terraform-aws-modules
diff --git a/‎README.md‎
Lines changed: 8 additions & 1 deletion b/‎README.md‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎outputs.tf‎
Lines changed: 16 additions & 0 deletions b/‎outputs.tf‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎variables.tf‎
Lines changed: 24 additions & 0 deletions b/‎variables.tf‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎vpc-endpoints.tf‎
Lines changed: 23 additions & 0 deletions b/‎vpc-endpoints.tf‎
Lines changed: 23 additions & 0 deletions
@@ -20,7 +20,7 @@ These types of resources are supported:
 * [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html):
  * Gateway: S3, DynamoDB
  * Interface: EC2, SSM, EC2 Messages, SSM Messages, SQS, ECR API, ECR DKR, API Gateway, KMS, 
-ECS, ECS Agent, ECS Telemetry, SNS, STS, Glue, CloudWatch(Monitoring, Logs, Events), 
+ECS, ECS Agent, ECS Telemetry, SES, SNS, STS, Glue, CloudWatch(Monitoring, Logs, Events), 
 Elastic Load Balancing, CloudTrail, Secrets Manager, Config, CodeBuild, CodeCommit, 
 Git-Codecommit, Transfer Server, Kinesis Streams, Kinesis Firehose, SageMaker(Notebook, Runtime, API), 
 CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog, AppStream,
@@ -397,6 +397,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | enable\_sagemaker\_runtime\_endpoint | Should be true if you want to provision a SageMaker Runtime endpoint to the VPC | `bool` | `false` | no |
 | enable\_secretsmanager\_endpoint | Should be true if you want to provision an Secrets Manager endpoint to the VPC | `bool` | `false` | no |
 | enable\_servicecatalog\_endpoint | Should be true if you want to provision a Service Catalog endpoint to the VPC | `bool` | `false` | no |
+| enable\_ses\_endpoint | Should be true if you want to provision an SES endpoint to the VPC | `bool` | `false` | no |
 | enable\_sns\_endpoint | Should be true if you want to provision a SNS endpoint to the VPC | `bool` | `false` | no |
 | enable\_sqs\_endpoint | Should be true if you want to provision an SQS endpoint to the VPC | `bool` | `false` | no |
 | enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | `bool` | `false` | no |
@@ -513,6 +514,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | servicecatalog\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Service Catalog endpoint | `bool` | `false` | no |
 | servicecatalog\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Service Catalog endpoint | `list(string)` | `[]` | no |
 | servicecatalog\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Service Catalog endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
+| ses\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SES endpoint | `bool` | `false` | no |
+| ses\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SES endpoint | `list(string)` | `[]` | no |
+| ses\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
 | single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `false` | no |
 | sns\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SNS endpoint | `bool` | `false` | no |
 | sns\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SNS endpoint | `list(string)` | `[]` | no |
@@ -736,6 +740,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | vpc\_endpoint\_servicecatalog\_dns\_entry | The DNS entries for the VPC Endpoint for Service Catalog. |
 | vpc\_endpoint\_servicecatalog\_id | The ID of VPC endpoint for Service Catalog |
 | vpc\_endpoint\_servicecatalog\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for Service Catalog. |
+| vpc\_endpoint\_ses\_dns\_entry | The DNS entries for the VPC Endpoint for SES. |
+| vpc\_endpoint\_ses\_id | The ID of VPC endpoint for SES |
+| vpc\_endpoint\_ses\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SES. |
 | vpc\_endpoint\_sns\_dns\_entry | The DNS entries for the VPC Endpoint for SNS. |
 | vpc\_endpoint\_sns\_id | The ID of VPC endpoint for SNS |
 | vpc\_endpoint\_sns\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SNS. |
 
@@ -1087,6 +1087,22 @@ output "vpc_endpoint_cloud_directory_dns_entry" {
  value = flatten(aws_vpc_endpoint.cloud_directory.*.dns_entry)
 }
 
+output "vpc_endpoint_ses_id" {
+ description = "The ID of VPC endpoint for SES"
+ value = concat(aws_vpc_endpoint.ses.*.id, [""])[0]
+}
+
+output "vpc_endpoint_ses_network_interface_ids" {
+ description = "One or more network interfaces for the VPC Endpoint for SES."
+ value = flatten(aws_vpc_endpoint.ses.*.network_interface_ids)
+}
+
+output "vpc_endpoint_ses_dns_entry" {
+ description = "The DNS entries for the VPC Endpoint for SES."
+ value = flatten(aws_vpc_endpoint.ses.*.dns_entry)
+}
+
+
 # VPC flow log
 output "vpc_flow_log_id" {
  description = "The ID of the Flow Log resource"
 
@@ -1323,6 +1323,30 @@ variable "cloud_directory_endpoint_private_dns_enabled" {
  default = false
 }
 
+variable "enable_ses_endpoint" {
+ description = "Should be true if you want to provision an SES endpoint to the VPC"
+ type = bool
+ default = false
+}
+
+variable "ses_endpoint_security_group_ids" {
+ description = "The ID of one or more security groups to associate with the network interface for SES endpoint"
+ type = list(string)
+ default = []
+}
+
+variable "ses_endpoint_subnet_ids" {
+ description = "The ID of one or more subnets in which to create a network interface for SES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+ type = list(string)
+ default = []
+}
+
+variable "ses_endpoint_private_dns_enabled" {
+ description = "Whether or not to associate a private hosted zone with the specified VPC for SES endpoint"
+ type = bool
+ default = false
+}
+
 
 variable "map_public_ip_on_launch" {
  description = "Should be false if you do not want to auto-assign public IP on launch"
 
@@ -1026,3 +1026,26 @@ resource "aws_vpc_endpoint" "cloud_directory" {
 
  tags = local.vpce_tags
 }
+
+#######################
+# VPC Endpoint for SES
+#######################
+data "aws_vpc_endpoint_service" "ses" {
+ count = var.create_vpc && var.enable_ses_endpoint ? 1 : 0
+
+ service = "email-smtp"
+}
+
+resource "aws_vpc_endpoint" "ses" {
+ count = var.create_vpc && var.enable_ses_endpoint ? 1 : 0
+
+ vpc_id = local.vpc_id
+ service_name = data.aws_vpc_endpoint_service.ses[0].service_name
+ vpc_endpoint_type = "Interface"
+
+ security_group_ids = var.ses_endpoint_security_group_ids
+ subnet_ids = coalescelist(var.ses_endpoint_subnet_ids, aws_subnet.private.*.id)
+ private_dns_enabled = var.ses_endpoint_private_dns_enabled
+
+ tags = local.vpce_tags
+}