Only enable VPC endpoints determined by CLI setup config

manuwaik · Jan 29, 2024 · a3befe6 · a3befe6
1 parent b770d2d
commit a3befe6
Showing 1 changed file with 39 additions and 30 deletions.
diff --git a/lib/shared/index.ts b/lib/shared/index.ts
@@ -126,11 +126,6 @@ export class Shared extends Construct {
           service: ec2.InterfaceVpcEndpointAwsService.LAMBDA,
       });
 
-      // Create VPC Endpoint for Kendra
-      vpc.addInterfaceEndpoint("KendraEndpoint", {
-          service: ec2.InterfaceVpcEndpointAwsService.KENDRA,
-      });
-
       // Create VPC Endpoint for SNS
       vpc.addInterfaceEndpoint("SNSEndpoint", {
           service: ec2.InterfaceVpcEndpointAwsService.SNS,
@@ -146,31 +141,6 @@ export class Shared extends Construct {
           service: ec2.InterfaceVpcEndpointAwsService.SSM,
       });
 
-      // Create VPC Endpoint for RDS
-      vpc.addInterfaceEndpoint("RDSEndpoint", {
-          service: ec2.InterfaceVpcEndpointAwsService.RDS,
-      });
-
-      // Create VPC Endpoint for RDS Data
-      vpc.addInterfaceEndpoint("RDSDataEndpoint", {
-          service: ec2.InterfaceVpcEndpointAwsService.RDS_DATA,
-      });
-
-      // Create VPC Endpoint for ECS
-      vpc.addInterfaceEndpoint("ECSEndpoint", {
-          service: ec2.InterfaceVpcEndpointAwsService.ECS,
-      });
-
-      // Create VPC Endpoint for Batch
-      vpc.addInterfaceEndpoint("BatchEndpoint", {
-          service: ec2.InterfaceVpcEndpointAwsService.BATCH,
-      });
-
-      // Create VPC Endpoint for EC2
-      vpc.addInterfaceEndpoint("EC2Endpoint", {
-          service: ec2.InterfaceVpcEndpointAwsService.EC2,
-      });
-
       // Create VPC Endpoint for KMS
       vpc.addInterfaceEndpoint("KMSEndpoint", {
           service: ec2.InterfaceVpcEndpointAwsService.KMS,
@@ -183,6 +153,45 @@ export class Shared extends Construct {
           privateDnsEnabled: true
         });
       }
+
+      // Create VPC Endpoint for Kendra
+      if (props.config.rag.engines.kendra.enabled){
+        vpc.addInterfaceEndpoint("KendraEndpoint", {
+            service: ec2.InterfaceVpcEndpointAwsService.KENDRA,
+        });
+      }
+
+      // Create VPC Endpoint for RDS/Aurora
+      if (props.config.rag.engines.aurora.enabled) {
+        vpc.addInterfaceEndpoint("RDSEndpoint", {
+            service: ec2.InterfaceVpcEndpointAwsService.RDS,
+        });
+
+        // Create VPC Endpoint for RDS Data
+        vpc.addInterfaceEndpoint("RDSDataEndpoint", {
+            service: ec2.InterfaceVpcEndpointAwsService.RDS_DATA,
+        });
+      }
+
+      // Create VPC Endpoints needed for Aurora & Opensearch Indexing
+      if (props.config.rag.engines.aurora.enabled ||
+        props.config.rag.engines.opensearch.enabled) {
+        // Create VPC Endpoint for ECS
+        vpc.addInterfaceEndpoint("ECSEndpoint", {
+            service: ec2.InterfaceVpcEndpointAwsService.ECS,
+        });
+
+        // Create VPC Endpoint for Batch
+        vpc.addInterfaceEndpoint("BatchEndpoint", {
+            service: ec2.InterfaceVpcEndpointAwsService.BATCH,
+        });
+
+        // Create VPC Endpoint for EC2
+        vpc.addInterfaceEndpoint("EC2Endpoint", {
+            service: ec2.InterfaceVpcEndpointAwsService.EC2,
+        });
+      }
+
     }
 
     const configParameter = new ssm.StringParameter(this, "Config", {