From a277ad277d8253e0af6433ab3402c1d54964e15a Mon Sep 17 00:00:00 2001
From: Daniel Bernstein <dabylon@gmail.com>
Date: Fri, 11 Aug 2023 08:24:32 -0700
Subject: [PATCH] Adds a vpc endpoint for s3 to ensure that s3 traffic to and
 from the vpc does not go through the NAT and thus does not incur unnecessary
 data transfer costs.

---
 shared/main.tf | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/shared/main.tf b/shared/main.tf
index 6747f6b..7016bdb 100644
--- a/shared/main.tf
+++ b/shared/main.tf
@@ -261,6 +261,26 @@ resource "aws_internet_gateway" "duracloud" {
   }
 }
 
+# https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/modules/vpc-endpoints
+module "endpoints" {
+  source  = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
+  version = "3.19.0"
+
+  vpc_id = aws_vpc.duracloud.id
+
+  endpoints = {
+    s3 = {
+      service         = "s3"
+      service_type    = "Gateway"
+      route_table_ids = toset([aws_route_table.duracloud_nat.id, aws_route_table.duracloud.id])
+    },
+  }
+
+  tags = {
+    Name = "${var.stack_name}-s3-endpoint"
+  }
+}
+
 resource "aws_eip" "duracloud_nat" {
   vpc = true