Skip to main content

AWS GWLB Endpoint Set

This module creates a set of VPC GWLB Endpoints over a range of one or more Availability Zones. All the Endpoints transfer the traffic to the same Gateway Load Balancer (GWLB).

GitHub Logo Terraform Logo

Reference

Requirements

NameVersion
terraform>= 1.0.0, < 2.0.0
aws~> 5.17

Providers

NameVersion
aws~> 5.17

Modules

No modules.

Resources

NameType
aws_route.thisresource
aws_vpc_endpoint.thisresource

Inputs

NameDescriptionTypeDefaultRequired
act_as_next_hop_forThe map of edge routes to create to pass network traffic to this Endpoint Set.
This input is not intended for typical routes - use instead the vpc_route module to pass traffic through this Endpoint Set from sources other than IGW.
This input only handles routes which have subnet CIDRs destination (AZ-specific), usually the ingress traffic coming from an Internet Gateway.
AWS docs call this special kind of route the "edge route".
The keys of the map are arbitrary strings. Example:
act_as_next_hop_for = {
  from_igw_to_alb = {
    route_table_id = module.my_vpc.internet_gateway_route_table.id
    to_subnets     = module.my_alb_subnet_set.subnets
}
In this example, traffic from IGW destined to the ALB is instead routed to the GWLBE (for inspection by an appliance).
map(object({
    route_table_id = string
    to_subnets = map(object({
      cidr_block = string
    }))
  }))
{}no
custom_namesOptional map of readable names of the VPC Endpoints, used to override the default naming generated from the input name. Each key is the Availability Zone identifier, for example us-east-1b. Each value is used as VPC Endpoint's standard AWS tag Name, for example "my-gwlbe-in-us-east-1b".map(string){}no
gwlb_service_nameThe name of the VPC Endpoint Service to connect to, which may reside in a different VPC. Usually an output module.gwlb.endpoint_service.service_name. Example: "com.amazonaws.vpce.eu-west-3.vpce-svc-0df5336455053eb2b".stringn/ayes
gwlb_service_typeThe type of the Endpoint to create for gwlb_service_name.string"GatewayLoadBalancer"no
nameName of the VPC Endpoint Set, for example: "my-gwlbe-". Each individual endpoint is named by appending an AZ letter, such as "my-set-a" and "my-set-b". These names can be overriden using custom_names.string"gwlbe-"no
subnetsMap of Subnets where to create the Endpoints. Each map's key is the availability zone name and each map's object has an attribute
id identifying AWS Subnet. Importantly, the traffic returning from the Endpoint uses the Subnet's route table.
The keys of this input map are used for the output map endpoints.
Example for users of module subnet_set:
subnets = module.subnet_set.subnets
Example:
subnets = {
  "us-east-1a" = { id = "snet-123007" }
  "us-east-1b" = { id = "snet-123008" }
}
map(object({
    id = string
  }))
n/ayes
tagsAWS Tags for the VPC Endpoints.map(string){}no
vpc_idAWS identifier of a VPC containing the Endpoint.stringn/ayes

Outputs

NameDescription
endpointsMap of the created endpoints. The keys are the same as the keys of the input subnets.
next_hop_setThe Next Hop Set object, useful as an input to the vpc_route module. The intention would
be to route traffic from subnets to endpoints while preventing cross-AZ traffic (so
that a subnet in AZ-a only routes to an endpoint in AZ-a). Example:
next_hop_set = {
  ids = {
    "us-east-1a" = "gwlbe-0ddf598f93a8ea8ae"
    "us-east-1b" = "gwlbe-0862c4b707b012111"
  }
  id   = null
  type = "vpc_endpoint"
}