From b3318283f23359d9b9c6f53e7fdfc9879f7243fb Mon Sep 17 00:00:00 2001 From: Pablo Serrano Date: Thu, 1 Oct 2020 10:30:06 +0200 Subject: [PATCH] feat: Added Codeartifact API/Repo vpc endpoints --- README.md | 10 +++++++++- outputs.tf | 30 ++++++++++++++++++++++++++++++ variables.tf | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ vpc-endpoints.tf | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 133 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b5fa4c9c8..1b85d418c 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ These types of resources are supported: * Gateway: S3, DynamoDB * Interface: EC2, SSM, EC2 Messages, SSM Messages, SQS, ECR API, ECR DKR, API Gateway, KMS, ECS, ECS Agent, ECS Telemetry, SES, SNS, STS, Glue, CloudWatch(Monitoring, Logs, Events), -Elastic Load Balancing, CloudTrail, Secrets Manager, Config, CodeBuild, CodeCommit, +Elastic Load Balancing, CloudTrail, Secrets Manager, Config, Codeartifact(API, Repositories), CodeBuild, CodeCommit, Git-Codecommit, Textract, Transfer Server, Kinesis Streams, Kinesis Firehose, SageMaker(Notebook, Runtime, API), CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog, AppStream API, AppStream Streaming, Athena, Rekognition, Elastic File System (EFS), Cloud Directory, Elastic Beanstalk (+ Health), Elastic Map Reduce(EMR), @@ -408,6 +408,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | enable\_cloud\_directory\_endpoint | Should be true if you want to provision an Cloud Directory endpoint to the VPC | `bool` | `false` | no | | enable\_cloudformation\_endpoint | Should be true if you want to provision a Cloudformation endpoint to the VPC | `bool` | `false` | no | | enable\_cloudtrail\_endpoint | Should be true if you want to provision a CloudTrail endpoint to the VPC | `bool` | `false` | no | +| enable\_codeartifact_api\_endpoint | Should be true if you want to provision an Codeartifact API endpoint to the VPC | `bool` | `false` | no | +| enable\_codeartifact_repositories\_endpoint | Should be true if you want to provision an Codeartifact repositories endpoint to the VPC | `bool` | `false` | no | | enable\_codebuild\_endpoint | Should be true if you want to provision an Codebuild endpoint to the VPC | `bool` | `false` | no | | enable\_codecommit\_endpoint | Should be true if you want to provision an Codecommit endpoint to the VPC | `bool` | `false` | no | | enable\_codedeploy\_commands\_secure\_endpoint | Should be true if you want to provision an CodeDeploy Commands Secure endpoint to the VPC | `bool` | `false` | no | @@ -761,6 +763,12 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | vpc\_endpoint\_cloudtrail\_dns\_entry | The DNS entries for the VPC Endpoint for CloudTrail. | | vpc\_endpoint\_cloudtrail\_id | The ID of VPC endpoint for CloudTrail | | vpc\_endpoint\_cloudtrail\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CloudTrail. | +| vpc\_endpoint\_codeartifact_api\_dns\_entry | The DNS entries for the VPC Endpoint for Codeartifact API. | +| vpc\_endpoint\_codeartifact_api\_id | The ID of VPC endpoint for Codeartifact API | +| vpc\_endpoint\_codeartifact_api\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Codeartifact API. | +| vpc\_endpoint\_codeartifact_repositories\_dns\_entry | The DNS entries for the VPC Endpoint for Codeartifact repositories. | +| vpc\_endpoint\_codeartifact_repositories\_id | The ID of VPC endpoint for Codeartifact repositories | +| vpc\_endpoint\_codeartifact_repositories\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Codeartifact repositories. | | vpc\_endpoint\_codebuild\_dns\_entry | The DNS entries for the VPC Endpoint for codebuild. | | vpc\_endpoint\_codebuild\_id | The ID of VPC endpoint for codebuild | | vpc\_endpoint\_codebuild\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for codebuild. | diff --git a/outputs.tf b/outputs.tf index 59a509b19..797a83f44 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1362,6 +1362,36 @@ output "vpc_endpoint_textract_dns_entry" { value = flatten(aws_vpc_endpoint.textract.*.dns_entry) } +output "vpc_endpoint_codeartifact_api_id" { + description = "The ID of VPC endpoint for Codeartifact API" + value = concat(aws_vpc_endpoint.codeartifact_api.*.id, [""])[0] +} + +output "vpc_endpoint_codeartifact_api_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for Codeartifact API." + value = flatten(aws_vpc_endpoint.codeartifact_api.*.network_interface_ids) +} + +output "vpc_endpoint_codeartifact_api_dns_entry" { + description = "The DNS entries for the VPC Endpoint for Codeartifact API." + value = flatten(aws_vpc_endpoint.codeartifact_api.*.dns_entry) +} + +output "vpc_endpoint_codeartifact_repositories_id" { + description = "The ID of VPC endpoint for Codeartifact repositories" + value = concat(aws_vpc_endpoint.codeartifact_repositories.*.id, [""])[0] +} + +output "vpc_endpoint_codeartifact_repositories_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for Codeartifact repositories." + value = flatten(aws_vpc_endpoint.codeartifact_repositories.*.network_interface_ids) +} + +output "vpc_endpoint_codeartifact_repositories_dns_entry" { + description = "The DNS entries for the VPC Endpoint for Codeartifact repositories." + value = flatten(aws_vpc_endpoint.codeartifact_repositories.*.dns_entry) +} + # VPC flow log output "vpc_flow_log_id" { description = "The ID of the Flow Log resource" diff --git a/variables.tf b/variables.tf index 00a9f8f90..a5336ef27 100644 --- a/variables.tf +++ b/variables.tf @@ -322,6 +322,54 @@ variable "enable_s3_endpoint" { default = false } +variable "enable_codeartifact_api_endpoint" { + description = "Should be true if you want to provision an Codeartifact API endpoint to the VPC" + type = bool + default = false +} + +variable "codeartifact_api_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for Codeartifact API endpoint" + type = list(string) + default = [] +} + +variable "codeartifact_api_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for Codeartifact API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "codeartifact_api_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for Codeartifact API endpoint" + type = bool + default = false +} + +variable "enable_codeartifact_repositories_endpoint" { + description = "Should be true if you want to provision an Codeartifact repositories endpoint to the VPC" + type = bool + default = false +} + +variable "codeartifact_repositories_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for Codeartifact repositories endpoint" + type = list(string) + default = [] +} + +variable "codeartifact_repositories_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for Codeartifact repositories endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "codeartifact_repositories_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for Codeartifact repositories endpoint" + type = bool + default = false +} + variable "enable_codebuild_endpoint" { description = "Should be true if you want to provision an Codebuild endpoint to the VPC" type = bool diff --git a/vpc-endpoints.tf b/vpc-endpoints.tf index 4d7a33d96..60030810b 100644 --- a/vpc-endpoints.tf +++ b/vpc-endpoints.tf @@ -1462,3 +1462,49 @@ resource "aws_vpc_endpoint" "textract" { tags = local.vpce_tags } + +############################################# +# VPC Endpoint for Codeartifact API +############################################# +data "aws_vpc_endpoint_service" "codeartifact_api" { + count = var.create_vpc && var.enable_codeartifact_api_endpoint ? 1 : 0 + + service = "codeartifact.api" +} + +resource "aws_vpc_endpoint" "codeartifact_api" { + count = var.create_vpc && var.enable_codeartifact_api_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.codeartifact_api[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.codeartifact_api_endpoint_security_group_ids + subnet_ids = coalescelist(var.codeartifact_api_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.codeartifact_api_endpoint_private_dns_enabled + + tags = local.vpce_tags +} + +############################################# +# VPC Endpoint for Codeartifact repositories +############################################# +data "aws_vpc_endpoint_service" "codeartifact_repositories" { + count = var.create_vpc && var.enable_codeartifact_repositories_endpoint ? 1 : 0 + + service = "codeartifact.repositories" +} + +resource "aws_vpc_endpoint" "codeartifact_repositories" { + count = var.create_vpc && var.enable_codeartifact_repositories_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.codeartifact_repositories[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.codeartifact_repositories_endpoint_security_group_ids + subnet_ids = coalescelist(var.codeartifact_repositories_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.codeartifact_repositories_endpoint_private_dns_enabled + + tags = local.vpce_tags +}