0

I am creating an AWS VPC Endpoint to connect to an interface type of service.I am using this code for it.

resource "aws_vpc_endpoint" "endpoints" {
  for_each          = var.custom_endpoint_services
  vpc_id            = data.aws_vpc.current_vpc.id
  service_name      = each.value.service_name
  vpc_endpoint_type = "Interface"
  security_group_ids = [
       aws_security_group.endpoints-sg.id
     ]
  tags = merge(var.tags, {
         "Name" = each.key
    })
    }

Now as you can see i am not using any subnets.But still the endpoint gets created and is shown as available endpoint connections in the endpoint service.How is this possible?

Improve this question

1 Answer 1

Reset to default
2

How is this possible?

You have created an endpoint in the VPC, but none of the subnets in the VPC will route traffic to it currently. The Terraform documentation even includes an example similar to the code in your question, however if you check the subnet_ids attribute documentation on that same page, it states:

Interface type endpoints cannot function without being assigned to a subnet.

So, while it allows you to create Interface Endpoints without a subnet assignment, the documentation warns you that it will not be functional.

Note that endpoints of type Gateway do not need subnet assignments in order to work.

Improve this answer
Recognized by AWS
3
  • Yes i read that but then why can i see endpoint connection available in aws enpoint service tabs
    – vks
    Commented Sep 16 at 19:29
  • 1
    You created an endpoint. The endpoint exists. So you can see it listed in the AWS endpoints tab. It's just not going to do anything you want it to do, since nothing in the VPC has an actual network route to it at this point. I'm not sure what else you are looking for.
    – Mark B
    Commented Sep 16 at 19:37
  • Oh ok Thanks for the confirmation.
    – vks
    Commented Sep 16 at 19:45

Not the answer you're looking for? Browse other questions tagged or ask your own question.