terraform-aws-modules
diff --git a/‎.pre-commit-config.yaml
Lines changed: 1 addition & 1 deletion b/‎.pre-commit-config.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md
Lines changed: 35 additions & 1 deletion b/‎README.md
Lines changed: 35 additions & 1 deletion
diff --git a/‎examples/complete-vpc/main.tf
Lines changed: 15 additions & 2 deletions b/‎examples/complete-vpc/main.tf
Lines changed: 15 additions & 2 deletions
diff --git a/‎examples/complete-vpc/versions.tf
Lines changed: 0 additions & 4 deletions b/‎examples/complete-vpc/versions.tf
Lines changed: 0 additions & 4 deletions
diff --git a/‎examples/issue-108-route-already-exists/versions.tf
Lines changed: 0 additions & 4 deletions b/‎examples/issue-108-route-already-exists/versions.tf
Lines changed: 0 additions & 4 deletions
diff --git a/‎examples/issue-224-vpcendpoint-apigw/versions.tf
Lines changed: 0 additions & 4 deletions b/‎examples/issue-224-vpcendpoint-apigw/versions.tf
Lines changed: 0 additions & 4 deletions
diff --git a/‎examples/issue-44-asymmetric-private-subnets/versions.tf
Lines changed: 0 additions & 4 deletions b/‎examples/issue-44-asymmetric-private-subnets/versions.tf
Lines changed: 0 additions & 4 deletions
diff --git a/‎examples/issue-46-no-private-subnets/versions.tf
Lines changed: 0 additions & 4 deletions b/‎examples/issue-46-no-private-subnets/versions.tf
Lines changed: 0 additions & 4 deletions
diff --git a/‎examples/manage-default-vpc/versions.tf
Lines changed: 0 additions & 4 deletions b/‎examples/manage-default-vpc/versions.tf
Lines changed: 0 additions & 4 deletions
diff --git a/‎examples/network-acls/versions.tf
Lines changed: 0 additions & 4 deletions b/‎examples/network-acls/versions.tf
Lines changed: 0 additions & 4 deletions
diff --git a/‎examples/secondary-cidr-blocks/versions.tf
Lines changed: 0 additions & 4 deletions b/‎examples/secondary-cidr-blocks/versions.tf
Lines changed: 0 additions & 4 deletions
diff --git a/‎examples/simple-vpc/versions.tf
Lines changed: 0 additions & 4 deletions b/‎examples/simple-vpc/versions.tf
Lines changed: 0 additions & 4 deletions
diff --git a/‎examples/test_fixture/versions.tf
Lines changed: 0 additions & 4 deletions b/‎examples/test_fixture/versions.tf
Lines changed: 0 additions & 4 deletions
diff --git a/‎examples/vpc-separate-private-route-tables/versions.tf
Lines changed: 0 additions & 4 deletions b/‎examples/vpc-separate-private-route-tables/versions.tf
Lines changed: 0 additions & 4 deletions
diff --git a/‎main.tf
Lines changed: 86 additions & 4 deletions b/‎main.tf
Lines changed: 86 additions & 4 deletions
@@ -3,7 +3,7 @@ repos:
   rev: v1.8.1
   hooks:
     - id: terraform_fmt
-    - id: terraform_docs
+#    - id: terraform_docs  # not yet compatible with Terraform 0.12
 - repo: git://github.com/pre-commit/pre-commit-hooks
   rev: v2.1.0
   hooks:
 
@@ -16,7 +16,7 @@ These types of resources are supported:
 * [VPN Gateway](https://www.terraform.io/docs/providers/aws/r/vpn_gateway.html)
 * [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html):
   * Gateway: S3, DynamoDB
-  * Interface: EC2, SSM, EC2 Messages, SSM Messages, ECR API, ECR DKR, API Gateway, KMS
+  * Interface: EC2, SSM, EC2 Messages, SSM Messages, SQS, ECR API, ECR DKR, API Gateway, KMS, ECS, ECS Agent, ECS Telemetry
 * [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html)
 * [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html)
 * [Redshift Subnet Group](https://www.terraform.io/docs/providers/aws/r/redshift_subnet_group.html)
@@ -28,6 +28,12 @@ Sponsored by [Cloudcraft - the best way to draw AWS diagrams](https://cloudcraft
 
 <a href="https://cloudcraft.co/?utm_source=terraform-aws-vpc" target="_blank"><img src="https://raw.githubusercontent.com/antonbabenko/modules.tf-lambda/master/misc/cloudcraft-logo.png" alt="Cloudcraft - the best way to draw AWS diagrams" width="211" height="56" /></a>
 
+## Terraform versions
+
+For Terraform 0.12 use version `v2.*` of this module.
+
+If you are using Terraform 0.11 you can use versions `v1.*`.
+
 ## Usage
 
 ```hcl
@@ -252,6 +258,15 @@ Terraform version 0.10.3 or newer is required for this module to work.
 | ecr\_dkr\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint | string | `"false"` | no |
 | ecr\_dkr\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ECR DKR endpoint | list | `[]` | no |
 | ecr\_dkr\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used. | list | `[]` | no |
+| ecs\_agent\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ECS Agent endpoint | string | `"false"` | no |
+| ecs\_agent\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ECS Agent endpoint | list | `[]` | no |
+| ecs\_agent\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ECS Agent endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| ecs\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ECS endpoint | string | `"false"` | no |
+| ecs\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ECS endpoint | list | `[]` | no |
+| ecs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ECS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
+| ecs\_telemetry\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ECS Telemetry endpoint | string | `"false"` | no |
+| ecs\_telemetry\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ECS Telemetry endpoint | list | `[]` | no |
+| ecs\_telemetry\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ECS Telemetry endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | elasticache\_acl\_tags | Additional tags for the elasticache subnets network ACL | map | `{}` | no |
 | elasticache\_dedicated\_network\_acl | Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets | string | `"false"` | no |
 | elasticache\_inbound\_acl\_rules | Elasticache subnets inbound network ACL rules | list | `[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ]` | no |
@@ -269,10 +284,14 @@ Terraform version 0.10.3 or newer is required for this module to work.
 | enable\_ec2messages\_endpoint | Should be true if you want to provision an EC2MESSAGES endpoint to the VPC | string | `"false"` | no |
 | enable\_ecr\_api\_endpoint | Should be true if you want to provision an ecr api endpoint to the VPC | string | `"false"` | no |
 | enable\_ecr\_dkr\_endpoint | Should be true if you want to provision an ecr dkr endpoint to the VPC | string | `"false"` | no |
+| enable\_ecs\_agent\_endpoint | Should be true if you want to provision a ECS Agent endpoint to the VPC | string | `"false"` | no |
+| enable\_ecs\_endpoint | Should be true if you want to provision a ECS endpoint to the VPC | string | `"false"` | no |
+| enable\_ecs\_telemetry\_endpoint | Should be true if you want to provision a ECS Telemetry endpoint to the VPC | string | `"false"` | no |
 | enable\_kms\_endpoint | Should be true if you want to provision a KMS endpoint to the VPC | string | `"false"` | no |
 | enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `"false"` | no |
 | enable\_public\_redshift | Controls if redshift should have public routing table | string | `"false"` | no |
 | enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `"false"` | no |
+| enable\_sqs\_endpoint | Should be true if you want to provision an SQS endpoint to the VPC | string | `"false"` | no |
 | enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | string | `"false"` | no |
 | enable\_ssmmessages\_endpoint | Should be true if you want to provision a SSMMESSAGES endpoint to the VPC | string | `"false"` | no |
 | enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `"false"` | no |
@@ -327,6 +346,9 @@ Terraform version 0.10.3 or newer is required for this module to work.
 | reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `"false"` | no |
 | secondary\_cidr\_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list | `[]` | no |
 | single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `"false"` | no |
+| sqs\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SQS endpoint | string | `"false"` | no |
+| sqs\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SQS endpoint | list | `[]` | no |
+| sqs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SQS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
 | ssm\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint | string | `"false"` | no |
 | ssm\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSM endpoint | list | `[]` | no |
 | ssm\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
@@ -415,11 +437,23 @@ Terraform version 0.10.3 or newer is required for this module to work.
 | vpc\_endpoint\_ecr\_dkr\_dns\_entry | The DNS entries for the VPC Endpoint for ECR DKR. |
 | vpc\_endpoint\_ecr\_dkr\_id | The ID of VPC endpoint for ECR DKR |
 | vpc\_endpoint\_ecr\_dkr\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for ECR DKR. |
+| vpc\_endpoint\_ecs\_agent\_dns\_entry | The DNS entries for the VPC Endpoint for ECS Agent. |
+| vpc\_endpoint\_ecs\_agent\_id | The ID of VPC endpoint for ECS Agent |
+| vpc\_endpoint\_ecs\_agent\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for ECS Agent. |
+| vpc\_endpoint\_ecs\_dns\_entry | The DNS entries for the VPC Endpoint for ECS. |
+| vpc\_endpoint\_ecs\_id | The ID of VPC endpoint for ECS |
+| vpc\_endpoint\_ecs\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for ECS. |
+| vpc\_endpoint\_ecs\_telemetry\_dns\_entry | The DNS entries for the VPC Endpoint for ECS Telemetry. |
+| vpc\_endpoint\_ecs\_telemetry\_id | The ID of VPC endpoint for ECS Telemetry |
+| vpc\_endpoint\_ecs\_telemetry\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for ECS Telemetry. |
 | vpc\_endpoint\_kms\_dns\_entry | The DNS entries for the VPC Endpoint for KMS. |
 | vpc\_endpoint\_kms\_id | The ID of VPC endpoint for KMS |
 | vpc\_endpoint\_kms\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for KMS. |
 | vpc\_endpoint\_s3\_id | The ID of VPC endpoint for S3 |
 | vpc\_endpoint\_s3\_pl\_id | The prefix list for the S3 VPC endpoint. |
+| vpc\_endpoint\_sqs\_dns\_entry | The DNS entries for the VPC Endpoint for SQS. |
+| vpc\_endpoint\_sqs\_id | The ID of VPC endpoint for SQS |
+| vpc\_endpoint\_sqs\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SQS. |
 | vpc\_endpoint\_ssm\_dns\_entry | The DNS entries for the VPC Endpoint for SSM. |
 | vpc\_endpoint\_ssm\_id | The ID of VPC endpoint for SSM |
 | vpc\_endpoint\_ssm\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSM. |
 
@@ -45,7 +45,7 @@ module "vpc" {
   # VPC endpoint for SSM
   enable_ssm_endpoint              = true
   ssm_endpoint_private_dns_enabled = true
-  ssm_endpoint_security_group_ids  = [data.aws_security_group.default.id] # ssm_endpoint_subnet_ids = ["..."]
+  ssm_endpoint_security_group_ids  = [data.aws_security_group.default.id]
 
   # VPC endpoint for SSMMESSAGES
   enable_ssmmessages_endpoint              = true
@@ -77,7 +77,20 @@ module "vpc" {
   kms_endpoint_private_dns_enabled = true
   kms_endpoint_security_group_ids  = [data.aws_security_group.default.id]
 
-  # kms_endpoint_subnet_ids = ["..."]
+  # VPC endpoint for ECS
+  enable_ecs_endpoint              = true
+  ecs_endpoint_private_dns_enabled = true
+  ecs_endpoint_security_group_ids  = [data.aws_security_group.default.id]
+
+  # VPC endpoint for ECS telemetry
+  enable_ecs_telemetry_endpoint              = true
+  ecs_telemetry_endpoint_private_dns_enabled = true
+  ecs_telemetry_endpoint_security_group_ids  = [data.aws_security_group.default.id]
+
+  # VPC endpoint for SQS
+  enable_sqs_endpoint              = true
+  sqs_endpoint_private_dns_enabled = true
+  sqs_endpoint_security_group_ids  = [data.aws_security_group.default.id]
 
   tags = {
     Owner       = "user"
 
@@ -1,7 +1,3 @@
-terraform {
-  required_version = ">= 0.12"
-}
-
 locals {
   max_subnet_length = max(
     length(var.private_subnets),
@@ -901,6 +897,27 @@ resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
   route_table_id  = aws_route_table.public[0].id
 }
 
+#######################
+# VPC Endpoint for SQS
+#######################
+data "aws_vpc_endpoint_service" "sqs" {
+  count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
+
+  service = "sqs"
+}
+
+resource "aws_vpc_endpoint" "sqs" {
+  count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.sqs[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.sqs_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.sqs_endpoint_private_dns_enabled
+}
+
 #######################
 # VPC Endpoint for SSM
 #######################
@@ -1069,6 +1086,71 @@ resource "aws_vpc_endpoint" "kms" {
   private_dns_enabled = var.kms_endpoint_private_dns_enabled
 }
 
+#######################
+# VPC Endpoint for ECS
+#######################
+data "aws_vpc_endpoint_service" "ecs" {
+  count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
+
+  service = "ecs"
+}
+
+resource "aws_vpc_endpoint" "ecs" {
+  count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.ecs[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.ecs_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.ecs_endpoint_private_dns_enabled
+}
+
+
+#######################
+# VPC Endpoint for ECS Agent
+#######################
+data "aws_vpc_endpoint_service" "ecs_agent" {
+  count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
+
+  service = "ecs-agent"
+}
+
+resource "aws_vpc_endpoint" "ecs_agent" {
+  count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.ecs_agent[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.ecs_agent_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.ecs_agent_endpoint_private_dns_enabled
+}
+
+
+#######################
+# VPC Endpoint for ECS Telemetry
+#######################
+data "aws_vpc_endpoint_service" "ecs_telemetry" {
+  count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
+
+  service = "ecs-telemetry"
+}
+
+resource "aws_vpc_endpoint" "ecs_telemetry" {
+  count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.ecs_telemetry[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.ecs_telemetry_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.ecs_telemetry_endpoint_private_dns_enabled
+}
+
 ##########################
 # Route table association
 ##########################