I'm currently looking into automating the creation of VPC endpoints within our stack using CloudFormation (The purpose is so that our stack can access S3 without creating outbound traffic). The problem is, I can't seem to find any documentation indicating how to declare the resource. This page seems to be full of warnings about using VPC endpoints with cloudformation, which I'll be sure to heed, but I can't seem to find any documentation on the CFN resource itself.
Asked
Active
Viewed 8,387 times
3
-
Also, if this is in the wrong one of the 500 stack exchange websites, please let me know and I'll re-ask in the right place. – Jacklynn Aug 13 '15 at 15:24
2 Answers
5
This is what you're looking for:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html
AWS::EC2::VPCEndpoint
The AWS::EC2::VPCEndpoint resource creates a VPC endpoint that you can use to establish a private connection between your VPC and another AWS service without requiring access over the Internet, a VPN connection, or AWS Direct Connect.
Quick sample:
"S3Enpoint" : {
"Type" : "AWS::EC2::VPCEndpoint",
"Properties" : {
"PolicyDocument" : {
"Version":"2012-10-17",
"Statement":[{
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::examplebucket/*"]
}]
},
"RouteTableIds" : [ {"Ref" : "routetableA"}, {"Ref" : "routetableB"} ],
"ServiceName" : { "Fn::Join": [ "", [ "com.amazonaws.", { "Ref": "AWS::Region" }, ".s3" ] ] },
"VpcId" : {"Ref" : "VPCID"}
}
}
Joaquin Sargiotto
- 151
- 2
0
The endpoint template is not yet available, will probably be published here when ready: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
Fabian LAbat
- 16