From 222c6269d430f217cebaa50b0f13dfc8fd77cdb7 Mon Sep 17 00:00:00 2001
From: Asif Amirat <asif.amirat@justice.gov.uk>
Date: Thu, 30 May 2024 17:14:22 +0100
Subject: [PATCH] configured vpc endpoint to be always on, previously depended
 on bastions being enabled

---
 modules/vpc/endpoints.tf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/vpc/endpoints.tf b/modules/vpc/endpoints.tf
index bc3c7eda..7967b4a8 100644
--- a/modules/vpc/endpoints.tf
+++ b/modules/vpc/endpoints.tf
@@ -27,10 +27,9 @@ resource "aws_vpc_endpoint" "s3" {
   tags            = var.tags
 }
 
-// endpoints required for session manager
+// enpoint required for bastions and ecs task get ssm parameters
 
 resource "aws_vpc_endpoint" "ssm" {
-  count               = var.ssm_session_manager_endpoints ? 1 : 0
   vpc_id              = module.vpc.vpc_id
   subnet_ids          = module.vpc.public_subnets
   service_name        = "com.amazonaws.${var.region}.ssm"
@@ -41,6 +40,8 @@ resource "aws_vpc_endpoint" "ssm" {
   depends_on          = [aws_security_group.endpoints]
 }
 
+// endpoints required for bastions session manager 
+
 resource "aws_vpc_endpoint" "ssmmessages" {
   count               = var.ssm_session_manager_endpoints ? 1 : 0
   vpc_id              = module.vpc.vpc_id