AWS v6.71.0, Mar 7 25

AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi

aws.ec2.VpcEndpoint

Explore with Pulumi AI

AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi

NOTE on VPC Endpoints and VPC Endpoint Associations: The provider provides both standalone VPC Endpoint Associations for Route Tables - (an association between a VPC endpoint and a single route_table_id), Security Groups - (an association between a VPC endpoint and a single security_group_id), and Subnets - (an association between a VPC endpoint and a single subnet_id) and a VPC Endpoint resource with route_table_ids and subnet_ids attributes. Do not use the same resource ID in both a VPC Endpoint resource and a VPC Endpoint Association resource. Doing so will cause a conflict of associations and will overwrite the association.

Example Usage

Basic

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const s3 = new aws.ec2.VpcEndpoint("s3", {
    vpcId: main.id,
    serviceName: "com.amazonaws.us-west-2.s3",
});

import pulumi
import pulumi_aws as aws

s3 = aws.ec2.VpcEndpoint("s3",
    vpc_id=main["id"],
    service_name="com.amazonaws.us-west-2.s3")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.NewVpcEndpoint(ctx, "s3", &ec2.VpcEndpointArgs{
			VpcId:       pulumi.Any(main.Id),
			ServiceName: pulumi.String("com.amazonaws.us-west-2.s3"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var s3 = new Aws.Ec2.VpcEndpoint("s3", new()
    {
        VpcId = main.Id,
        ServiceName = "com.amazonaws.us-west-2.s3",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var s3 = new VpcEndpoint("s3", VpcEndpointArgs.builder()
            .vpcId(main.id())
            .serviceName("com.amazonaws.us-west-2.s3")
            .build());

    }
}

resources:
  s3:
    type: aws:ec2:VpcEndpoint
    properties:
      vpcId: ${main.id}
      serviceName: com.amazonaws.us-west-2.s3

Basic w/ Tags

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const s3 = new aws.ec2.VpcEndpoint("s3", {
    vpcId: main.id,
    serviceName: "com.amazonaws.us-west-2.s3",
    tags: {
        Environment: "test",
    },
});

import pulumi
import pulumi_aws as aws

s3 = aws.ec2.VpcEndpoint("s3",
    vpc_id=main["id"],
    service_name="com.amazonaws.us-west-2.s3",
    tags={
        "Environment": "test",
    })

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.NewVpcEndpoint(ctx, "s3", &ec2.VpcEndpointArgs{
			VpcId:       pulumi.Any(main.Id),
			ServiceName: pulumi.String("com.amazonaws.us-west-2.s3"),
			Tags: pulumi.StringMap{
				"Environment": pulumi.String("test"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var s3 = new Aws.Ec2.VpcEndpoint("s3", new()
    {
        VpcId = main.Id,
        ServiceName = "com.amazonaws.us-west-2.s3",
        Tags = 
        {
            { "Environment", "test" },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var s3 = new VpcEndpoint("s3", VpcEndpointArgs.builder()
            .vpcId(main.id())
            .serviceName("com.amazonaws.us-west-2.s3")
            .tags(Map.of("Environment", "test"))
            .build());

    }
}

resources:
  s3:
    type: aws:ec2:VpcEndpoint
    properties:
      vpcId: ${main.id}
      serviceName: com.amazonaws.us-west-2.s3
      tags:
        Environment: test

Interface Endpoint Type

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ec2 = new aws.ec2.VpcEndpoint("ec2", {
    vpcId: main.id,
    serviceName: "com.amazonaws.us-west-2.ec2",
    vpcEndpointType: "Interface",
    securityGroupIds: [sg1.id],
    privateDnsEnabled: true,
});

import pulumi
import pulumi_aws as aws

ec2 = aws.ec2.VpcEndpoint("ec2",
    vpc_id=main["id"],
    service_name="com.amazonaws.us-west-2.ec2",
    vpc_endpoint_type="Interface",
    security_group_ids=[sg1["id"]],
    private_dns_enabled=True)

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.NewVpcEndpoint(ctx, "ec2", &ec2.VpcEndpointArgs{
			VpcId:           pulumi.Any(main.Id),
			ServiceName:     pulumi.String("com.amazonaws.us-west-2.ec2"),
			VpcEndpointType: pulumi.String("Interface"),
			SecurityGroupIds: pulumi.StringArray{
				sg1.Id,
			},
			PrivateDnsEnabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var ec2 = new Aws.Ec2.VpcEndpoint("ec2", new()
    {
        VpcId = main.Id,
        ServiceName = "com.amazonaws.us-west-2.ec2",
        VpcEndpointType = "Interface",
        SecurityGroupIds = new[]
        {
            sg1.Id,
        },
        PrivateDnsEnabled = true,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var ec2 = new VpcEndpoint("ec2", VpcEndpointArgs.builder()
            .vpcId(main.id())
            .serviceName("com.amazonaws.us-west-2.ec2")
            .vpcEndpointType("Interface")
            .securityGroupIds(sg1.id())
            .privateDnsEnabled(true)
            .build());

    }
}

resources:
  ec2:
    type: aws:ec2:VpcEndpoint
    properties:
      vpcId: ${main.id}
      serviceName: com.amazonaws.us-west-2.ec2
      vpcEndpointType: Interface
      securityGroupIds:
        - ${sg1.id}
      privateDnsEnabled: true

Interface Endpoint Type with User-Defined IP Address

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ec2 = new aws.ec2.VpcEndpoint("ec2", {
    vpcId: example.id,
    serviceName: "com.amazonaws.us-west-2.ec2",
    vpcEndpointType: "Interface",
    subnetConfigurations: [
        {
            ipv4: "10.0.1.10",
            subnetId: example1.id,
        },
        {
            ipv4: "10.0.2.10",
            subnetId: example2.id,
        },
    ],
    subnetIds: [
        example1.id,
        example2.id,
    ],
});

import pulumi
import pulumi_aws as aws

ec2 = aws.ec2.VpcEndpoint("ec2",
    vpc_id=example["id"],
    service_name="com.amazonaws.us-west-2.ec2",
    vpc_endpoint_type="Interface",
    subnet_configurations=[
        {
            "ipv4": "10.0.1.10",
            "subnet_id": example1["id"],
        },
        {
            "ipv4": "10.0.2.10",
            "subnet_id": example2["id"],
        },
    ],
    subnet_ids=[
        example1["id"],
        example2["id"],
    ])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.NewVpcEndpoint(ctx, "ec2", &ec2.VpcEndpointArgs{
			VpcId:           pulumi.Any(example.Id),
			ServiceName:     pulumi.String("com.amazonaws.us-west-2.ec2"),
			VpcEndpointType: pulumi.String("Interface"),
			SubnetConfigurations: ec2.VpcEndpointSubnetConfigurationArray{
				&ec2.VpcEndpointSubnetConfigurationArgs{
					Ipv4:     pulumi.String("10.0.1.10"),
					SubnetId: pulumi.Any(example1.Id),
				},
				&ec2.VpcEndpointSubnetConfigurationArgs{
					Ipv4:     pulumi.String("10.0.2.10"),
					SubnetId: pulumi.Any(example2.Id),
				},
			},
			SubnetIds: pulumi.StringArray{
				example1.Id,
				example2.Id,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var ec2 = new Aws.Ec2.VpcEndpoint("ec2", new()
    {
        VpcId = example.Id,
        ServiceName = "com.amazonaws.us-west-2.ec2",
        VpcEndpointType = "Interface",
        SubnetConfigurations = new[]
        {
            new Aws.Ec2.Inputs.VpcEndpointSubnetConfigurationArgs
            {
                Ipv4 = "10.0.1.10",
                SubnetId = example1.Id,
            },
            new Aws.Ec2.Inputs.VpcEndpointSubnetConfigurationArgs
            {
                Ipv4 = "10.0.2.10",
                SubnetId = example2.Id,
            },
        },
        SubnetIds = new[]
        {
            example1.Id,
            example2.Id,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import com.pulumi.aws.ec2.inputs.VpcEndpointSubnetConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var ec2 = new VpcEndpoint("ec2", VpcEndpointArgs.builder()
            .vpcId(example.id())
            .serviceName("com.amazonaws.us-west-2.ec2")
            .vpcEndpointType("Interface")
            .subnetConfigurations(            
                VpcEndpointSubnetConfigurationArgs.builder()
                    .ipv4("10.0.1.10")
                    .subnetId(example1.id())
                    .build(),
                VpcEndpointSubnetConfigurationArgs.builder()
                    .ipv4("10.0.2.10")
                    .subnetId(example2.id())
                    .build())
            .subnetIds(            
                example1.id(),
                example2.id())
            .build());

    }
}

resources:
  ec2:
    type: aws:ec2:VpcEndpoint
    properties:
      vpcId: ${example.id}
      serviceName: com.amazonaws.us-west-2.ec2
      vpcEndpointType: Interface
      subnetConfigurations:
        - ipv4: 10.0.1.10
          subnetId: ${example1.id}
        - ipv4: 10.0.2.10
          subnetId: ${example2.id}
      subnetIds:
        - ${example1.id}
        - ${example2.id}

Gateway Load Balancer Endpoint Type

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = aws.getCallerIdentity({});
const example = new aws.ec2.VpcEndpointService("example", {
    acceptanceRequired: false,
    allowedPrincipals: [current.then(current => current.arn)],
    gatewayLoadBalancerArns: [exampleAwsLb.arn],
});
const exampleVpcEndpoint = new aws.ec2.VpcEndpoint("example", {
    serviceName: example.serviceName,
    subnetIds: [exampleAwsSubnet.id],
    vpcEndpointType: example.serviceType,
    vpcId: exampleAwsVpc.id,
});

import pulumi
import pulumi_aws as aws

current = aws.get_caller_identity()
example = aws.ec2.VpcEndpointService("example",
    acceptance_required=False,
    allowed_principals=[current.arn],
    gateway_load_balancer_arns=[example_aws_lb["arn"]])
example_vpc_endpoint = aws.ec2.VpcEndpoint("example",
    service_name=example.service_name,
    subnet_ids=[example_aws_subnet["id"]],
    vpc_endpoint_type=example.service_type,
    vpc_id=example_aws_vpc["id"])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := aws.GetCallerIdentity(ctx, &aws.GetCallerIdentityArgs{}, nil)
		if err != nil {
			return err
		}
		example, err := ec2.NewVpcEndpointService(ctx, "example", &ec2.VpcEndpointServiceArgs{
			AcceptanceRequired: pulumi.Bool(false),
			AllowedPrincipals: pulumi.StringArray{
				pulumi.String(current.Arn),
			},
			GatewayLoadBalancerArns: pulumi.StringArray{
				exampleAwsLb.Arn,
			},
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewVpcEndpoint(ctx, "example", &ec2.VpcEndpointArgs{
			ServiceName: example.ServiceName,
			SubnetIds: pulumi.StringArray{
				exampleAwsSubnet.Id,
			},
			VpcEndpointType: example.ServiceType,
			VpcId:           pulumi.Any(exampleAwsVpc.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var current = Aws.GetCallerIdentity.Invoke();

    var example = new Aws.Ec2.VpcEndpointService("example", new()
    {
        AcceptanceRequired = false,
        AllowedPrincipals = new[]
        {
            current.Apply(getCallerIdentityResult => getCallerIdentityResult.Arn),
        },
        GatewayLoadBalancerArns = new[]
        {
            exampleAwsLb.Arn,
        },
    });

    var exampleVpcEndpoint = new Aws.Ec2.VpcEndpoint("example", new()
    {
        ServiceName = example.ServiceName,
        SubnetIds = new[]
        {
            exampleAwsSubnet.Id,
        },
        VpcEndpointType = example.ServiceType,
        VpcId = exampleAwsVpc.Id,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.ec2.VpcEndpointService;
import com.pulumi.aws.ec2.VpcEndpointServiceArgs;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = AwsFunctions.getCallerIdentity();

        var example = new VpcEndpointService("example", VpcEndpointServiceArgs.builder()
            .acceptanceRequired(false)
            .allowedPrincipals(current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.arn()))
            .gatewayLoadBalancerArns(exampleAwsLb.arn())
            .build());

        var exampleVpcEndpoint = new VpcEndpoint("exampleVpcEndpoint", VpcEndpointArgs.builder()
            .serviceName(example.serviceName())
            .subnetIds(exampleAwsSubnet.id())
            .vpcEndpointType(example.serviceType())
            .vpcId(exampleAwsVpc.id())
            .build());

    }
}

resources:
  example:
    type: aws:ec2:VpcEndpointService
    properties:
      acceptanceRequired: false
      allowedPrincipals:
        - ${current.arn}
      gatewayLoadBalancerArns:
        - ${exampleAwsLb.arn}
  exampleVpcEndpoint:
    type: aws:ec2:VpcEndpoint
    name: example
    properties:
      serviceName: ${example.serviceName}
      subnetIds:
        - ${exampleAwsSubnet.id}
      vpcEndpointType: ${example.serviceType}
      vpcId: ${exampleAwsVpc.id}
variables:
  current:
    fn::invoke:
      function: aws:getCallerIdentity
      arguments: {}

VPC Lattice Resource Configuration Endpoint Type

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.VpcEndpoint("example", {
    resourceConfigurationArn: exampleAwsVpclatticeResourceConfiguration.arn,
    subnetIds: [exampleAwsSubnet.id],
    vpcEndpointType: "Resource",
    vpcId: exampleAwsVpc.id,
});

import pulumi
import pulumi_aws as aws

example = aws.ec2.VpcEndpoint("example",
    resource_configuration_arn=example_aws_vpclattice_resource_configuration["arn"],
    subnet_ids=[example_aws_subnet["id"]],
    vpc_endpoint_type="Resource",
    vpc_id=example_aws_vpc["id"])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.NewVpcEndpoint(ctx, "example", &ec2.VpcEndpointArgs{
			ResourceConfigurationArn: pulumi.Any(exampleAwsVpclatticeResourceConfiguration.Arn),
			SubnetIds: pulumi.StringArray{
				exampleAwsSubnet.Id,
			},
			VpcEndpointType: pulumi.String("Resource"),
			VpcId:           pulumi.Any(exampleAwsVpc.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Ec2.VpcEndpoint("example", new()
    {
        ResourceConfigurationArn = exampleAwsVpclatticeResourceConfiguration.Arn,
        SubnetIds = new[]
        {
            exampleAwsSubnet.Id,
        },
        VpcEndpointType = "Resource",
        VpcId = exampleAwsVpc.Id,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new VpcEndpoint("example", VpcEndpointArgs.builder()
            .resourceConfigurationArn(exampleAwsVpclatticeResourceConfiguration.arn())
            .subnetIds(exampleAwsSubnet.id())
            .vpcEndpointType("Resource")
            .vpcId(exampleAwsVpc.id())
            .build());

    }
}

resources:
  example:
    type: aws:ec2:VpcEndpoint
    properties:
      resourceConfigurationArn: ${exampleAwsVpclatticeResourceConfiguration.arn}
      subnetIds:
        - ${exampleAwsSubnet.id}
      vpcEndpointType: Resource
      vpcId: ${exampleAwsVpc.id}

VPC Lattice Service Network Endpoint Type

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.VpcEndpoint("example", {
    serviceNetworkArn: exampleAwsVpclatticeServiceNetwork.arn,
    subnetIds: [exampleAwsSubnet.id],
    vpcEndpointType: "ServiceNetwork",
    vpcId: exampleAwsVpc.id,
});

import pulumi
import pulumi_aws as aws

example = aws.ec2.VpcEndpoint("example",
    service_network_arn=example_aws_vpclattice_service_network["arn"],
    subnet_ids=[example_aws_subnet["id"]],
    vpc_endpoint_type="ServiceNetwork",
    vpc_id=example_aws_vpc["id"])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.NewVpcEndpoint(ctx, "example", &ec2.VpcEndpointArgs{
			ServiceNetworkArn: pulumi.Any(exampleAwsVpclatticeServiceNetwork.Arn),
			SubnetIds: pulumi.StringArray{
				exampleAwsSubnet.Id,
			},
			VpcEndpointType: pulumi.String("ServiceNetwork"),
			VpcId:           pulumi.Any(exampleAwsVpc.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Ec2.VpcEndpoint("example", new()
    {
        ServiceNetworkArn = exampleAwsVpclatticeServiceNetwork.Arn,
        SubnetIds = new[]
        {
            exampleAwsSubnet.Id,
        },
        VpcEndpointType = "ServiceNetwork",
        VpcId = exampleAwsVpc.Id,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new VpcEndpoint("example", VpcEndpointArgs.builder()
            .serviceNetworkArn(exampleAwsVpclatticeServiceNetwork.arn())
            .subnetIds(exampleAwsSubnet.id())
            .vpcEndpointType("ServiceNetwork")
            .vpcId(exampleAwsVpc.id())
            .build());

    }
}

resources:
  example:
    type: aws:ec2:VpcEndpoint
    properties:
      serviceNetworkArn: ${exampleAwsVpclatticeServiceNetwork.arn}
      subnetIds:
        - ${exampleAwsSubnet.id}
      vpcEndpointType: ServiceNetwork
      vpcId: ${exampleAwsVpc.id}

Create VpcEndpoint Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new VpcEndpoint(name: string, args: VpcEndpointArgs, opts?: CustomResourceOptions);

@overload
def VpcEndpoint(resource_name: str,
                args: VpcEndpointArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def VpcEndpoint(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                vpc_id: Optional[str] = None,
                service_name: Optional[str] = None,
                service_network_arn: Optional[str] = None,
                policy: Optional[str] = None,
                private_dns_enabled: Optional[bool] = None,
                resource_configuration_arn: Optional[str] = None,
                route_table_ids: Optional[Sequence[str]] = None,
                ip_address_type: Optional[str] = None,
                auto_accept: Optional[bool] = None,
                security_group_ids: Optional[Sequence[str]] = None,
                service_region: Optional[str] = None,
                subnet_configurations: Optional[Sequence[VpcEndpointSubnetConfigurationArgs]] = None,
                subnet_ids: Optional[Sequence[str]] = None,
                tags: Optional[Mapping[str, str]] = None,
                vpc_endpoint_type: Optional[str] = None,
                dns_options: Optional[VpcEndpointDnsOptionsArgs] = None)

func NewVpcEndpoint(ctx *Context, name string, args VpcEndpointArgs, opts ...ResourceOption) (*VpcEndpoint, error)

public VpcEndpoint(string name, VpcEndpointArgs args, CustomResourceOptions? opts = null)

public VpcEndpoint(String name, VpcEndpointArgs args)
public VpcEndpoint(String name, VpcEndpointArgs args, CustomResourceOptions options)

type: aws:ec2:VpcEndpoint
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args VpcEndpointArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args VpcEndpointArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args VpcEndpointArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args VpcEndpointArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args VpcEndpointArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var vpcEndpointResource = new Aws.Ec2.VpcEndpoint("vpcEndpointResource", new()
{
    VpcId = "string",
    ServiceName = "string",
    ServiceNetworkArn = "string",
    Policy = "string",
    PrivateDnsEnabled = false,
    ResourceConfigurationArn = "string",
    RouteTableIds = new[]
    {
        "string",
    },
    IpAddressType = "string",
    AutoAccept = false,
    SecurityGroupIds = new[]
    {
        "string",
    },
    ServiceRegion = "string",
    SubnetConfigurations = new[]
    {
        new Aws.Ec2.Inputs.VpcEndpointSubnetConfigurationArgs
        {
            Ipv4 = "string",
            Ipv6 = "string",
            SubnetId = "string",
        },
    },
    SubnetIds = new[]
    {
        "string",
    },
    Tags = 
    {
        { "string", "string" },
    },
    VpcEndpointType = "string",
    DnsOptions = new Aws.Ec2.Inputs.VpcEndpointDnsOptionsArgs
    {
        DnsRecordIpType = "string",
        PrivateDnsOnlyForInboundResolverEndpoint = false,
    },
});

example, err := ec2.NewVpcEndpoint(ctx, "vpcEndpointResource", &ec2.VpcEndpointArgs{
	VpcId:                    pulumi.String("string"),
	ServiceName:              pulumi.String("string"),
	ServiceNetworkArn:        pulumi.String("string"),
	Policy:                   pulumi.String("string"),
	PrivateDnsEnabled:        pulumi.Bool(false),
	ResourceConfigurationArn: pulumi.String("string"),
	RouteTableIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	IpAddressType: pulumi.String("string"),
	AutoAccept:    pulumi.Bool(false),
	SecurityGroupIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	ServiceRegion: pulumi.String("string"),
	SubnetConfigurations: ec2.VpcEndpointSubnetConfigurationArray{
		&ec2.VpcEndpointSubnetConfigurationArgs{
			Ipv4:     pulumi.String("string"),
			Ipv6:     pulumi.String("string"),
			SubnetId: pulumi.String("string"),
		},
	},
	SubnetIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	VpcEndpointType: pulumi.String("string"),
	DnsOptions: &ec2.VpcEndpointDnsOptionsArgs{
		DnsRecordIpType:                          pulumi.String("string"),
		PrivateDnsOnlyForInboundResolverEndpoint: pulumi.Bool(false),
	},
})

var vpcEndpointResource = new VpcEndpoint("vpcEndpointResource", VpcEndpointArgs.builder()
    .vpcId("string")
    .serviceName("string")
    .serviceNetworkArn("string")
    .policy("string")
    .privateDnsEnabled(false)
    .resourceConfigurationArn("string")
    .routeTableIds("string")
    .ipAddressType("string")
    .autoAccept(false)
    .securityGroupIds("string")
    .serviceRegion("string")
    .subnetConfigurations(VpcEndpointSubnetConfigurationArgs.builder()
        .ipv4("string")
        .ipv6("string")
        .subnetId("string")
        .build())
    .subnetIds("string")
    .tags(Map.of("string", "string"))
    .vpcEndpointType("string")
    .dnsOptions(VpcEndpointDnsOptionsArgs.builder()
        .dnsRecordIpType("string")
        .privateDnsOnlyForInboundResolverEndpoint(false)
        .build())
    .build());

vpc_endpoint_resource = aws.ec2.VpcEndpoint("vpcEndpointResource",
    vpc_id="string",
    service_name="string",
    service_network_arn="string",
    policy="string",
    private_dns_enabled=False,
    resource_configuration_arn="string",
    route_table_ids=["string"],
    ip_address_type="string",
    auto_accept=False,
    security_group_ids=["string"],
    service_region="string",
    subnet_configurations=[{
        "ipv4": "string",
        "ipv6": "string",
        "subnet_id": "string",
    }],
    subnet_ids=["string"],
    tags={
        "string": "string",
    },
    vpc_endpoint_type="string",
    dns_options={
        "dns_record_ip_type": "string",
        "private_dns_only_for_inbound_resolver_endpoint": False,
    })

const vpcEndpointResource = new aws.ec2.VpcEndpoint("vpcEndpointResource", {
    vpcId: "string",
    serviceName: "string",
    serviceNetworkArn: "string",
    policy: "string",
    privateDnsEnabled: false,
    resourceConfigurationArn: "string",
    routeTableIds: ["string"],
    ipAddressType: "string",
    autoAccept: false,
    securityGroupIds: ["string"],
    serviceRegion: "string",
    subnetConfigurations: [{
        ipv4: "string",
        ipv6: "string",
        subnetId: "string",
    }],
    subnetIds: ["string"],
    tags: {
        string: "string",
    },
    vpcEndpointType: "string",
    dnsOptions: {
        dnsRecordIpType: "string",
        privateDnsOnlyForInboundResolverEndpoint: false,
    },
});

type: aws:ec2:VpcEndpoint
properties:
    autoAccept: false
    dnsOptions:
        dnsRecordIpType: string
        privateDnsOnlyForInboundResolverEndpoint: false
    ipAddressType: string
    policy: string
    privateDnsEnabled: false
    resourceConfigurationArn: string
    routeTableIds:
        - string
    securityGroupIds:
        - string
    serviceName: string
    serviceNetworkArn: string
    serviceRegion: string
    subnetConfigurations:
        - ipv4: string
          ipv6: string
          subnetId: string
    subnetIds:
        - string
    tags:
        string: string
    vpcEndpointType: string
    vpcId: string

VpcEndpoint Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The VpcEndpoint resource accepts the following input properties:

VpcId string: The ID of the VPC in which the endpoint will be used.
AutoAccept bool: Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
DnsOptions VpcEndpointDnsOptions: The DNS options for the endpoint. See dns_options below.
IpAddressType string: The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.
Policy string: A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
PrivateDnsEnabled bool: Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false.
ResourceConfigurationArn string: The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
RouteTableIds List<string>: One or more route table IDs. Applicable for endpoints of type Gateway.
SecurityGroupIds List<string>: The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.
ServiceName string: The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
ServiceNetworkArn string: The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
ServiceRegion string: The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.
SubnetConfigurations List<VpcEndpointSubnetConfiguration>: Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.
SubnetIds List<string>: The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. Interface type endpoints cannot function without being assigned to a subnet.
Tags Dictionary<string, string>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
VpcEndpointType string: The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.

VpcId string: The ID of the VPC in which the endpoint will be used.
AutoAccept bool: Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
DnsOptions VpcEndpointDnsOptionsArgs: The DNS options for the endpoint. See dns_options below.
IpAddressType string: The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.
Policy string: A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
PrivateDnsEnabled bool: Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false.
ResourceConfigurationArn string: The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
RouteTableIds []string: One or more route table IDs. Applicable for endpoints of type Gateway.
SecurityGroupIds []string: The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.
ServiceName string: The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
ServiceNetworkArn string: The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
ServiceRegion string: The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.
SubnetConfigurations []VpcEndpointSubnetConfigurationArgs: Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.
SubnetIds []string: The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. Interface type endpoints cannot function without being assigned to a subnet.
Tags map[string]string: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
VpcEndpointType string: The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.

vpcId String: The ID of the VPC in which the endpoint will be used.
autoAccept Boolean: Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
dnsOptions VpcEndpointDnsOptions: The DNS options for the endpoint. See dns_options below.
ipAddressType String: The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.
policy String: A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
privateDnsEnabled Boolean: Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false.
resourceConfigurationArn String: The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
routeTableIds List<String>: One or more route table IDs. Applicable for endpoints of type Gateway.
securityGroupIds List<String>: The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.
serviceName String: The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
serviceNetworkArn String: The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
serviceRegion String: The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.
subnetConfigurations List<VpcEndpointSubnetConfiguration>: Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.
subnetIds List<String>: The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. Interface type endpoints cannot function without being assigned to a subnet.
tags Map<String,String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
vpcEndpointType String: The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.

vpcId string: The ID of the VPC in which the endpoint will be used.
autoAccept boolean: Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
dnsOptions VpcEndpointDnsOptions: The DNS options for the endpoint. See dns_options below.
ipAddressType string: The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.
policy string: A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
privateDnsEnabled boolean: Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false.
resourceConfigurationArn string: The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
routeTableIds string[]: One or more route table IDs. Applicable for endpoints of type Gateway.
securityGroupIds string[]: The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.
serviceName string: The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
serviceNetworkArn string: The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
serviceRegion string: The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.
subnetConfigurations VpcEndpointSubnetConfiguration[]: Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.
subnetIds string[]: The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. Interface type endpoints cannot function without being assigned to a subnet.
tags {[key: string]: string}: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
vpcEndpointType string: The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.

vpc_id str: The ID of the VPC in which the endpoint will be used.
auto_accept bool: Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
dns_options VpcEndpointDnsOptionsArgs: The DNS options for the endpoint. See dns_options below.
ip_address_type str: The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.
policy str: A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
private_dns_enabled bool: Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false.
resource_configuration_arn str: The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
route_table_ids Sequence[str]: One or more route table IDs. Applicable for endpoints of type Gateway.
security_group_ids Sequence[str]: The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.
service_name str: The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
service_network_arn str: The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
service_region str: The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.
subnet_configurations Sequence[VpcEndpointSubnetConfigurationArgs]: Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.
subnet_ids Sequence[str]: The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. Interface type endpoints cannot function without being assigned to a subnet.
tags Mapping[str, str]: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
vpc_endpoint_type str: The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.

vpcId String: The ID of the VPC in which the endpoint will be used.
autoAccept Boolean: Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
dnsOptions Property Map: The DNS options for the endpoint. See dns_options below.
ipAddressType String: The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.
policy String: A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
privateDnsEnabled Boolean: Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false.
resourceConfigurationArn String: The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
routeTableIds List<String>: One or more route table IDs. Applicable for endpoints of type Gateway.
securityGroupIds List<String>: The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.
serviceName String: The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
serviceNetworkArn String: The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
serviceRegion String: The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.
subnetConfigurations List<Property Map>: Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.
subnetIds List<String>: The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. Interface type endpoints cannot function without being assigned to a subnet.
tags Map<String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
vpcEndpointType String: The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.

Outputs

All input properties are implicitly available as output properties. Additionally, the VpcEndpoint resource produces the following output properties:

Arn string: The Amazon Resource Name (ARN) of the VPC endpoint.
CidrBlocks List<string>: The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
DnsEntries List<VpcEndpointDnsEntry>: The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
Id string: The provider-assigned unique ID for this managed resource.
NetworkInterfaceIds List<string>: One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
OwnerId string: The ID of the AWS account that owns the VPC endpoint.
PrefixListId string: The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
RequesterManaged bool: Whether or not the VPC Endpoint is being managed by its service - true or false.
State string: The state of the VPC endpoint.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Arn string: The Amazon Resource Name (ARN) of the VPC endpoint.
CidrBlocks []string: The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
DnsEntries []VpcEndpointDnsEntry: The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
Id string: The provider-assigned unique ID for this managed resource.
NetworkInterfaceIds []string: One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
OwnerId string: The ID of the AWS account that owns the VPC endpoint.
PrefixListId string: The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
RequesterManaged bool: Whether or not the VPC Endpoint is being managed by its service - true or false.
State string: The state of the VPC endpoint.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: The Amazon Resource Name (ARN) of the VPC endpoint.
cidrBlocks List<String>: The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
dnsEntries List<VpcEndpointDnsEntry>: The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
id String: The provider-assigned unique ID for this managed resource.
networkInterfaceIds List<String>: One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
ownerId String: The ID of the AWS account that owns the VPC endpoint.
prefixListId String: The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
requesterManaged Boolean: Whether or not the VPC Endpoint is being managed by its service - true or false.
state String: The state of the VPC endpoint.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn string: The Amazon Resource Name (ARN) of the VPC endpoint.
cidrBlocks string[]: The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
dnsEntries VpcEndpointDnsEntry[]: The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
id string: The provider-assigned unique ID for this managed resource.
networkInterfaceIds string[]: One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
ownerId string: The ID of the AWS account that owns the VPC endpoint.
prefixListId string: The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
requesterManaged boolean: Whether or not the VPC Endpoint is being managed by its service - true or false.
state string: The state of the VPC endpoint.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn str: The Amazon Resource Name (ARN) of the VPC endpoint.
cidr_blocks Sequence[str]: The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
dns_entries Sequence[VpcEndpointDnsEntry]: The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
id str: The provider-assigned unique ID for this managed resource.
network_interface_ids Sequence[str]: One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
owner_id str: The ID of the AWS account that owns the VPC endpoint.
prefix_list_id str: The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
requester_managed bool: Whether or not the VPC Endpoint is being managed by its service - true or false.
state str: The state of the VPC endpoint.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: The Amazon Resource Name (ARN) of the VPC endpoint.
cidrBlocks List<String>: The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
dnsEntries List<Property Map>: The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
id String: The provider-assigned unique ID for this managed resource.
networkInterfaceIds List<String>: One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
ownerId String: The ID of the AWS account that owns the VPC endpoint.
prefixListId String: The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
requesterManaged Boolean: Whether or not the VPC Endpoint is being managed by its service - true or false.
state String: The state of the VPC endpoint.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Look up Existing VpcEndpoint Resource

Get an existing VpcEndpoint resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VpcEndpointState, opts?: CustomResourceOptions): VpcEndpoint

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        auto_accept: Optional[bool] = None,
        cidr_blocks: Optional[Sequence[str]] = None,
        dns_entries: Optional[Sequence[VpcEndpointDnsEntryArgs]] = None,
        dns_options: Optional[VpcEndpointDnsOptionsArgs] = None,
        ip_address_type: Optional[str] = None,
        network_interface_ids: Optional[Sequence[str]] = None,
        owner_id: Optional[str] = None,
        policy: Optional[str] = None,
        prefix_list_id: Optional[str] = None,
        private_dns_enabled: Optional[bool] = None,
        requester_managed: Optional[bool] = None,
        resource_configuration_arn: Optional[str] = None,
        route_table_ids: Optional[Sequence[str]] = None,
        security_group_ids: Optional[Sequence[str]] = None,
        service_name: Optional[str] = None,
        service_network_arn: Optional[str] = None,
        service_region: Optional[str] = None,
        state: Optional[str] = None,
        subnet_configurations: Optional[Sequence[VpcEndpointSubnetConfigurationArgs]] = None,
        subnet_ids: Optional[Sequence[str]] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        vpc_endpoint_type: Optional[str] = None,
        vpc_id: Optional[str] = None) -> VpcEndpoint

func GetVpcEndpoint(ctx *Context, name string, id IDInput, state *VpcEndpointState, opts ...ResourceOption) (*VpcEndpoint, error)

public static VpcEndpoint Get(string name, Input<string> id, VpcEndpointState? state, CustomResourceOptions? opts = null)

public static VpcEndpoint get(String name, Output<String> id, VpcEndpointState state, CustomResourceOptions options)

resources:  _:    type: aws:ec2:VpcEndpoint    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string: The Amazon Resource Name (ARN) of the VPC endpoint.
AutoAccept bool: Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
CidrBlocks List<string>: The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
DnsEntries List<VpcEndpointDnsEntry>: The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
DnsOptions VpcEndpointDnsOptions: The DNS options for the endpoint. See dns_options below.
IpAddressType string: The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.
NetworkInterfaceIds List<string>: One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
OwnerId string: The ID of the AWS account that owns the VPC endpoint.
Policy string: A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
PrefixListId string: The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
PrivateDnsEnabled bool: Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false.
RequesterManaged bool: Whether or not the VPC Endpoint is being managed by its service - true or false.
ResourceConfigurationArn string: The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
RouteTableIds List<string>: One or more route table IDs. Applicable for endpoints of type Gateway.
SecurityGroupIds List<string>: The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.
ServiceName string: The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
ServiceNetworkArn string: The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
ServiceRegion string: The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.
State string: The state of the VPC endpoint.
SubnetConfigurations List<VpcEndpointSubnetConfiguration>: Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.
SubnetIds List<string>: The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. Interface type endpoints cannot function without being assigned to a subnet.
Tags Dictionary<string, string>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
VpcEndpointType string: The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.
VpcId string: The ID of the VPC in which the endpoint will be used.

Arn string: The Amazon Resource Name (ARN) of the VPC endpoint.
AutoAccept bool: Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
CidrBlocks []string: The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
DnsEntries []VpcEndpointDnsEntryArgs: The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
DnsOptions VpcEndpointDnsOptionsArgs: The DNS options for the endpoint. See dns_options below.
IpAddressType string: The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.
NetworkInterfaceIds []string: One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
OwnerId string: The ID of the AWS account that owns the VPC endpoint.
Policy string: A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
PrefixListId string: The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
PrivateDnsEnabled bool: Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false.
RequesterManaged bool: Whether or not the VPC Endpoint is being managed by its service - true or false.
ResourceConfigurationArn string: The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
RouteTableIds []string: One or more route table IDs. Applicable for endpoints of type Gateway.
SecurityGroupIds []string: The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.
ServiceName string: The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
ServiceNetworkArn string: The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
ServiceRegion string: The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.
State string: The state of the VPC endpoint.
SubnetConfigurations []VpcEndpointSubnetConfigurationArgs: Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.
SubnetIds []string: The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. Interface type endpoints cannot function without being assigned to a subnet.
Tags map[string]string: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
VpcEndpointType string: The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.
VpcId string: The ID of the VPC in which the endpoint will be used.

arn String: The Amazon Resource Name (ARN) of the VPC endpoint.
autoAccept Boolean: Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
cidrBlocks List<String>: The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
dnsEntries List<VpcEndpointDnsEntry>: The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
dnsOptions VpcEndpointDnsOptions: The DNS options for the endpoint. See dns_options below.
ipAddressType String: The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.
networkInterfaceIds List<String>: One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
ownerId String: The ID of the AWS account that owns the VPC endpoint.
policy String: A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
prefixListId String: The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
privateDnsEnabled Boolean: Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false.
requesterManaged Boolean: Whether or not the VPC Endpoint is being managed by its service - true or false.
resourceConfigurationArn String: The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
routeTableIds List<String>: One or more route table IDs. Applicable for endpoints of type Gateway.
securityGroupIds List<String>: The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.
serviceName String: The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
serviceNetworkArn String: The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
serviceRegion String: The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.
state String: The state of the VPC endpoint.
subnetConfigurations List<VpcEndpointSubnetConfiguration>: Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.
subnetIds List<String>: The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. Interface type endpoints cannot function without being assigned to a subnet.
tags Map<String,String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
vpcEndpointType String: The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.
vpcId String: The ID of the VPC in which the endpoint will be used.

arn string: The Amazon Resource Name (ARN) of the VPC endpoint.
autoAccept boolean: Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
cidrBlocks string[]: The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
dnsEntries VpcEndpointDnsEntry[]: The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
dnsOptions VpcEndpointDnsOptions: The DNS options for the endpoint. See dns_options below.
ipAddressType string: The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.
networkInterfaceIds string[]: One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
ownerId string: The ID of the AWS account that owns the VPC endpoint.
policy string: A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
prefixListId string: The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
privateDnsEnabled boolean: Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false.
requesterManaged boolean: Whether or not the VPC Endpoint is being managed by its service - true or false.
resourceConfigurationArn string: The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
routeTableIds string[]: One or more route table IDs. Applicable for endpoints of type Gateway.
securityGroupIds string[]: The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.
serviceName string: The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
serviceNetworkArn string: The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
serviceRegion string: The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.
state string: The state of the VPC endpoint.
subnetConfigurations VpcEndpointSubnetConfiguration[]: Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.
subnetIds string[]: The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. Interface type endpoints cannot function without being assigned to a subnet.
tags {[key: string]: string}: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
vpcEndpointType string: The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.
vpcId string: The ID of the VPC in which the endpoint will be used.

arn str: The Amazon Resource Name (ARN) of the VPC endpoint.
auto_accept bool: Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
cidr_blocks Sequence[str]: The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
dns_entries Sequence[VpcEndpointDnsEntryArgs]: The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
dns_options VpcEndpointDnsOptionsArgs: The DNS options for the endpoint. See dns_options below.
ip_address_type str: The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.
network_interface_ids Sequence[str]: One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
owner_id str: The ID of the AWS account that owns the VPC endpoint.
policy str: A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
prefix_list_id str: The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
private_dns_enabled bool: Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false.
requester_managed bool: Whether or not the VPC Endpoint is being managed by its service - true or false.
resource_configuration_arn str: The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
route_table_ids Sequence[str]: One or more route table IDs. Applicable for endpoints of type Gateway.
security_group_ids Sequence[str]: The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.
service_name str: The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
service_network_arn str: The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
service_region str: The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.
state str: The state of the VPC endpoint.
subnet_configurations Sequence[VpcEndpointSubnetConfigurationArgs]: Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.
subnet_ids Sequence[str]: The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. Interface type endpoints cannot function without being assigned to a subnet.
tags Mapping[str, str]: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
vpc_endpoint_type str: The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.
vpc_id str: The ID of the VPC in which the endpoint will be used.

arn String: The Amazon Resource Name (ARN) of the VPC endpoint.
autoAccept Boolean: Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
cidrBlocks List<String>: The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.
dnsEntries List<Property Map>: The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.
dnsOptions Property Map: The DNS options for the endpoint. See dns_options below.
ipAddressType String: The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.
networkInterfaceIds List<String>: One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.
ownerId String: The ID of the AWS account that owns the VPC endpoint.
policy String: A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
prefixListId String: The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.
privateDnsEnabled Boolean: Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false.
requesterManaged Boolean: Whether or not the VPC Endpoint is being managed by its service - true or false.
resourceConfigurationArn String: The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
routeTableIds List<String>: One or more route table IDs. Applicable for endpoints of type Gateway.
securityGroupIds List<String>: The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.
serviceName String: The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
serviceNetworkArn String: The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.
serviceRegion String: The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.
state String: The state of the VPC endpoint.
subnetConfigurations List<Property Map>: Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.
subnetIds List<String>: The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. Interface type endpoints cannot function without being assigned to a subnet.
tags Map<String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
vpcEndpointType String: The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.
vpcId String: The ID of the VPC in which the endpoint will be used.

Supporting Types

VpcEndpointDnsEntry, VpcEndpointDnsEntryArgs

DnsName string: The DNS name.
HostedZoneId string: The ID of the private hosted zone.

DnsName string: The DNS name.
HostedZoneId string: The ID of the private hosted zone.

dnsName String: The DNS name.
hostedZoneId String: The ID of the private hosted zone.

dnsName string: The DNS name.
hostedZoneId string: The ID of the private hosted zone.

dns_name str: The DNS name.
hosted_zone_id str: The ID of the private hosted zone.

dnsName String: The DNS name.
hostedZoneId String: The ID of the private hosted zone.

VpcEndpointDnsOptions, VpcEndpointDnsOptionsArgs

DnsRecordIpType string: The DNS records created for the endpoint. Valid values are ipv4, dualstack, service-defined, and ipv6.
PrivateDnsOnlyForInboundResolverEndpoint bool: Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint. Default is false. Can only be specified if private_dns_enabled is true.

DnsRecordIpType string: The DNS records created for the endpoint. Valid values are ipv4, dualstack, service-defined, and ipv6.
PrivateDnsOnlyForInboundResolverEndpoint bool: Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint. Default is false. Can only be specified if private_dns_enabled is true.

dnsRecordIpType String: The DNS records created for the endpoint. Valid values are ipv4, dualstack, service-defined, and ipv6.
privateDnsOnlyForInboundResolverEndpoint Boolean: Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint. Default is false. Can only be specified if private_dns_enabled is true.

dnsRecordIpType string: The DNS records created for the endpoint. Valid values are ipv4, dualstack, service-defined, and ipv6.
privateDnsOnlyForInboundResolverEndpoint boolean: Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint. Default is false. Can only be specified if private_dns_enabled is true.

dns_record_ip_type str: The DNS records created for the endpoint. Valid values are ipv4, dualstack, service-defined, and ipv6.
private_dns_only_for_inbound_resolver_endpoint bool: Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint. Default is false. Can only be specified if private_dns_enabled is true.

dnsRecordIpType String: The DNS records created for the endpoint. Valid values are ipv4, dualstack, service-defined, and ipv6.
privateDnsOnlyForInboundResolverEndpoint Boolean: Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint. Default is false. Can only be specified if private_dns_enabled is true.

VpcEndpointSubnetConfiguration, VpcEndpointSubnetConfigurationArgs

Ipv4 string: The IPv4 address to assign to the endpoint network interface in the subnet. You must provide an IPv4 address if the VPC endpoint supports IPv4.
Ipv6 string: The IPv6 address to assign to the endpoint network interface in the subnet. You must provide an IPv6 address if the VPC endpoint supports IPv6.
SubnetId string

Ipv4 string: The IPv4 address to assign to the endpoint network interface in the subnet. You must provide an IPv4 address if the VPC endpoint supports IPv4.
Ipv6 string: The IPv6 address to assign to the endpoint network interface in the subnet. You must provide an IPv6 address if the VPC endpoint supports IPv6.
SubnetId string

ipv4 String: The IPv4 address to assign to the endpoint network interface in the subnet. You must provide an IPv4 address if the VPC endpoint supports IPv4.
ipv6 String: The IPv6 address to assign to the endpoint network interface in the subnet. You must provide an IPv6 address if the VPC endpoint supports IPv6.
subnetId String

ipv4 string: The IPv4 address to assign to the endpoint network interface in the subnet. You must provide an IPv4 address if the VPC endpoint supports IPv4.
ipv6 string: The IPv6 address to assign to the endpoint network interface in the subnet. You must provide an IPv6 address if the VPC endpoint supports IPv6.
subnetId string

ipv4 str: The IPv4 address to assign to the endpoint network interface in the subnet. You must provide an IPv4 address if the VPC endpoint supports IPv4.
ipv6 str: The IPv6 address to assign to the endpoint network interface in the subnet. You must provide an IPv6 address if the VPC endpoint supports IPv6.
subnet_id str

ipv4 String: The IPv4 address to assign to the endpoint network interface in the subnet. You must provide an IPv4 address if the VPC endpoint supports IPv4.
ipv6 String: The IPv6 address to assign to the endpoint network interface in the subnet. You must provide an IPv6 address if the VPC endpoint supports IPv6.
subnetId String

Import

Using pulumi import, import VPC Endpoints using the VPC endpoint id. For example:

$ pulumi import aws:ec2/vpcEndpoint:VpcEndpoint endpoint1 vpce-3ecf2a57

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-aws

aws.ec2.VpcEndpoint

On this page

On this page

Example Usage

Basic

Basic w/ Tags

Interface Endpoint Type

Interface Endpoint Type with User-Defined IP Address

Gateway Load Balancer Endpoint Type

VPC Lattice Resource Configuration Endpoint Type

VPC Lattice Service Network Endpoint Type

Create VpcEndpoint Resource

Constructor syntax

Parameters

Constructor example

VpcEndpoint Resource Properties

Inputs

Outputs

Look up Existing VpcEndpoint Resource

Supporting Types

VpcEndpointDnsEntry, VpcEndpointDnsEntryArgs

VpcEndpointDnsOptions, VpcEndpointDnsOptionsArgs

VpcEndpointSubnetConfiguration, VpcEndpointSubnetConfigurationArgs

Import

Package Details

On this page

On this page