fix: Split appstream to appstream_api and appstream_streaming (#508)

Author: hche608

README.md

@@ -23,7 +23,7 @@ These types of resources are supported:
 ECS, ECS Agent, ECS Telemetry, SES, SNS, STS, Glue, CloudWatch(Monitoring, Logs, Events),
 Elastic Load Balancing, CloudTrail, Secrets Manager, Config, CodeBuild, CodeCommit,
 Git-Codecommit, Transfer Server, Kinesis Streams, Kinesis Firehose, SageMaker(Notebook, Runtime, API),
-CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog, AppStream,
+CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog, AppStream API, AppStream Streaming,
 Athena, Rekognition, Elastic File System (EFS), Cloud Directory, Elastic Beanstalk (+ Health), Elastic Map Reduce(EMR),
 DataSync, EBS, SMS, Elastic Inference Runtime, QLDB Session, Step Functions, Access Analyzer, Auto Scaling Plans,
 Application Auto Scaling, Workspaces, ACM PCA, RDS, CodeDeploy, CodeDeploy Commands Secure
@@ -250,9 +250,12 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | appmesh\_envoy\_management\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppMesh endpoint | `bool` | `false` | no |
 | appmesh\_envoy\_management\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppMesh endpoint | `list(string)` | `[]` | no |
 | appmesh\_envoy\_management\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppMesh endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
-| appstream\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppStream endpoint | `bool` | `false` | no |
-| appstream\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppStream endpoint | `list(string)` | `[]` | no |
-| appstream\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppStream endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
+| appstream\_api\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppStream API endpoint | `bool` | `false` | no |
+| appstream\_api\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppStream API endpoint | `list(string)` | `[]` | no |
+| appstream\_api\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppStream API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
+| appstream\_streaming\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for AppStream Streaming endpoint | `bool` | `false` | no |
+| appstream\_streaming\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for AppStream Streaming endpoint | `list(string)` | `[]` | no |
+| appstream\_streaming\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for AppStream Streaming endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
 | assign\_ipv6\_address\_on\_creation | Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `false` | no |
 | athena\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Athena endpoint | `bool` | `false` | no |
 | athena\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Athena endpoint | `list(string)` | `[]` | no |
@@ -396,7 +399,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | enable\_acm\_pca\_endpoint | Should be true if you want to provision an ACM PCA endpoint to the VPC | `bool` | `false` | no |
 | enable\_apigw\_endpoint | Should be true if you want to provision an api gateway endpoint to the VPC | `bool` | `false` | no |
 | enable\_appmesh\_envoy\_management\_endpoint | Should be true if you want to provision a AppMesh endpoint to the VPC | `bool` | `false` | no |
-| enable\_appstream\_endpoint | Should be true if you want to provision a AppStream endpoint to the VPC | `bool` | `false` | no |
+| enable\_appstream\_api\_endpoint | Should be true if you want to provision a AppStream API endpoint to the VPC | `bool` | `false` | no |
+| enable\_appstream\_streaming\_endpoint | Should be true if you want to provision a AppStream Streaming endpoint to the VPC | `bool` | `false` | no |
 | enable\_athena\_endpoint | Should be true if you want to provision a Athena endpoint to the VPC | `bool` | `false` | no |
 | enable\_auto\_scaling\_plans\_endpoint | Should be true if you want to provision an Auto Scaling Plans endpoint to the VPC | `bool` | `false` | no |
 | enable\_classiclink | Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. | `bool` | `null` | no |
@@ -732,9 +736,12 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | vpc\_endpoint\_appmesh\_envoy\_management\_dns\_entry | The DNS entries for the VPC Endpoint for AppMesh. |
 | vpc\_endpoint\_appmesh\_envoy\_management\_id | The ID of VPC endpoint for AppMesh |
 | vpc\_endpoint\_appmesh\_envoy\_management\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppMesh. |
-| vpc\_endpoint\_appstream\_dns\_entry | The DNS entries for the VPC Endpoint for AppStream. |
-| vpc\_endpoint\_appstream\_id | The ID of VPC endpoint for AppStream |
-| vpc\_endpoint\_appstream\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppStream. |
+| vpc\_endpoint\_appstream\_api\_dns\_entry | The DNS entries for the VPC Endpoint for AppStream API. |
+| vpc\_endpoint\_appstream\_api\_id | The ID of VPC endpoint for AppStream API |
+| vpc\_endpoint\_appstream\_api\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppStream API. |
+| vpc\_endpoint\_appstream\_streaming\_dns\_entry | The DNS entries for the VPC Endpoint for AppStream Streaming. |
+| vpc\_endpoint\_appstream\_streaming\_id | The ID of VPC endpoint for AppStream Streaming |
+| vpc\_endpoint\_appstream\_streaming\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for AppStream Streaming. |
 | vpc\_endpoint\_athena\_dns\_entry | The DNS entries for the VPC Endpoint for Athena. |
 | vpc\_endpoint\_athena\_id | The ID of VPC endpoint for Athena |
 | vpc\_endpoint\_athena\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Athena. |

outputs.tf

@@ -1047,19 +1047,34 @@ output "vpc_endpoint_sagemaker_runtime_dns_entry" {
   value       = flatten(aws_vpc_endpoint.sagemaker_runtime.*.dns_entry)
 }
 
-output "vpc_endpoint_appstream_id" {
-  description = "The ID of VPC endpoint for AppStream"
-  value       = concat(aws_vpc_endpoint.appstream.*.id, [""])[0]
+output "vpc_endpoint_appstream_api_id" {
+  description = "The ID of VPC endpoint for AppStream API"
+  value       = concat(aws_vpc_endpoint.appstream_api.*.id, [""])[0]
 }
 
-output "vpc_endpoint_appstream_network_interface_ids" {
-  description = "One or more network interfaces for the VPC Endpoint for AppStream."
-  value       = flatten(aws_vpc_endpoint.appstream.*.network_interface_ids)
+output "vpc_endpoint_appstream_api_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for AppStream API."
+  value       = flatten(aws_vpc_endpoint.appstream_api.*.network_interface_ids)
 }
 
-output "vpc_endpoint_appstream_dns_entry" {
-  description = "The DNS entries for the VPC Endpoint for AppStream."
-  value       = flatten(aws_vpc_endpoint.appstream.*.dns_entry)
+output "vpc_endpoint_appstream_api_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for AppStream API."
+  value       = flatten(aws_vpc_endpoint.appstream_api.*.dns_entry)
+}
+
+output "vpc_endpoint_appstream_streaming_id" {
+  description = "The ID of VPC endpoint for AppStream Streaming"
+  value       = concat(aws_vpc_endpoint.appstream_streaming.*.id, [""])[0]
+}
+
+output "vpc_endpoint_appstream_streaming_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for AppStream Streaming."
+  value       = flatten(aws_vpc_endpoint.appstream_streaming.*.network_interface_ids)
+}
+
+output "vpc_endpoint_appstream_streaming_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for AppStream Streaming."
+  value       = flatten(aws_vpc_endpoint.appstream_streaming.*.dns_entry)
 }
 
 output "vpc_endpoint_athena_id" {

variables.tf

@@ -1235,26 +1235,50 @@ variable "sagemaker_runtime_endpoint_private_dns_enabled" {
   default     = false
 }
 
-variable "enable_appstream_endpoint" {
-  description = "Should be true if you want to provision a AppStream endpoint to the VPC"
+variable "enable_appstream_api_endpoint" {
+  description = "Should be true if you want to provision a AppStream API endpoint to the VPC"
   type        = bool
   default     = false
 }
 
-variable "appstream_endpoint_security_group_ids" {
-  description = "The ID of one or more security groups to associate with the network interface for AppStream endpoint"
+variable "appstream_api_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for AppStream API endpoint"
   type        = list(string)
   default     = []
 }
 
-variable "appstream_endpoint_subnet_ids" {
-  description = "The ID of one or more subnets in which to create a network interface for AppStream endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+variable "appstream_api_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for AppStream API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
   type        = list(string)
   default     = []
 }
 
-variable "appstream_endpoint_private_dns_enabled" {
-  description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream endpoint"
+variable "appstream_api_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream API endpoint"
+  type        = bool
+  default     = false
+}
+
+variable "enable_appstream_streaming_endpoint" {
+  description = "Should be true if you want to provision a AppStream Streaming endpoint to the VPC"
+  type        = bool
+  default     = false
+}
+
+variable "appstream_streaming_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for AppStream Streaming endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "appstream_streaming_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for AppStream Streaming endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "appstream_streaming_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream Streaming endpoint"
   type        = bool
   default     = false
 }

vpc-endpoints.tf

@@ -916,24 +916,46 @@ resource "aws_vpc_endpoint" "sagemaker_runtime" {
 }
 
 #############################
-# VPC Endpoint for AppStream
+# VPC Endpoint for AppStream API
 #############################
-data "aws_vpc_endpoint_service" "appstream" {
-  count = var.create_vpc && var.enable_appstream_endpoint ? 1 : 0
+data "aws_vpc_endpoint_service" "appstream_api" {
+  count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0
 
-  service = "appstream"
+  service = "appstream.api"
 }
 
-resource "aws_vpc_endpoint" "appstream" {
-  count = var.create_vpc && var.enable_appstream_endpoint ? 1 : 0
+resource "aws_vpc_endpoint" "appstream_api" {
+  count = var.create_vpc && var.enable_appstream_api_endpoint ? 1 : 0
 
   vpc_id            = local.vpc_id
-  service_name      = data.aws_vpc_endpoint_service.appstream[0].service_name
+  service_name      = data.aws_vpc_endpoint_service.appstream_api[0].service_name
   vpc_endpoint_type = "Interface"
 
-  security_group_ids  = var.appstream_endpoint_security_group_ids
-  subnet_ids          = coalescelist(var.appstream_endpoint_subnet_ids, aws_subnet.private.*.id)
-  private_dns_enabled = var.appstream_endpoint_private_dns_enabled
+  security_group_ids  = var.appstream_api_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.appstream_api_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.appstream_api_endpoint_private_dns_enabled
+  tags                = local.vpce_tags
+}
+
+#############################
+# VPC Endpoint for AppStream STREAMING
+#############################
+data "aws_vpc_endpoint_service" "appstream_streaming" {
+  count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0
+
+  service = "appstream.streaming"
+}
+
+resource "aws_vpc_endpoint" "appstream_streaming" {
+  count = var.create_vpc && var.enable_appstream_streaming_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.appstream_streaming[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.appstream_streaming_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.appstream_streaming_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.appstream_streaming_endpoint_private_dns_enabled
   tags                = local.vpce_tags
 }