For the most recent update on ongoing service disruptions affecting the AWS Middle East (UAE) Region (ME-CENTRAL-1), refer to the AWS Health Dashboard. For information on AWS Service migration, see How do I migrate my services to another region?
How can I create VPC endpoints using LZA?
Hi all
I'm using LZA - https://aws.amazon.com/solutions/implementations/landing-zone-accelerator-on-aws/ - to create VPCs. I want to create VPC endpoints as follows. Can I create them via LZA config files? If so, can you show me how to write the config file?
- DynamoDB gateway endpoint
- S3 gateway endpoint
- EC2 Instance Connect Endpoint
Thanks.
- Language
- English
- Newest
- Most votes
- Most comments
Yes, you can create VPC endpoints using the Landing Zone Accelerator (LZA) configuration files. To create the VPC endpoints you've mentioned (DynamoDB gateway endpoint, S3 gateway endpoint, and EC2 Instance Connect Endpoint), you'll need to modify the network-config.yaml file in your LZA configuration.
Here's an example of how you can configure these endpoints in the network-config.yaml file:
vpcs: - name: YourVPCName # ... other VPC configurations ... gatewayEndpoints: - service: dynamodb - service: s3 interfaceEndpoints: - service: ec2-instance-connect
In this configuration:
-
The DynamoDB and S3 gateway endpoints are specified under the "gatewayEndpoints" section. These are gateway endpoints, which are typically used for Amazon S3 and DynamoDB.
-
The EC2 Instance Connect Endpoint is specified under the "interfaceEndpoints" section. This is because EC2 Instance Connect uses an interface endpoint, not a gateway endpoint.
You'll need to place this configuration within the appropriate VPC section in your network-config.yaml file. Make sure to replace "YourVPCName" with the actual name of your VPC.
Remember that the exact structure might vary depending on your specific LZA version and configuration. Always refer to the most recent LZA documentation for the most up-to-date syntax and options.
After making these changes to your configuration file, you'll need to commit and push the changes to your LZA configuration repository. The LZA pipeline will then pick up these changes and create the specified VPC endpoints in your AWS environment.
Sources
Use CreateVpcEndpoint with an AWS SDK or CLI - Amazon Elastic Compute Cloud
Use CreateVpcEndpoint with an AWS SDK or CLI - AWS SDK Code Examples
Create VPC interface endpoint and private hosted zone - AWS IoT Wireless
Relevant content
- asked a year ago
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated 4 years ago
Gateway endpoint script should be like this:
gatewayEndpoints: defaultPolicy: Default endpoints: - service: s3 - service: dynamodb
"ec2-instance-connect" is not supported.
Resource handler returned message: "The Vpc Endpoint Service 'com.amazonaws.us-gov-east-1.ec2-instance-connect' does not exist