opensearch-project · peternied · Nov 20, 2024 · Nov 19, 2024 · Nov 19, 2024 · Nov 19, 2024
@@ -11,13 +11,19 @@ import {Construct} from 'constructs';
 import {
     BlockDeviceVolume,
     CloudFormationInit,
+    GatewayVpcEndpoint,
+    GatewayVpcEndpointAwsService,
+    IVpc,
     InitCommand,
     InitElement,
     InitFile,
     Instance,
     InstanceClass,
     InstanceSize,
     InstanceType,
+    InterfaceVpcEndpoint,
+    InterfaceVpcEndpointAwsService,
+    IpProtocol,
     MachineImage,
     Vpc
 } from "aws-cdk-lib/aws-ec2";
@@ -79,7 +85,7 @@ function addParameterLabel(labels: Record<string, ParameterLabel>, parameter: Cf
     labels[parameter.logicalId] = {"default": labelName}
 }
 
-function importVPC(stack: Stack, vpdIdParameter: CfnParameter, availabilityZonesParameter: CfnParameter, privateSubnetIdsParameter: CfnParameter) {
+function importVPC(stack: Stack, vpdIdParameter: CfnParameter, availabilityZonesParameter: CfnParameter, privateSubnetIdsParameter: CfnParameter): IVpc {
     const availabilityZones = availabilityZonesParameter.valueAsList
     const privateSubnetIds = privateSubnetIdsParameter.valueAsList
     return Vpc.fromVpcAttributes(stack, 'ImportedVPC', {
@@ -95,6 +101,14 @@ function generateExportString(exports:  Record<string, string>): string {
         .join("; ");
 }
 
+function getVpcEndpointForEFS(stack: Stack): InterfaceVpcEndpointAwsService {
+    const isGovRegion = stack.region?.startsWith('us-gov-')
+    if (isGovRegion) {
+        return InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM_FIPS;
+    }
+    return InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM;
+}
+
 export class SolutionsInfrastructureStack extends Stack {
 
     constructor(scope: Construct, id: string, props: SolutionsInfrastructureStackProps) {
@@ -162,9 +176,33 @@ export class SolutionsInfrastructureStack extends Stack {
             role: bootstrapRole
         })
 
-        let vpc;
+        let vpc: IVpc;
         if (props.createVPC) {
-            vpc = new Vpc(this, 'Vpc', {});
+            vpc = new Vpc(this, 'Vpc', {
+                ipProtocol: IpProtocol.DUAL_STACK
+            });
+            // S3 used for storage and retrieval of snapshot data for backfills
+            new GatewayVpcEndpoint(this, 'S3VpcEndpoint', {
+                service: GatewayVpcEndpointAwsService.S3,
+                vpc: vpc,
+            });
+
+            const serviceEndpoints = [
+                // Logs and disk usage scales based on total data transfer 
+                InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS,
+                getVpcEndpointForEFS(this),
+
+                // Elastic container registry is used for all images in the solution
+                InterfaceVpcEndpointAwsService.ECR,
+                InterfaceVpcEndpointAwsService.ECR_DOCKER,
+            ];
+
+            serviceEndpoints.forEach(service => {
+                new InterfaceVpcEndpoint(this, `${service.shortName}VpcEndpoint`, {
+                    service,
+                    vpc: vpc,
+                });
+            })
         }
         else {
             const vpcIdParameter = new CfnParameter(this, 'VPCId', {