Created
April 15, 2022 01:51
-
-
Save bamartin125/f18a416b356c0861e55338b6f2e889a1 to your computer and use it in GitHub Desktop.
endpoints
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Gateway Example | |
VpcEndpointS3: | |
# This is needed so that interfaces on the private subnet within the VPC | |
# can get to S3. Otherwise, they would need an IP address on the internet | |
# or a NAT Gateway in order to reach S3 | |
Type: AWS::EC2::VPCEndpoint | |
Properties: | |
VpcEndpointType: Gateway | |
# TODO: | |
# Need to verify the ServiceName doesn't need to be generalized: | |
# * Does `com.amazonaws` need to instead be `${AWS::URLSuffix}` in | |
# reverse to be most general? | |
ServiceName: !Sub com.amazonaws.${AWS::Region}.s3 | |
VpcId: !Ref Vpc | |
RouteTableIds: | |
- !Ref RouteTable | |
RouteTable: | |
Type: AWS::EC2::RouteTable | |
Properties: | |
VpcId: !Ref Vpc | |
Tags: | |
- Key: Name | |
Value: !Sub ${AWS::StackName}-RouteTable | |
- Key: stack | |
Value: !Sub ${AWS::StackName} | |
Subnet1RouteTableAssociation: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Properties: | |
RouteTableId: !Ref RouteTable | |
SubnetId: !Ref Subnet1 | |
Subnet2RouteTableAssociation: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Properties: | |
RouteTableId: !Ref RouteTable | |
SubnetId: !Ref Subnet2 | |
# Interface Example | |
EcsVpcEndpointCloudformation: | |
Type: AWS::EC2::VPCEndpoint | |
Properties: | |
VpcId: !Ref VpcId | |
ServiceName: !Sub com.amazonaws.${AWS::Region}.cloudformation | |
VpcEndpointType: Interface | |
PrivateDnsEnabled: true | |
SubnetIds: !Ref SubnetIds | |
SecurityGroupIds: | |
- !Ref EcsSecurityGroup | |
- !Ref RabbitMqSecurityGroup | |
# Part 1 of 3 for ECS access : ECS Agent | |
EcsVpcEndpointEcsAgent: | |
Type: AWS::EC2::VPCEndpoint | |
Properties: | |
VpcId: !Ref VpcId | |
ServiceName: !Sub com.amazonaws.${AWS::Region}.ecs-agent | |
VpcEndpointType: Interface | |
PrivateDnsEnabled: true | |
SubnetIds: !Ref SubnetIds | |
SecurityGroupIds: | |
- !Ref EcsSecurityGroup | |
- !Ref RabbitMqSecurityGroup | |
# Part 2 of 3 for ECS access : ECS Telemetry | |
EcsVpcEndpointEcsTelemetry: | |
Type: AWS::EC2::VPCEndpoint | |
Properties: | |
VpcId: !Ref VpcId | |
ServiceName: !Sub com.amazonaws.${AWS::Region}.ecs-telemetry | |
VpcEndpointType: Interface | |
PrivateDnsEnabled: true | |
SubnetIds: !Ref SubnetIds | |
SecurityGroupIds: | |
- !Ref EcsSecurityGroup | |
- !Ref RabbitMqSecurityGroup | |
# Part 3 of 3 for ECS access : ECS | |
EcsVpcEndpointEcs: | |
Type: AWS::EC2::VPCEndpoint | |
Properties: | |
VpcId: !Ref VpcId | |
ServiceName: !Sub com.amazonaws.${AWS::Region}.ecs | |
VpcEndpointType: Interface | |
PrivateDnsEnabled: true | |
SubnetIds: !Ref SubnetIds | |
SecurityGroupIds: | |
- !Ref EcsSecurityGroup | |
- !Ref RabbitMqSecurityGroup |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment