feat(infra): created gateway vpc endpoint for communication between E…

…CS and S3 (#2123) Created gateway vpc endpoint intended to replace NAT instance for communication between ECS and S3. For testing this features is working, erase S3 bucket policy that allows NAT instance's public ip. If the communication between ECS and S3 still works, this gateway vpc endpoint is deemed working properly. Also, moved the content of gateway_vpc_endpoint_to_s3 in /network directory to s3_gateway_vpc_endpoint in the /storage directory (unlike in PR #2122).
skkuding · Oct 2, 2024 · 054dd60 · 054dd60
1 parent a0caa0b
commit 054dd60
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/apps/infra/production/storage/s3_gateway_vpc_endpoint.tf b/apps/infra/production/storage/s3_gateway_vpc_endpoint.tf
@@ -0,0 +1,23 @@
+resource "aws_vpc_endpoint" "s3_endpoint" {
+  vpc_id            = aws_vpc.main.id
+  service_name      = "com.amazonaws.ap-northeast-2.s3"
+  vpc_endpoint_type = "Gateway"
+  route_table_ids   = [aws_route_table.private.id]
+
+  policy = jsonencode({
+    Version = "2008-10-17"
+    Statement = [
+      {
+        Action    = "*",
+        Effect    = "Allow",
+        Resource  = "*",
+        Principal = "*"
+      }
+    ]
+  })
+
+  tags = {
+    "Name" = "s3-endpoint"
+  }
+}
+