create a gateway endpoint for s3

ministryofjustice · Oct 5, 2023 · 48e991f · 48e991f
1 parent 56a4fa7
commit 48e991f
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/terraform/account/region/vpc_endpoints.tf b/terraform/account/region/vpc_endpoints.tf
@@ -67,3 +67,35 @@ resource "aws_vpc_endpoint_policy" "ec2" {
     ]
   })
 }
+
+data "aws_route_tables" "public" {
+  provider = aws.region
+  filter {
+    name   = "tag:Name"
+    values = ["public-route-table"]
+  }
+}
+
+resource "aws_vpc_endpoint" "s3" {
+  provider          = aws.region
+  count             = 3
+  vpc_id            = module.network.vpc.id
+  service_name      = "com.amazonaws.${data.aws_region.current.name}.s3"
+  route_table_ids   = tolist(data.aws_route_tables.public.ids)
+  vpc_endpoint_type = "Gateway"
+  policy            = data.aws_iam_policy_document.s3_vpc_endpoint.json
+  tags              = { "Name" = "public.${data.aws_default_tags.current.tags.account-name}" }
+}
+
+data "aws_iam_policy_document" "s3_vpc_endpoint" {
+  provider = aws.region
+  statement {
+    sid       = "S3VpcEndpointPolicy"
+    actions   = ["*"]
+    resources = ["*"]
+    principals {
+      type        = "*"
+      identifiers = ["*"]
+    }
+  }
+}