class Terrafying::Components::Endpoint

Attributes

fqdn[R]
security_group[R]

Public Class Methods

create_in(vpc, name, options = {}) click to toggle source
# File lib/terrafying/components/endpoint.rb, line 15
def self.create_in(vpc, name, options = {})
  Endpoint.new.create_in(vpc, name, options)
end
new() click to toggle source
Calls superclass method
# File lib/terrafying/components/endpoint.rb, line 19
def initialize
  super
end

Public Instance Methods

create_in(vpc, name, options = {}) click to toggle source
# File lib/terrafying/components/endpoint.rb, line 23
def create_in(vpc, name, options = {})
  options = {
    auto_accept: true,
    subnets: vpc.subnets.fetch(:private, []),
    private_dns: false,
    vpc_endpoint_type: "Interface",
    tags: {}
  }.merge(options)

  ident = "#{tf_safe(vpc.name)}-#{name}"
  @name = ident

  if options[:service]
    service_name = options[:service].service_name

    @ports = options[:service].load_balancer.ports
  elsif options[:service_name]
    service_name = options[:service_name]

    if options[:service_name].start_with?('com.amazonaws')
      @ports = enrich_ports([443])
    else
      endpoint_service = aws.endpoint_service_by_name(options[:service_name])

      target_groups = endpoint_service.network_load_balancer_arns.map do |arn|
        aws.target_groups_by_lb(arn)
      end.flatten

      @ports = enrich_ports(target_groups.map(&:port))
    end
  elsif options[:source]
    source = if options[:source].is_a?(VPC)
               { vpc: options[:source], name: name }
             else
               options[:source]
             end

    lb = LoadBalancer.find_in(source[:vpc], source[:name])

    @ports = lb.ports
    service_name = aws.endpoint_service_by_lb_arn(lb.id).service_name
  else
    raise 'You need to pass either a service_name or source option to create an endpoint'
  end

  @security_group = resource :aws_security_group, ident,
                             name: "endpoint-#{ident}",
                             description: "Describe the ingress and egress of the endpoint #{ident}",
                             tags: options[:tags],
                             vpc_id: vpc.id

  resource :aws_vpc_endpoint, ident,
           vpc_id: vpc.id,
           service_name: service_name,
           vpc_endpoint_type: options[:vpc_endpoint_type],
           security_group_ids: [@security_group],
           auto_accept: options[:auto_accept],
           subnet_ids: options[:subnets].map(&:id),
           private_dns_enabled: options[:private_dns]

  @fqdn = output_of(:aws_vpc_endpoint, ident, 'dns_entry.0.dns_name')

  if options[:service]
    endpoint_service = options[:service]

    record_name = endpoint_service.fqdn.gsub(/.#{endpoint_service.zone.fqdn}$/, '')

    private_zone = add! Zone.create(endpoint_service.zone.fqdn, vpc: vpc)
    private_zone.add_record(
      record_name, [@fqdn], type: 'CNAME',
                            resource_name: tf_safe("#{@name}-#{endpoint_service.fqdn}")
    )
  end

  self
end