[DOM-65702] Adding support for vpc endpoint services in multiple regions

dominodatalab · Feb 25, 2025 · 2b5e289 · 2b5e289
1 parent b529d6a
commit 2b5e289
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/modules/eks/submodules/privatelink/variables.tf b/modules/eks/submodules/privatelink/variables.tf
@@ -64,6 +64,7 @@ variable "privatelink" {
         ports     = List of ports exposing the VPC Endpoint Service. i.e [8080, 8081]
         cert_arn  = Certificate ARN used by the NLB associated for the given VPC Endpoint Service.
         private_dns = Private DNS for the VPC Endpoint Service.
+        supported_regions = The set of regions from which service consumers can access the service.
       }]
     }
   EOF
@@ -79,6 +80,7 @@ variable "privatelink" {
       ports       = optional(list(number))
       cert_arn    = optional(string)
       private_dns = optional(string)
+      supported_regions = optional(set(string))
     })), [])
   })
 

diff --git a/modules/eks/submodules/privatelink/vpc-endpoint-services.tf b/modules/eks/submodules/privatelink/vpc-endpoint-services.tf
@@ -1,5 +1,5 @@
 locals {
-  endpoint_services = { for service in var.privatelink.vpc_endpoint_services : service.name => service.private_dns }
+  endpoint_services = { for service in var.privatelink.vpc_endpoint_services : service.name => {private_dns: service.private_dns, supported_regions: service.supported_regions}}
 
   listeners = distinct(flatten([
     for service in var.privatelink.vpc_endpoint_services : [
@@ -87,18 +87,20 @@ resource "aws_vpc_endpoint_service" "vpc_endpoint_services" {
   acceptance_required        = false
   network_load_balancer_arns = [aws_lb.nlbs[each.key].arn]
 
-  private_dns_name = each.value
+  private_dns_name = each.value.private_dns
 
   tags = {
     "Name" = "${var.deploy_id}-${each.key}"
   }
+
+  supported_regions = each.value.supported_regions
 }
 
 resource "aws_route53_record" "service_endpoint_private_dns_verification" {
   for_each = local.endpoint_services
 
   zone_id = data.aws_route53_zone.hosted.zone_id
-  name    = each.value
+  name    = each.value.private_dns
   type    = "TXT"
   ttl     = 1800
   records = [

diff --git a/modules/eks/variables.tf b/modules/eks/variables.tf
@@ -233,6 +233,7 @@ variable "privatelink" {
         ports     = List of ports exposing the VPC Endpoint Service. i.e [8080, 8081]
         cert_arn  = Certificate ARN used by the NLB associated for the given VPC Endpoint Service.
         private_dns = Private DNS for the VPC Endpoint Service.
+        supported_regions = The set of regions from which service consumers can access the service.
       }]
     }
   EOF
@@ -248,6 +249,7 @@ variable "privatelink" {
       ports       = optional(list(number))
       cert_arn    = optional(string)
       private_dns = optional(string)
+      supported_regions = optional(set(string))
     })), [])
   })