Adding VPC endpoints
Overview
A selection of AWS VPC Endpoints are supplied by default to member VPCs.
Modernisation Platform customers can raise pull requests to add further VPC endpoints as they require them.
Default AWS VPC Endpoints
Modernisation Platform core-vpc-* accounts contain per-business-unit VPCs which each have the following endpoints provisioned in their protected subnets:
"com.amazonaws.eu-west-2.ec2",
"com.amazonaws.eu-west-2.ec2messages",
"com.amazonaws.eu-west-2.ssm",
"com.amazonaws.eu-west-2.ssmmessages",
No action is required to make use of these.
Adding supplementary AWS VPC Endpoints
Additional VPC endpoints should be defined in the relevant $business_unit-$environment.json file in our environments-networks directory.
You can raise a pull request similar to this example for any additions you require.
{
...
"options": {
...
"additional_endpoints": [
"com.amazonaws.eu-west-2.$endpoint"
],
...
}
}
Validating the creation of supplementary AWS VPC Endpoints
Changes to VPC endpoints will be made through GitHub Actions. You can track the relevant core-vpc-* workflow here.
You can also follow our guidance on Viewing Core Account resources as a Member Account Developer to review the VPC endpoints in the relevant core-vpc-* account.