Allow allowed_principals for module vpc-endpoints

[kotowick]

Is your request related to a new offering from AWS?

Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.

• Yes ✅: please list the AWS provider version which introduced this functionality

Is your request related to a problem? Please describe.

We are using RAM to share vpcs. This means we can only create VPC interface endpoints in the acount that owns the vpcs. It looks like AWS has an option to allow external principles to discover the endpoint.

The key is allowed_principals

I don't see this as an option in the terraform-aws-modules/vpc/aws//modules/vpc-endpoints.

Describe the solution you'd like.

Support for allowed_principals

Describe alternatives you've considered.

No possible alternatives

[RunCor399]

I'm giving a look into this but I've noticed that the parameter allowed_principals you are referring to is only available when creating a resource of type aws_vpc_endpoint_service. However the vpc-endpoints module as of now just uses a data block to reference existing aws_vpc_endpoint_services.

I was thinking that maybe an inline policy defined within the aws_vpc_endpoint could be leveraged instead (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint#policy).

Let me know your thoughts on this.

[github-actions]

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

[github-actions]

This issue was automatically closed because of stale in 10 days