Using Turbot to automate VPC Endpoint creation

Turbot can be configured to automatically create and manage VPC Endpoints in a given VPC. Turbot will only create and manage Gateway Endpoints (S3, DynamoDB). Since Interface Endpoints require more information like security group, Turbot is unable to create them.

To have Turbot automatically create Gateway endpoints, the following policies must be set:

mceclip0.png

mceclip2.png

mceclip3.png

By default, the policy AWS > VPC > Route Table Endpoints Enabled defaults to LimitedDirect and Independent are the other two possible route table types. The route table MUST be associated with the relevant subnet in order for Turbot to appropriately manage the Gateway Endpoints.

These policies can be set at the Turbot level, account level, or even at the VPC level. This gives the ability to have multiple VPCs in the same account - some with endpoints and some without. 

Another important note is that Turbot will not delete the endpoint if the type is removed in the above policy. This is to protect against accidental deletion of resources.

 

Was this article helpful?
0 out of 0 found this helpful