Skip to content

Resource: awsVpcEndpointPolicy

Provides a VPC Endpoint Policy resource.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsVpcExample = new aws.vpc.Vpc(this, "example", {
  cidrBlock: "10.0.0.0/16",
});
const dataAwsVpcEndpointServiceExample =
  new aws.dataAwsVpcEndpointService.DataAwsVpcEndpointService(
    this,
    "example_1",
    {
      service: "dynamodb",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsVpcEndpointServiceExample.overrideLogicalId("example");
const awsVpcEndpointExample = new aws.vpcEndpoint.VpcEndpoint(
  this,
  "example_2",
  {
    serviceName: dataAwsVpcEndpointServiceExample.serviceName,
    vpcId: awsVpcExample.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcEndpointExample.overrideLogicalId("example");
const awsVpcEndpointPolicyExample = new aws.vpcEndpointPolicy.VpcEndpointPolicy(
  this,
  "example_3",
  {
    policy:
      '${jsonencode({\n    "Version" : "2012-10-17",\n    "Statement" : [\n      {\n        "Sid" : "AllowAll",\n        "Effect" : "Allow",\n        "Principal" : {\n          "AWS" : "*"\n        },\n        "Action" : [\n          "dynamodb:*"\n        ],\n        "Resource" : "*"\n      }\n    ]\n  })}',
    vpcEndpointId: awsVpcEndpointExample.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcEndpointPolicyExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • vpcEndpointId - (Required) The VPC Endpoint ID.
  • policy - (Optional) A policy to attach to the endpoint that controls access to the service. Defaults to full access. All gateway and some interface endpoints support policies - see the relevant AWS documentation for more details. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the VPC endpoint.

Import

VPC Endpoint Policies can be imported using the id, e.g.

$ terraform import aws_vpc_endpoint_policy.example vpce-3ecf2a57