CAUTION: You will need to keep enable_nat_gw = true
in core-infra
variables.tf if you intend to pull container images from Public ECR repositories. This is not supported and is currently blocked by this PR.
This solution blueprint creates VPC Endpoints for S3, ECS, ECR(Private Repositories only), Secrets Manager, and Systems Manager, CloudWatch. There are two steps to deploying this blueprint:
- Deploy the core-infra. Note if you have already deployed the infra then you can reuse it as well.
- NOTE: If you would like to disable the NAT Gateway, change
enable_nat_gw = true
in core-infra
variables.tf. Please ensure that this solution blueprint deploys successfuly prior to disabling the NAT Gateway in core-infra
.
- Deploy the terraform templates in this repository using
terraform init
and terraform apply
VPC Endpoints optimize the network path by avoiding traffic to internet gateways and incurring cost associated with NAT gateways, NAT instances, or maintaining firewalls. VPC Endpoints also provide you with much finer control over how users and applications access AWS services. VPC Endpoints prevent sensitive data from traversing the Internet, which helps you maintain compliance with regulations such as HIPAA, EU/US Privacy Shield, and PCI.
Name |
Version |
aws |
>= 3.72.0 |
Name |
Source |
Version |
vpc_endpoints |
terraform-aws-modules/vpc/aws//modules/vpc-endpoints |
n/a |
Name |
Description |
Type |
Default |
Required |
aws_region |
AWS region |
string |
n/a |
yes |
core_stack_name |
The name of core infrastructure stack that you created using core-infra module |
string |
"ecs-blueprint-infra" |
no |
repository_owner |
The name of the owner of the forked Github repository |
string |
n/a |
yes |
vpc_tag_key |
The tag key of the VPC and subnets |
string |
"Name" |
no |
vpc_tag_value |
The tag value of the VPC and subnets |
string |
"" |
no |
No outputs.