Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/epomatti/aws-vpc-endpoints

AWS VPC Endpoints integrated with SQS and KMS
https://github.com/epomatti/aws-vpc-endpoints

aws aws-privatelink aws-security kms sqs terraform vpc vpc-endpoints vpce

Last synced: about 1 month ago
JSON representation

AWS VPC Endpoints integrated with SQS and KMS

Awesome Lists containing this project

README 

        
# AWS VPC Endpoints



This sandbox implements a VPC Interface Endpoint to send messages to a SQS queue from an EC2 instance that runs in a private subnet.






In addition to provisioning the core resources, policies will be configured to use proper conditions.



The SQS queue will only accept `sqs:SendMessage` operations coming from the configured VPC Endpoint:



```json

"Condition": {

  "StringNotEquals": {

    "aws:sourceVpce": "vpce-1a2b3c4d"

  }

}

```



## Setup



Create the EC2 instance key pair material:



```sh

ssh-keygen -f modules/instance/ec2_id_rsa

```



To create the environment simply run:



```sh

terraform init

terraform apply -auto-approve

```



Connect to the EC2 instance:



```sh

aws ssm start-session --target i-00000000000000000 --region sa-east-1

```



Once the environment is created, connect to the EC2 instance using SSM. Confirm that the name is resolving to a private IP:



```sh

$ dig +short sqs.sa-east-1.amazonaws.com

10.0.50.54

```



Confirm that you're authenticated from within the EC2 instance:



```sh

aws sts get-caller-identity

```



Now send a message to the endpoint to the see the results:



```sh

aws sqs send-message --queue-url https://sqs.sa-east-1.amazonaws.com/000000000000/my-private-queue --message-body Hello

```



## Clean-up



```sh

terraform destroy

```