Skip to content

Resource: awsVpcEndpointService

Provides a VPC Endpoint Service resource. Service consumers can create an Interface VPC Endpoint to connect to the service.

\~> NOTE on VPC Endpoint Services and VPC Endpoint Service Allowed Principals: Terraform provides both a standalone VPC Endpoint Service Allowed Principal resource and a VPC Endpoint Service resource with an allowedPrincipals attribute. Do not use the same principal ARN in both a VPC Endpoint Service resource and a VPC Endpoint Service Allowed Principal resource. Doing so will cause a conflict and will overwrite the association.

Example Usage

Network Load Balancers

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.vpcEndpointService.VpcEndpointService(this, "example", {
  acceptanceRequired: false,
  networkLoadBalancerArns: ["${aws_lb.example.arn}"],
});

Gateway Load Balancers

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.vpcEndpointService.VpcEndpointService(this, "example", {
  acceptanceRequired: false,
  gatewayLoadBalancerArns: ["${aws_lb.example.arn}"],
});

Argument Reference

The following arguments are supported:

  • acceptanceRequired - (Required) Whether or not VPC endpoint connection requests to the service must be accepted by the service owner - true or false.
  • allowedPrincipals - (Optional) The ARNs of one or more principals allowed to discover the endpoint service.
  • gatewayLoadBalancerArns - (Optional) Amazon Resource Names (ARNs) of one or more Gateway Load Balancers for the endpoint service.
  • networkLoadBalancerArns - (Optional) Amazon Resource Names (ARNs) of one or more Network Load Balancers for the endpoint service.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
  • privateDnsName - (Optional) The private DNS name for the service.
  • supportedIpAddressTypes - (Optional) The supported IP address types. The possible values are ipv4 and ipv6.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the VPC endpoint service.
  • availabilityZones - A set of Availability Zones in which the service is available.
  • arn - The Amazon Resource Name (ARN) of the VPC endpoint service.
  • baseEndpointDnsNames - A set of DNS names for the service.
  • managesVpcEndpoints - Whether or not the service manages its VPC endpoints - true or false.
  • serviceName - The service name.
  • serviceType - The service type, gateway or interface.
  • state - The state of the VPC endpoint service.
  • privateDnsNameConfiguration - List of objects containing information about the endpoint service private DNS name configuration.
  • name - Name of the record subdomain the service provider needs to create.
  • state - Verification state of the VPC endpoint service. Consumers of the endpoint service can use the private name only when the state is verified.
  • type - Endpoint service verification type, for example txt.
  • value - Value the service provider adds to the private DNS name domain record before verification.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

VPC Endpoint Services can be imported using the vpcEndpointServiceId, e.g.,

$ terraform import aws_vpc_endpoint_service.foo vpce-svc-0f97a19d3fa8220bc