feat: Added Codeartifact API/Repo vpc endpoints (#515)

terraform-aws-modules · Oct 22, 2020 · 366d459 · 366d459
1 parent 22f2097
commit 366d459
Show file tree

Hide file tree

Showing 4 changed files with 133 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -21,7 +21,7 @@ These types of resources are supported:
   * Gateway: S3, DynamoDB
   * Interface: EC2, SSM, EC2 Messages, SSM Messages, SQS, ECR API, ECR DKR, API Gateway, KMS,
 ECS, ECS Agent, ECS Telemetry, SES, SNS, STS, Glue, CloudWatch(Monitoring, Logs, Events),
-Elastic Load Balancing, CloudTrail, Secrets Manager, Config, CodeBuild, CodeCommit,
+Elastic Load Balancing, CloudTrail, Secrets Manager, Config, Codeartifact(API, Repositories), CodeBuild, CodeCommit,
 Git-Codecommit, Textract, Transfer Server, Kinesis Streams, Kinesis Firehose, SageMaker(Notebook, Runtime, API),
 CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog, AppStream API, AppStream Streaming,
 Athena, Rekognition, Elastic File System (EFS), Cloud Directory, Elastic Beanstalk (+ Health), Elastic Map Reduce(EMR),
@@ -408,6 +408,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | enable\_cloud\_directory\_endpoint | Should be true if you want to provision an Cloud Directory endpoint to the VPC | `bool` | `false` | no |
 | enable\_cloudformation\_endpoint | Should be true if you want to provision a Cloudformation endpoint to the VPC | `bool` | `false` | no |
 | enable\_cloudtrail\_endpoint | Should be true if you want to provision a CloudTrail endpoint to the VPC | `bool` | `false` | no |
+| enable\_codeartifact_api\_endpoint | Should be true if you want to provision an Codeartifact API endpoint to the VPC | `bool` | `false` | no |
+| enable\_codeartifact_repositories\_endpoint | Should be true if you want to provision an Codeartifact repositories endpoint to the VPC | `bool` | `false` | no |
 | enable\_codebuild\_endpoint | Should be true if you want to provision an Codebuild endpoint to the VPC | `bool` | `false` | no |
 | enable\_codecommit\_endpoint | Should be true if you want to provision an Codecommit endpoint to the VPC | `bool` | `false` | no |
 | enable\_codedeploy\_commands\_secure\_endpoint | Should be true if you want to provision an CodeDeploy Commands Secure endpoint to the VPC | `bool` | `false` | no |
@@ -761,6 +763,12 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | vpc\_endpoint\_cloudtrail\_dns\_entry | The DNS entries for the VPC Endpoint for CloudTrail. |
 | vpc\_endpoint\_cloudtrail\_id | The ID of VPC endpoint for CloudTrail |
 | vpc\_endpoint\_cloudtrail\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for CloudTrail. |
+| vpc\_endpoint\_codeartifact_api\_dns\_entry | The DNS entries for the VPC Endpoint for Codeartifact API. |
+| vpc\_endpoint\_codeartifact_api\_id | The ID of VPC endpoint for Codeartifact API |
+| vpc\_endpoint\_codeartifact_api\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Codeartifact API. |
+| vpc\_endpoint\_codeartifact_repositories\_dns\_entry | The DNS entries for the VPC Endpoint for Codeartifact repositories. |
+| vpc\_endpoint\_codeartifact_repositories\_id | The ID of VPC endpoint for Codeartifact repositories |
+| vpc\_endpoint\_codeartifact_repositories\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Codeartifact repositories. |
 | vpc\_endpoint\_codebuild\_dns\_entry | The DNS entries for the VPC Endpoint for codebuild. |
 | vpc\_endpoint\_codebuild\_id | The ID of VPC endpoint for codebuild |
 | vpc\_endpoint\_codebuild\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for codebuild. |

diff --git a/outputs.tf b/outputs.tf
@@ -1362,6 +1362,36 @@ output "vpc_endpoint_textract_dns_entry" {
   value       = flatten(aws_vpc_endpoint.textract.*.dns_entry)
 }
 
+output "vpc_endpoint_codeartifact_api_id" {
+  description = "The ID of VPC endpoint for Codeartifact API"
+  value       = concat(aws_vpc_endpoint.codeartifact_api.*.id, [""])[0]
+}
+
+output "vpc_endpoint_codeartifact_api_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Codeartifact API."
+  value       = flatten(aws_vpc_endpoint.codeartifact_api.*.network_interface_ids)
+}
+
+output "vpc_endpoint_codeartifact_api_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Codeartifact API."
+  value       = flatten(aws_vpc_endpoint.codeartifact_api.*.dns_entry)
+}
+
+output "vpc_endpoint_codeartifact_repositories_id" {
+  description = "The ID of VPC endpoint for Codeartifact repositories"
+  value       = concat(aws_vpc_endpoint.codeartifact_repositories.*.id, [""])[0]
+}
+
+output "vpc_endpoint_codeartifact_repositories_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for Codeartifact repositories."
+  value       = flatten(aws_vpc_endpoint.codeartifact_repositories.*.network_interface_ids)
+}
+
+output "vpc_endpoint_codeartifact_repositories_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for Codeartifact repositories."
+  value       = flatten(aws_vpc_endpoint.codeartifact_repositories.*.dns_entry)
+}
+
 # VPC flow log
 output "vpc_flow_log_id" {
   description = "The ID of the Flow Log resource"

diff --git a/variables.tf b/variables.tf
@@ -322,6 +322,54 @@ variable "enable_s3_endpoint" {
   default     = false
 }
 
+variable "enable_codeartifact_api_endpoint" {
+  description = "Should be true if you want to provision an Codeartifact API endpoint to the VPC"
+  type        = bool
+  default     = false
+}
+
+variable "codeartifact_api_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Codeartifact API endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "codeartifact_api_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Codeartifact API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "codeartifact_api_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Codeartifact API endpoint"
+  type        = bool
+  default     = false
+}
+
+variable "enable_codeartifact_repositories_endpoint" {
+  description = "Should be true if you want to provision an Codeartifact repositories endpoint to the VPC"
+  type        = bool
+  default     = false
+}
+
+variable "codeartifact_repositories_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for Codeartifact repositories endpoint"
+  type        = list(string)
+  default     = []
+}
+
+variable "codeartifact_repositories_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for Codeartifact repositories endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
+  default     = []
+}
+
+variable "codeartifact_repositories_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for Codeartifact repositories endpoint"
+  type        = bool
+  default     = false
+}
+
 variable "enable_codebuild_endpoint" {
   description = "Should be true if you want to provision an Codebuild endpoint to the VPC"
   type        = bool

diff --git a/vpc-endpoints.tf b/vpc-endpoints.tf
@@ -1462,3 +1462,49 @@ resource "aws_vpc_endpoint" "textract" {
 
   tags = local.vpce_tags
 }
+
+#############################################
+# VPC Endpoint for Codeartifact API
+#############################################
+data "aws_vpc_endpoint_service" "codeartifact_api" {
+  count = var.create_vpc && var.enable_codeartifact_api_endpoint ? 1 : 0
+
+  service = "codeartifact.api"
+}
+
+resource "aws_vpc_endpoint" "codeartifact_api" {
+  count = var.create_vpc && var.enable_codeartifact_api_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.codeartifact_api[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.codeartifact_api_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.codeartifact_api_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.codeartifact_api_endpoint_private_dns_enabled
+
+  tags = local.vpce_tags
+}
+
+#############################################
+# VPC Endpoint for Codeartifact repositories
+#############################################
+data "aws_vpc_endpoint_service" "codeartifact_repositories" {
+  count = var.create_vpc && var.enable_codeartifact_repositories_endpoint ? 1 : 0
+
+  service = "codeartifact.repositories"
+}
+
+resource "aws_vpc_endpoint" "codeartifact_repositories" {
+  count = var.create_vpc && var.enable_codeartifact_repositories_endpoint ? 1 : 0
+
+  vpc_id            = local.vpc_id
+  service_name      = data.aws_vpc_endpoint_service.codeartifact_repositories[0].service_name
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids  = var.codeartifact_repositories_endpoint_security_group_ids
+  subnet_ids          = coalescelist(var.codeartifact_repositories_endpoint_subnet_ids, aws_subnet.private.*.id)
+  private_dns_enabled = var.codeartifact_repositories_endpoint_private_dns_enabled
+
+  tags = local.vpce_tags
+}