Skip to content

Data Source: awsVpcEndpoint

The VPC Endpoint data source provides details about a specific VPC endpoint.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsVpcEndpointS3 = new aws.dataAwsVpcEndpoint.DataAwsVpcEndpoint(
  this,
  "s3",
  {
    serviceName: "com.amazonaws.us-west-2.s3",
    vpcId: "${aws_vpc.foo.id}",
  }
);
new aws.vpcEndpointRouteTableAssociation.VpcEndpointRouteTableAssociation(
  this,
  "private_s3",
  {
    routeTableId: "${aws_route_table.private.id}",
    vpcEndpointId: dataAwsVpcEndpointS3.id,
  }
);

Argument Reference

The arguments of this data source act as filters for querying the available VPC endpoints. The given filters must match exactly one VPC endpoint whose data will be exported as attributes.

  • filter - (Optional) Custom filter block as described below.
  • id - (Optional) ID of the specific VPC Endpoint to retrieve.
  • serviceName - (Optional) Service name of the specific VPC Endpoint to retrieve. For AWS services the service name is usually in the form comAmazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form awsSagemaker.<region>Notebook).
  • state - (Optional) State of the specific VPC Endpoint to retrieve.
  • tags - (Optional) Map of tags, each pair of which must exactly match a pair on the specific VPC Endpoint to retrieve.
  • vpcId - (Optional) ID of the VPC in which the specific VPC Endpoint is used.

More complex filters can be expressed using one or more filter sub-blocks, which take the following arguments:

  • name - (Required) Name of the field to filter by, as defined by the underlying AWS API.
  • values - (Required) Set of values that are accepted for the given field. A VPC Endpoint will be selected if any one of the given values matches.

Attributes Reference

In addition to all arguments above except filter, the following attributes are exported:

  • arn - ARN of the VPC endpoint.
  • cidrBlocks - List of CIDR blocks for the exposed AWS service. Applicable for endpoints of type gateway.
  • dnsEntry - DNS entries for the VPC Endpoint. Applicable for endpoints of type interface. DNS blocks are documented below.
  • networkInterfaceIds - One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type interface.
  • ownerId - ID of the AWS account that owns the VPC endpoint.
  • policy - Policy document associated with the VPC Endpoint. Applicable for endpoints of type gateway.
  • prefixListId - Prefix list ID of the exposed AWS service. Applicable for endpoints of type gateway.
  • privateDnsEnabled - Whether or not the VPC is associated with a private hosted zone - true or false. Applicable for endpoints of type interface.
  • requesterManaged - Whether or not the VPC Endpoint is being managed by its service - true or false.
  • routeTableIds - One or more route tables associated with the VPC Endpoint. Applicable for endpoints of type gateway.
  • securityGroupIds - One or more security groups associated with the network interfaces. Applicable for endpoints of type interface.
  • subnetIds - One or more subnets in which the VPC Endpoint is located. Applicable for endpoints of type interface.
  • vpcEndpointType - VPC Endpoint type, gateway or interface.

DNS blocks (for dnsEntry) support the following attributes:

  • dnsName - DNS name.
  • hostedZoneId - ID of the private hosted zone.

Timeouts

Configuration options:

  • read - (Default 20M)