updates

terraform/main.tf

@@ -103,3 +103,81 @@ module "s3-dest" {
   #   ]
   # }
 }
+
+# REGION 1 (us-east-1)
+# ====================================
+
+data "aws_vpc" "region1" {
+  # provider = aws.us-west-2
+
+  default = true
+  state   = "available"
+}
+
+data "aws_subnet" "region1" {
+  # provider = aws.us-west-2
+
+  vpc_id            = data.aws_vpc.region1.id
+  availability_zone = "us-east-1a"
+  state             = "available"
+}
+
+module "vpc-endpoint-s3-global-region1" {
+  source = "./modules/vpc-endpoint"
+
+  private_dns_only_for_inbound_resolver_endpoint = false
+  configuration = {
+    service_name = "com.amazonaws.s3-global.accesspoint"
+    subnet_type  = "Private"
+    region       = "us-east-1"
+  }
+
+  vpc_id     = data.aws_vpc.region1.id
+  subnet_ids = [data.aws_subnet.region1.id]
+}
+
+# REGION 2 (us-west-2)
+# ====================================
+
+data "aws_vpc" "region2" {
+  provider = aws.us-west-2
+
+  default = true
+  state   = "available"
+}
+
+data "aws_subnet" "region2" {
+  provider = aws.us-west-2
+
+  vpc_id            = data.aws_vpc.region2.id
+  availability_zone = "us-west-2a"
+  state             = "available"
+}
+
+module "vpc-endpoint-s3-global-region2" {
+  providers = {
+    aws = aws.us-west-2
+  }
+  source = "./modules/vpc-endpoint"
+
+  private_dns_only_for_inbound_resolver_endpoint = false
+  configuration = {
+    service_name = "com.amazonaws.s3-global.accesspoint"
+    subnet_type  = "Private"
+    region       = "us-west-2"
+  }
+
+  vpc_id     = data.aws_vpc.region2.id
+  subnet_ids = [data.aws_subnet.region2.id]
+}
+
+# S3 MRAP
+# ====================================
+
+module "s3-mrap" {
+  source = "./modules/s3-control"
+
+  create_mrap       = true
+  mrap_name         = "example-test-mrap"
+  mrap_bucket_names = [module.s3-source.bucket_name, module.s3-dest.bucket_name]
+}

terraform/modules/s3-control/main.tf

@@ -0,0 +1,24 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.50.0"
+    }
+  }
+}
+
+resource "aws_s3control_multi_region_access_point" "mrap" {
+  count = var.create_mrap ? 1 : 0
+
+  details {
+    name = var.mrap_name
+
+    region {
+      bucket = var.mrap_bucket_names[0]
+    }
+
+    region {
+      bucket = var.mrap_bucket_names[1]
+    }
+  }
+}

terraform/modules/s3-control/outputs.tf

@@ -0,0 +1,7 @@
+output "arn" {
+  value = aws_s3control_multi_region_access_point.mrap[0].arn
+}
+
+output "alias" {
+  value = aws_s3control_multi_region_access_point.mrap[0].alias
+}

terraform/modules/s3-control/vars.tf

@@ -0,0 +1,19 @@
+# variable "version" {
+#   description = "The module version"
+#   type        = string
+# }
+
+variable "create_mrap" {
+  description = "Whether to create MRAP or not"
+  type        = bool
+}
+
+variable "mrap_name" {
+  description = "The name of the MRAP"
+  type        = string
+}
+
+variable "mrap_bucket_names" {
+  description = "The bucket names for the MRAP"
+  type        = list(string)
+}

terraform/modules/vpc-endpoint/main.tf

@@ -0,0 +1,17 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.50.0"
+    }
+  }
+}
+
+resource "aws_vpc_endpoint" "endpoint" {
+  vpc_endpoint_type = "Interface"
+  vpc_id            = var.vpc_id
+  service_name      = var.configuration.service_name
+  subnet_ids        = var.subnet_ids
+  # security_group_ids  = var.security_group_ids
+  private_dns_enabled = var.private_dns_only_for_inbound_resolver_endpoint
+}

terraform/modules/vpc-endpoint/outputs.tf

@@ -0,0 +1,7 @@
+output "id" {
+  value = aws_vpc_endpoint.endpoint.id
+}
+
+output "dns" {
+  value = aws_vpc_endpoint.endpoint.dns_entry[0].dns_name
+}

terraform/modules/vpc-endpoint/vars.tf

@@ -0,0 +1,36 @@
+# variable "version" {
+#   description = "The module version"
+#   type        = string
+# }
+
+variable "private_dns_only_for_inbound_resolver_endpoint" {
+  description = "Private DNS only for inbound resolver endpoint"
+  type        = bool
+}
+
+variable "configuration" {
+  description = "The configuration for the VPC endpoint"
+  type = object({
+    service_name = string
+    subnet_type  = string
+    region       = string
+  })
+}
+
+variable "vpc_id" {
+  description = "The VPC ID"
+  type        = string
+  default     = "VPC_ID_HERE"
+}
+
+variable "subnet_ids" {
+  description = "The subnet IDs"
+  type        = list(string)
+  default     = ["SUBNET_IDS_HERE"]
+}
+
+variable "security_group_ids" {
+  description = "The security group IDs"
+  type        = list(string)
+  default     = ["SECURITY_GROUP_IDS_HERE"]
+}