["example"]["id"]],
    vpc_endpoint_type=example_vpc_endpoint_service.service_type,
    vpc_id=aws_vpc["example"]["id"])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = aws.getCallerIdentity({});
const exampleVpcEndpointService = new aws.ec2.VpcEndpointService("exampleVpcEndpointService", {
    acceptanceRequired: false,
    allowedPrincipals: [current.then(current => current.arn)],
    gatewayLoadBalancerArns: [aws_lb.example.arn],
});
const exampleVpcEndpoint = new aws.ec2.VpcEndpoint("exampleVpcEndpoint", {
    serviceName: exampleVpcEndpointService.serviceName,
    subnetIds: [aws_subnet.example.id],
    vpcEndpointType: exampleVpcEndpointService.serviceType,
    vpcId: aws_vpc.example.id,
});

Create a VpcEndpoint Resource

new VpcEndpoint(name: string, args: VpcEndpointArgs, opts?: CustomResourceOptions);
@overload
def VpcEndpoint(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                auto_accept: Optional[bool] = None,
                policy: Optional[str] = None,
                private_dns_enabled: Optional[bool] = None,
                route_table_ids: Optional[Sequence[str]] = None,
                security_group_ids: Optional[Sequence[str]] = None,
                service_name: Optional[str] = None,
                subnet_ids: Optional[Sequence[str]] = None,
                tags: Optional[Mapping[str, str]] = None,
                tags_all: Optional[Mapping[str, str]] = None,
                vpc_endpoint_type: Optional[str] = None,
                vpc_id: Optional[str] = None)
@overload
def VpcEndpoint(resource_name: str,
                args: VpcEndpointArgs,
                opts: Optional[ResourceOptions] = None)
func NewVpcEndpoint(ctx *Context, name string, args VpcEndpointArgs, opts ...ResourceOption) (*VpcEndpoint, error)
public VpcEndpoint(string name, VpcEndpointArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args VpcEndpointArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args VpcEndpointArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args VpcEndpointArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args VpcEndpointArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

VpcEndpoint Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The VpcEndpoint resource accepts the following input properties:

ServiceName string
The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook).
VpcId string
The ID of the VPC in which the endpoint will be used.
AutoAccept bool
Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
Policy string
A policy to attach to the endpoint that controls access to the service. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
PrivateDnsEnabled bool
Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.
RouteTableIds List<string>
One or more route table IDs. Applicable for endpoints of type Gateway.
SecurityGroupIds List<string>
The ID of one or more security groups to associate with the network interface. Required for endpoints of type Interface.
SubnetIds List<string>
The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.
Tags Dictionary<string, string>
A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
VpcEndpointType string
The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.
ServiceName string
The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook).
VpcId string
The ID of the VPC in which the endpoint will be used.
AutoAccept bool
Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
Policy string
A policy to attach to the endpoint that controls access to the service. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
PrivateDnsEnabled bool
Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.
RouteTableIds []string
One or more route table IDs. Applicable for endpoints of type Gateway.
SecurityGroupIds []string
The ID of one or more security groups to associate with the network interface. Required for endpoints of type Interface.
SubnetIds []string
The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.
Tags map[string]string
A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
VpcEndpointType string
The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.
serviceName string
The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook).
vpcId string
The ID of the VPC in which the endpoint will be used.
autoAccept boolean
Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
policy string
A policy to attach to the endpoint that controls access to the service. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
privateDnsEnabled boolean
Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.
routeTableIds string[]
One or more route table IDs. Applicable for endpoints of type Gateway.
securityGroupIds string[]
The ID of one or more security groups to associate with the network interface. Required for endpoints of type Interface.
subnetIds string[]
The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.
tags {[key: string]: string}
A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
vpcEndpointType string
The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.
service_name str
The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook).
vpc_id str
The ID of the VPC in which the endpoint will be used.
auto_accept bool
Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
policy str
A policy to attach to the endpoint that controls access to the service. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
private_dns_enabled bool
Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.
route_table_ids Sequence[str]
One or more route table IDs. Applicable for endpoints of type Gateway.
security_group_ids Sequence[str]
The ID of one or more security groups to associate with the network interface. Required for endpoints of type Interface.
subnet_ids Sequence[str]
The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.
tags Mapping[str, str]
A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .
vpc_endpoint_type str
The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.

Outputs

All input properties are implicitly available as output properties. Additionally, the VpcEndpoint resource produces the following output properties:

Arn string
The Amazon Resource Name (ARN) of the VPC endpoint.
CidrBlocks List<string>
The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
DnsEntries List<VpcEndpointDnsEntry>
The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
Id string
The provider-assigned unique ID for this managed resource.
NetworkInterfaceIds List<string>
One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
OwnerId string
The ID of the AWS account that owns the VPC endpoint.
PrefixListId string
The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
RequesterManaged bool
Whether or not the VPC Endpoint is being managed by its service - true or false.
State string
The state of the VPC endpoint.
Arn string
The Amazon Resource Name (ARN) of the VPC endpoint.
CidrBlocks []string
The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
DnsEntries []VpcEndpointDnsEntry
The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
Id string
The provider-assigned unique ID for this managed resource.
NetworkInterfaceIds []string
One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
OwnerId string
The ID of the AWS account that owns the VPC endpoint.
PrefixListId string
The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
RequesterManaged bool
Whether or not the VPC Endpoint is being managed by its service - true or false.
State string
The state of the VPC endpoint.
arn string
The Amazon Resource Name (ARN) of the VPC endpoint.
cidrBlocks string[]
The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
dnsEntries VpcEndpointDnsEntry[]
The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
id string
The provider-assigned unique ID for this managed resource.
networkInterfaceIds string[]
One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
ownerId string
The ID of the AWS account that owns the VPC endpoint.
prefixListId string
The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
requesterManaged boolean
Whether or not the VPC Endpoint is being managed by its service - true or false.
state string
The state of the VPC endpoint.
arn str
The Amazon Resource Name (ARN) of the VPC endpoint.
cidr_blocks Sequence[str]
The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
dns_entries Sequence[VpcEndpointDnsEntry]
The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
id str
The provider-assigned unique ID for this managed resource.
network_interface_ids Sequence[str]
One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
owner_id str
The ID of the AWS account that owns the VPC endpoint.
prefix_list_id str
The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
requester_managed bool
Whether or not the VPC Endpoint is being managed by its service - true or false.
state str
The state of the VPC endpoint.

Look up an Existing VpcEndpoint Resource

Get an existing VpcEndpoint resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VpcEndpointState, opts?: CustomResourceOptions): VpcEndpoint
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        auto_accept: Optional[bool] = None,
        cidr_blocks: Optional[Sequence[str]] = None,
        dns_entries: Optional[Sequence[VpcEndpointDnsEntryArgs]] = None,
        network_interface_ids: Optional[Sequence[str]] = None,
        owner_id: Optional[str] = None,
        policy: Optional[str] = None,
        prefix_list_id: Optional[str] = None,
        private_dns_enabled: Optional[bool] = None,
        requester_managed: Optional[bool] = None,
        route_table_ids: Optional[Sequence[str]] = None,
        security_group_ids: Optional[Sequence[str]] = None,
        service_name: Optional[str] = None,
        state: Optional[str] = None,
        subnet_ids: Optional[Sequence[str]] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        vpc_endpoint_type: Optional[str] = None,
        vpc_id: Optional[str] = None) -> VpcEndpoint
func GetVpcEndpoint(ctx *Context, name string, id IDInput, state *VpcEndpointState, opts ...ResourceOption) (*VpcEndpoint, error)
public static VpcEndpoint Get(string name, Input<string> id, VpcEndpointState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string
The Amazon Resource Name (ARN) of the VPC endpoint.
AutoAccept bool
Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
CidrBlocks List<string>
The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
DnsEntries List<VpcEndpointDnsEntryArgs>
The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
NetworkInterfaceIds List<string>
One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
OwnerId string
The ID of the AWS account that owns the VPC endpoint.
Policy string
A policy to attach to the endpoint that controls access to the service. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
PrefixListId string
The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
PrivateDnsEnabled bool
Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.
RequesterManaged bool
Whether or not the VPC Endpoint is being managed by its service - true or false.
RouteTableIds List<string>
One or more route table IDs. Applicable for endpoints of type Gateway.
SecurityGroupIds List<string>
The ID of one or more security groups to associate with the network interface. Required for endpoints of type Interface.
ServiceName string
The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook).
State string
The state of the VPC endpoint.
SubnetIds List<string>
The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.
Tags Dictionary<string, string>
A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
VpcEndpointType string
The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.
VpcId string
The ID of the VPC in which the endpoint will be used.
Arn string
The Amazon Resource Name (ARN) of the VPC endpoint.
AutoAccept bool
Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
CidrBlocks []string
The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
DnsEntries []VpcEndpointDnsEntry
The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
NetworkInterfaceIds []string
One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
OwnerId string
The ID of the AWS account that owns the VPC endpoint.
Policy string
A policy to attach to the endpoint that controls access to the service. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
PrefixListId string
The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
PrivateDnsEnabled bool
Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.
RequesterManaged bool
Whether or not the VPC Endpoint is being managed by its service - true or false.
RouteTableIds []string
One or more route table IDs. Applicable for endpoints of type Gateway.
SecurityGroupIds []string
The ID of one or more security groups to associate with the network interface. Required for endpoints of type Interface.
ServiceName string
The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook).
State string
The state of the VPC endpoint.
SubnetIds []string
The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.
Tags map[string]string
A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
VpcEndpointType string
The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.
VpcId string
The ID of the VPC in which the endpoint will be used.
arn string
The Amazon Resource Name (ARN) of the VPC endpoint.
autoAccept boolean
Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
cidrBlocks string[]
The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
dnsEntries VpcEndpointDnsEntryArgs[]
The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
networkInterfaceIds string[]
One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
ownerId string
The ID of the AWS account that owns the VPC endpoint.
policy string
A policy to attach to the endpoint that controls access to the service. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
prefixListId string
The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
privateDnsEnabled boolean
Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.
requesterManaged boolean
Whether or not the VPC Endpoint is being managed by its service - true or false.
routeTableIds string[]
One or more route table IDs. Applicable for endpoints of type Gateway.
securityGroupIds string[]
The ID of one or more security groups to associate with the network interface. Required for endpoints of type Interface.
serviceName string
The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook).
state string
The state of the VPC endpoint.
subnetIds string[]
The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.
tags {[key: string]: string}
A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
vpcEndpointType string
The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.
vpcId string
The ID of the VPC in which the endpoint will be used.
arn str
The Amazon Resource Name (ARN) of the VPC endpoint.
auto_accept bool
Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
cidr_blocks Sequence[str]
The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
dns_entries Sequence[VpcEndpointDnsEntryArgs]
The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
network_interface_ids Sequence[str]
One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
owner_id str
The ID of the AWS account that owns the VPC endpoint.
policy str
A policy to attach to the endpoint that controls access to the service. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
prefix_list_id str
The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
private_dns_enabled bool
Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.
requester_managed bool
Whether or not the VPC Endpoint is being managed by its service - true or false.
route_table_ids Sequence[str]
One or more route table IDs. Applicable for endpoints of type Gateway.
security_group_ids Sequence[str]
The ID of one or more security groups to associate with the network interface. Required for endpoints of type Interface.
service_name str
The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook).
state str
The state of the VPC endpoint.
subnet_ids Sequence[str]
The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.
tags Mapping[str, str]
A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .
vpc_endpoint_type str
The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.
vpc_id str
The ID of the VPC in which the endpoint will be used.

Supporting Types

VpcEndpointDnsEntry

DnsName string
The DNS name.
HostedZoneId string
The ID of the private hosted zone.
DnsName string
The DNS name.
HostedZoneId string
The ID of the private hosted zone.
dnsName string
The DNS name.
hostedZoneId string
The ID of the private hosted zone.
dns_name str
The DNS name.
hosted_zone_id str
The ID of the private hosted zone.

Import

VPC Endpoints can be imported using the vpc endpoint id, e.g.

 $ pulumi import aws:ec2/vpcEndpoint:VpcEndpoint endpoint1 vpce-3ecf2a57

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.