diff --git a/terraform/foundation-stack/main.tf b/terraform/foundation-stack/main.tf
index ee450dd..8723f43 100644
--- a/terraform/foundation-stack/main.tf
+++ b/terraform/foundation-stack/main.tf
@@ -82,6 +82,16 @@ module "vpc" {
   })
 }
 
+data "aws_region" "current" {}
+
+# https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-govcloud-vpc-endpoints.html
+resource "aws_vpc_endpoint" "eks_vpc_endpoints" {
+  for_each     = var.vpc_endpoints
+  vpc_id       = module.vpc.vpc_id
+  service_name = "com.amazonaws.${data.aws_region.current.name}.${each.value}"
+  tags         = var.stack_tags
+}
+
 module "eks" {
   source          = "terraform-aws-modules/eks/aws"
   version         = "20.24.3"
diff --git a/terraform/foundation-stack/variables.tf b/terraform/foundation-stack/variables.tf
index 05f1b17..2f6b70f 100644
--- a/terraform/foundation-stack/variables.tf
+++ b/terraform/foundation-stack/variables.tf
@@ -141,3 +141,8 @@ variable "s3_csi_driver_bucket_arns" {
   default     = []
   description = "existing buckets the s3 CSI driver should have access to"
 }
+variable "vpc_endpoints" {
+  type        = list(string)
+  description = "vpc endpoints within the cluster vpc network"
+  default     = []
+}