-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathtemplate-vpc-endpoint-service.yml
50 lines (43 loc) · 1.7 KB
/
template-vpc-endpoint-service.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
AWSTemplateFormatVersion: 2010-09-09
Description: Necessary parameters and resources to create a VPC Endpoint Service
Parameters:
AWSPrincipals:
Description: "Comma separated list of IAM users, IAM roles, or AWS accounts. E.g. arn:aws:iam::000000000001:root, arn:aws:iam::000000000001:root"
Type: String
SubnetIDs:
Description: "Comma separated list of subnet ids of the VPC account"
Type: String
Resources:
# Creation of network Load Balancer, will be used for the VPC Endpoint Service
# Should point to the application/service that we want to expose
# If already existed, we could pass the Arn as a parameter instead of creating a new one
NetworkLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: !Sub "nlb-example-for-endpoint-service"
Type: network
Scheme: internal
Subnets: !Split [",", !Ref SubnetIDs]
LoadBalancerAttributes:
- Key: load_balancing.cross_zone.enabled
Value: true
# Creation of the VPC Endpoint Service
VPCEndpointService:
Type: AWS::EC2::VPCEndpointService
Properties:
AcceptanceRequired: true
NetworkLoadBalancerArns:
- !Ref NetworkLoadBalancer
# Giving permission for AWS Principals to access the VPC Endpoint created
VPCEndpointServicePermissions:
Type: AWS::EC2::VPCEndpointServicePermissions
Properties:
AllowedPrincipals: !Split [",", !Ref AWSPrincipals]
ServiceId: !Ref VPCEndpointService
# Exporting the LoadBalancer Arn, so will be available to be used in other Templates.
Outputs:
NetworkLoadBalancer:
Description: LoadBalancer ARN
Value: !Ref NetworkLoadBalancer
Export:
Name: NetworkLoadBalancerArn