VPC endpoints support for aws provider

[mqxter]

Currently there is no support for vpc endpoints (s3, ecr kms etc).
Clusters that reside in private/local subnets need a connection to aws services in order to pull/push docker images(ecr), use s3 or kms without going through the internet.

v0.18.1

[darryl-sw]

VPC Endpoint support will be useful for me as well.

For my use case, I have private resources scattered across several AWS Accounts/VPCs that I would like to connect to from my cluster. As such, I would like to be able to create a VPC endpoint resource from my cluster, so that my cluster will be able to hit those resources.

Will be happy to contribute to this if this is not already in the works.

[Dkaykay]

Related:
VPC Peering Connections might be supported soon, see #689

[darryl-sw]

Starting work on VPC Endpoint.
Objective: create a VPC Endpoint object from Crossplane.

[yogeek]

Are VPC endpoint service and interface endpoint documented here going to be included in this on going work please ?

By this I mean : today we are creating these 2 resources with Terraform (1 VPC Endpoint Interface linked to 1 VPC Load Balancer Endpoint Service) in order to provide internal access to the LB of an Istio ingress gateway and as this must happen after istio deployment, we would prefer to do it with Crossplane + gitops:

EC2 --> VPC Endpoint (in VPC1) --> VPC Endpoint Service (in VPC2) --> NetworkLoadBalancer --> EC2

[darryl-sw]

At the moment no. I'm not planning for VPC Endpoint Service.

[hanlins]

Hi @darryl-sw, I'm facing similar use cases as @yogeek mentioned, is it possible to also introduce VPC endpoint service? Or we make this issue for VPC endpoint only, and open a separate PR for VPC endpoint service support?
cc @haarchri