Skip to content
Carina

aws.ec2.vpc_endpoint

CloudFormation Type: AWS::EC2::VPCEndpoint

Describes a VPC endpoint.

Argument Reference

policy_document

  • Type: String
  • Required: No

(Interface and gateway endpoints) A policy to attach to the endpoint that controls access to the service. The policy must be in valid JSON format. If this parameter is not specified, we attach a default policy that allows full access to the service.

private_dns_enabled

  • Type: Bool
  • Required: No

(Interface endpoint) Indicates whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service. To use a private hosted zone, you must set the following VPC attributes to true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to set the VPC attributes.

resource_configuration_arn

  • Type: Arn
  • Required: No

The Amazon Resource Name (ARN) of a resource configuration that will be associated with the VPC endpoint of type resource.

route_table_ids

  • Type: List<route_table_id>
  • Required: No

(Gateway endpoint) The route table IDs.

security_group_ids

  • Type: List<SecurityGroupId>
  • Required: No

(Interface endpoint) The IDs of the security groups to associate with the endpoint network interfaces. If this parameter is not specified, we use the default security group for the VPC.

service_name

  • Type: String
  • Required: Yes

The name of the endpoint service.

service_network_arn

  • Type: Arn
  • Required: No

The Amazon Resource Name (ARN) of a service network that will be associated with the VPC endpoint of type service-network.

service_region

  • Type: aws_region
  • Required: No

The Region where the service is hosted. The default is the current Region.

subnet_ids

  • Type: List<SubnetId>
  • Required: No

(Interface and Gateway Load Balancer endpoints) The IDs of the subnets in which to create endpoint network interfaces. For a Gateway Load Balancer endpoint, you can specify only one subnet.

vpc_endpoint_type

The type of endpoint. Default: Gateway

vpc_id

  • Type: VpcId
  • Required: Yes

The ID of the VPC.

tags

  • Type: Map
  • Required: No

The tags for the resource.

Enum Values

vpc_endpoint_type (VpcEndpointType)

ValueDSL Identifier
Gatewayaws.ec2.vpc_endpoint.VpcEndpointType.Gateway
GatewayLoadBalanceraws.ec2.vpc_endpoint.VpcEndpointType.GatewayLoadBalancer
Interfaceaws.ec2.vpc_endpoint.VpcEndpointType.Interface
Resourceaws.ec2.vpc_endpoint.VpcEndpointType.Resource
ServiceNetworkaws.ec2.vpc_endpoint.VpcEndpointType.ServiceNetwork

Shorthand formats: Gateway or VpcEndpointType.Gateway

Attribute Reference

vpc_endpoint_id

  • Type: vpc_endpoint_id