Skip to main content

AWS GWLB Endpoint Set

This module creates a set of VPC GWLB Endpoints over a range of one or more Availability Zones. All the Endpoints transfer the traffic to the same Gateway Load Balancer (GWLB).

GitHub Logo Terraform Logo



terraform>= 1.0.0, < 2.0.0
aws~> 5.17


aws~> 5.17


No modules.




act_as_next_hop_forThe map of edge routes to create to pass network traffic to this Endpoint Set.
This input is not intended for typical routes - use instead the vpc_route module to pass traffic through this Endpoint Set from sources other than IGW.
This input only handles routes which have subnet CIDRs destination (AZ-specific), usually the ingress traffic coming from an Internet Gateway.
AWS docs call this special kind of route the "edge route".
The keys of the map are arbitrary strings. Example:
act_as_next_hop_for = {
from_igw_to_alb = {
route_table_id =
to_subnets = module.my_alb_subnet_set.subnets
In this example, traffic from IGW destined to the ALB is instead routed to the GWLBE (for inspection by an appliance).
route_table_id = string
to_subnets = map(object({
cidr_block = string
custom_namesOptional map of readable names of the VPC Endpoints, used to override the default naming generated from the input name. Each key is the Availability Zone identifier, for example us-east-1b. Each value is used as VPC Endpoint's standard AWS tag Name, for example "my-gwlbe-in-us-east-1b".map(string){}no
gwlb_service_nameThe name of the VPC Endpoint Service to connect to, which may reside in a different VPC. Usually an output module.gwlb.endpoint_service.service_name. Example: "".stringn/ayes
gwlb_service_typeThe type of the Endpoint to create for gwlb_service_name.string"GatewayLoadBalancer"no
nameName of the VPC Endpoint Set, for example: "my-gwlbe-". Each individual endpoint is named by appending an AZ letter, such as "my-set-a" and "my-set-b". These names can be overriden using custom_names.string"gwlbe-"no
subnetsMap of Subnets where to create the Endpoints. Each map's key is the availability zone name and each map's object has an attribute
id identifying AWS Subnet. Importantly, the traffic returning from the Endpoint uses the Subnet's route table.
The keys of this input map are used for the output map endpoints.
Example for users of module subnet_set:
subnets = module.subnet_set.subnets
subnets = {
"us-east-1a" = { id = "snet-123007" }
"us-east-1b" = { id = "snet-123008" }
id = string
tagsAWS Tags for the VPC{}no
vpc_idAWS identifier of a VPC containing the Endpoint.stringn/ayes


endpointsMap of the created endpoints. The keys are the same as the keys of the input subnets.
next_hop_setThe Next Hop Set object, useful as an input to the vpc_route module. The intention would
be to route traffic from subnets to endpoints while preventing cross-AZ traffic (so
that a subnet in AZ-a only routes to an endpoint in AZ-a). Example:
next_hop_set = {
ids = {
"us-east-1a" = "gwlbe-0ddf598f93a8ea8ae"
"us-east-1b" = "gwlbe-0862c4b707b012111"
id = null
type = "vpc_endpoint"