Terraform cannot into PrivateLink ECR
-
So AWS supports PrivateLink (VPC endpoints) to connect things without needing them to traverse the internet. And Terraform, says it supports this. But, it doesn't. It supports Gateway type interfaces and outright lies about supporting any other type. I have limited experimental results to back this up.
So only two services use Gateway type endpoints, everything interesting wants Interface type endpoints. For instance, ECR wants interface type endpoints.
Dunno why Hashicorp released half of support for this feature.
-
@Gribnit So what was the thing you wanted help with?
-
@pie_flavor I'm trying to figure out what is wrong with the assertion "Terraform can't set up anything but Gateway VPE connections". Unfortunately what I want to do depends on setting up an Interface VPE connection. So I'm hoping there's something wrong with the assertion and if I make it angrily enough, someone will correct it.
So far I've got it to create the VPC Endpoints and it accepts the subnet IDs I give it for the interface endpoint and it accepts the routing table IDs I give it for the gateway endpoint. Since I need one of each in order to connect to ECR, one for ECR is Interface and the one for S3 is Gateway. Can't tell if the one for S3 works because the one for ECR definitely doesn't work.
However, Terraform doesn't complain that there's anything wrong about the setup. Not that it necessarily would, it just doesn't see anything grossly wrong with the setup.
