{ "description": "VPCEndpoint is the Schema for the VPCEndpoints API. Provides a VPC Endpoint resource.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "VPCEndpointSpec defines the desired state of VPCEndpoint", "properties": { "deletionPolicy": { "default": "Delete", "description": "DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either \"Delete\" or \"Orphan\" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223", "enum": [ "Orphan", "Delete" ], "type": "string" }, "forProvider": { "properties": { "autoAccept": { "description": "Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).", "type": "boolean" }, "dnsOptions": { "description": "The DNS options for the endpoint. See dns_options below.", "properties": { "dnsRecordIpType": { "description": "The DNS records created for the endpoint. Valid values are ipv4, dualstack, service-defined, and ipv6.", "type": "string" }, "privateDnsOnlyForInboundResolverEndpoint": { "description": "Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint. Default is false. Can only be specified if private_dns_enabled is true.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "ipAddressType": { "description": "The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.", "type": "string" }, "policy": { "description": "A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.", "type": "string" }, "privateDnsEnabled": { "description": "Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint.\nDefaults to false.", "type": "boolean" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "resourceConfigurationArn": { "description": "The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.", "type": "string" }, "resourceConfigurationArnRef": { "description": "Reference to a ResourceConfiguration in vpclattice to populate resourceConfigurationArn.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "resourceConfigurationArnSelector": { "description": "Selector for a ResourceConfiguration in vpclattice to populate resourceConfigurationArn.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "serviceName": { "description": "The service name. For AWS services the service name is usually in the form com.amazonaws.. (the SageMaker AI Notebook service is an exception to this rule, the service name is in the form aws.sagemaker..notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.", "type": "string" }, "serviceNameRef": { "description": "Reference to a VPCEndpointService in ec2 to populate serviceName.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "serviceNameSelector": { "description": "Selector for a VPCEndpointService in ec2 to populate serviceName.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "serviceNetworkArn": { "description": "The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.", "type": "string" }, "serviceNetworkArnRef": { "description": "Reference to a ServiceNetwork in vpclattice to populate serviceNetworkArn.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "serviceNetworkArnSelector": { "description": "Selector for a ServiceNetwork in vpclattice to populate serviceNetworkArn.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "serviceRegion": { "description": "- The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.", "type": "string" }, "subnetConfiguration": { "description": "Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.", "items": { "properties": { "ipv4": { "description": "The IPv4 address to assign to the endpoint network interface in the subnet. You must provide an IPv4 address if the VPC endpoint supports IPv4.", "type": "string" }, "ipv6": { "description": "The IPv6 address to assign to the endpoint network interface in the subnet. You must provide an IPv6 address if the VPC endpoint supports IPv6.", "type": "string" }, "subnetId": { "description": "The ID of the subnet. Must have a corresponding subnet in the subnet_ids argument.", "type": "string" }, "subnetIdRef": { "description": "Reference to a Subnet in ec2 to populate subnetId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "subnetIdSelector": { "description": "Selector for a Subnet in ec2 to populate subnetId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "vpcEndpointType": { "description": "The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.", "type": "string" }, "vpcId": { "description": "The ID of the VPC in which the endpoint will be used.", "type": "string" }, "vpcIdRef": { "description": "Reference to a VPC in ec2 to populate vpcId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "vpcIdSelector": { "description": "Selector for a VPC in ec2 to populate vpcId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "region" ], "type": "object", "additionalProperties": false }, "initProvider": { "description": "THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.", "properties": { "autoAccept": { "description": "Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).", "type": "boolean" }, "dnsOptions": { "description": "The DNS options for the endpoint. See dns_options below.", "properties": { "dnsRecordIpType": { "description": "The DNS records created for the endpoint. Valid values are ipv4, dualstack, service-defined, and ipv6.", "type": "string" }, "privateDnsOnlyForInboundResolverEndpoint": { "description": "Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint. Default is false. Can only be specified if private_dns_enabled is true.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "ipAddressType": { "description": "The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.", "type": "string" }, "policy": { "description": "A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.", "type": "string" }, "privateDnsEnabled": { "description": "Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint.\nDefaults to false.", "type": "boolean" }, "resourceConfigurationArn": { "description": "The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.", "type": "string" }, "resourceConfigurationArnRef": { "description": "Reference to a ResourceConfiguration in vpclattice to populate resourceConfigurationArn.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "resourceConfigurationArnSelector": { "description": "Selector for a ResourceConfiguration in vpclattice to populate resourceConfigurationArn.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "serviceName": { "description": "The service name. For AWS services the service name is usually in the form com.amazonaws.. (the SageMaker AI Notebook service is an exception to this rule, the service name is in the form aws.sagemaker..notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.", "type": "string" }, "serviceNameRef": { "description": "Reference to a VPCEndpointService in ec2 to populate serviceName.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "serviceNameSelector": { "description": "Selector for a VPCEndpointService in ec2 to populate serviceName.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "serviceNetworkArn": { "description": "The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.", "type": "string" }, "serviceNetworkArnRef": { "description": "Reference to a ServiceNetwork in vpclattice to populate serviceNetworkArn.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "serviceNetworkArnSelector": { "description": "Selector for a ServiceNetwork in vpclattice to populate serviceNetworkArn.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "serviceRegion": { "description": "- The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.", "type": "string" }, "subnetConfiguration": { "description": "Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.", "items": { "properties": { "ipv4": { "description": "The IPv4 address to assign to the endpoint network interface in the subnet. You must provide an IPv4 address if the VPC endpoint supports IPv4.", "type": "string" }, "ipv6": { "description": "The IPv6 address to assign to the endpoint network interface in the subnet. You must provide an IPv6 address if the VPC endpoint supports IPv6.", "type": "string" }, "subnetId": { "description": "The ID of the subnet. Must have a corresponding subnet in the subnet_ids argument.", "type": "string" }, "subnetIdRef": { "description": "Reference to a Subnet in ec2 to populate subnetId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "subnetIdSelector": { "description": "Selector for a Subnet in ec2 to populate subnetId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "vpcEndpointType": { "description": "The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.", "type": "string" }, "vpcId": { "description": "The ID of the VPC in which the endpoint will be used.", "type": "string" }, "vpcIdRef": { "description": "Reference to a VPC in ec2 to populate vpcId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "vpcIdSelector": { "description": "Selector for a VPC in ec2 to populate vpcId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "managementPolicies": { "default": [ "*" ], "description": "THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md", "items": { "description": "A ManagementAction represents an action that the Crossplane controllers\ncan take on an external resource.", "enum": [ "Observe", "Create", "Update", "Delete", "LateInitialize", "*" ], "type": "string" }, "type": "array" }, "providerConfigRef": { "default": { "name": "default" }, "description": "ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "writeConnectionSecretToRef": { "description": "WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.", "properties": { "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "name", "namespace" ], "type": "object", "additionalProperties": false } }, "required": [ "forProvider" ], "type": "object", "additionalProperties": false }, "status": { "description": "VPCEndpointStatus defines the observed state of VPCEndpoint.", "properties": { "atProvider": { "properties": { "arn": { "description": "The Amazon Resource Name (ARN) of the VPC endpoint.", "type": "string" }, "autoAccept": { "description": "Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).", "type": "boolean" }, "cidrBlocks": { "description": "The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.", "items": { "type": "string" }, "type": "array" }, "dnsEntry": { "description": "The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.", "items": { "properties": { "dnsName": { "description": "The DNS name.", "type": "string" }, "hostedZoneId": { "description": "The ID of the private hosted zone.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "dnsOptions": { "description": "The DNS options for the endpoint. See dns_options below.", "properties": { "dnsRecordIpType": { "description": "The DNS records created for the endpoint. Valid values are ipv4, dualstack, service-defined, and ipv6.", "type": "string" }, "privateDnsOnlyForInboundResolverEndpoint": { "description": "Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint. Default is false. Can only be specified if private_dns_enabled is true.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "id": { "description": "The ID of the VPC endpoint.", "type": "string" }, "ipAddressType": { "description": "The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.", "type": "string" }, "networkInterfaceIds": { "description": "One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "ownerId": { "description": "The ID of the AWS account that owns the VPC endpoint.", "type": "string" }, "policy": { "description": "A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.", "type": "string" }, "prefixListId": { "description": "The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.", "type": "string" }, "privateDnsEnabled": { "description": "Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint.\nDefaults to false.", "type": "boolean" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "requesterManaged": { "description": "Whether or not the VPC Endpoint is being managed by its service - true or false.", "type": "boolean" }, "resourceConfigurationArn": { "description": "The ARN of a Resource Configuration to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.", "type": "string" }, "routeTableIds": { "description": "One or more route table IDs. Applicable for endpoints of type Gateway.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "securityGroupIds": { "description": "The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface.\nIf no security groups are specified, the VPC's default security group is associated with the endpoint.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "serviceName": { "description": "The service name. For AWS services the service name is usually in the form com.amazonaws.. (the SageMaker AI Notebook service is an exception to this rule, the service name is in the form aws.sagemaker..notebook). Exactly one of resource_configuration_arn, service_name or service_network_arn is required.", "type": "string" }, "serviceNetworkArn": { "description": "The ARN of a Service Network to connect this VPC Endpoint to. Exactly one of resource_configuration_arn, service_name or service_network_arn is required.", "type": "string" }, "serviceRegion": { "description": "- The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type Interface.", "type": "string" }, "state": { "description": "The state of the VPC endpoint.", "type": "string" }, "subnetConfiguration": { "description": "Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.", "items": { "properties": { "ipv4": { "description": "The IPv4 address to assign to the endpoint network interface in the subnet. You must provide an IPv4 address if the VPC endpoint supports IPv4.", "type": "string" }, "ipv6": { "description": "The IPv6 address to assign to the endpoint network interface in the subnet. You must provide an IPv6 address if the VPC endpoint supports IPv6.", "type": "string" }, "subnetId": { "description": "The ID of the subnet. Must have a corresponding subnet in the subnet_ids argument.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "subnetIds": { "description": "The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface. Interface type endpoints cannot function without being assigned to a subnet.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "tagsAll": { "additionalProperties": { "type": "string" }, "description": "A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.", "type": "object", "x-kubernetes-map-type": "granular" }, "vpcEndpointType": { "description": "The VPC endpoint type, Gateway, GatewayLoadBalancer,Interface, Resource or ServiceNetwork. Defaults to Gateway.", "type": "string" }, "vpcId": { "description": "The ID of the VPC in which the endpoint will be used.", "type": "string" } }, "type": "object", "additionalProperties": false }, "conditions": { "description": "Conditions of the resource.", "items": { "description": "A Condition that may apply to a resource.", "properties": { "lastTransitionTime": { "description": "LastTransitionTime is the last time this condition transitioned from one\nstatus to another.", "format": "date-time", "type": "string" }, "message": { "description": "A Message containing details about this condition's last transition from\none status to another, if any.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "type": "integer" }, "reason": { "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { "description": "Type of this condition. At most one of each condition type may apply to\na resource at any point in time.", "type": "string" } }, "required": [ "lastTransitionTime", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "observedGeneration": { "description": "ObservedGeneration is the latest metadata.generation\nwhich resulted in either a ready state, or stalled due to error\nit can not recover from without human intervention.", "format": "int64", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }