[Enhancement]: support service_region with aws_vpc_endpoint (privateLink consumer)

[aneesh-wolt]

Description

aws_vpc_endpoint is missing service_region parameter for the PrivateLink service it connects to

Related to: #40346
This enhancement is missing a related feature with vpc_endpoint connections

VPC Endpoints should verify the service_name they attach to and the region should be provided when establishing a connection.

AWS Changes : https://github.com/aws/aws-sdk-go-v2/blob/release-2024-11-26/service/ec2/CHANGELOG.md#v11940-2024-11-26

Affected Resource(s) and/or Data Source(s)

aws_vpc_endpoint
data.aws_vpc_endpoint

Potential Terraform Configuration

provider "aws" {
  region = "us-west-2"
}

resource "aws_vpc_endpoint" "this" {
  vpc_id              = "vpc-id"
  service_name        = "com.amazonaws.vpce.eu-west-1.vpce-svc-1234567890"
  service_region      = "eu-west-1"
  vpc_endpoint_type   = "Interface"
  subnet_ids          = ["subnets"]
  private_dns_enabled = true
  security_group_ids  = ["sg-id"]
}

References

https://github.com/aws/aws-sdk-go-v2/blob/release-2024-11-26/service/ec2/CHANGELOG.md#v11940-2024-11-26
#40346

Would you like to implement a fix?

No

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[bacoboy-doordash]

Confirmed this does not work even though the region is in the service name. Looks like a change is needed.

Should terraform pull the region automatically from the service name rather than force people to pass it?

Example:

com.amazonaws.vpce.eu-west-1.vpce-svc-1234567890abcdef01

would imply eu-west-1 ?

[MS99-9]

Is anyone working on this issue? I want to try fixing it cc @ewbankkit

[drewtul]

There are cases where the region may not be present in the service name, so there will need to be an parameter to specify service name explicitly.

[bacoboy-doordash]

That might be why they chose to be specific at the underlying API level. Was just an idea.

So has somebody picked this up? I peeked at @MS99-9's fork and didn't see any activity.

[MS99-9]

@bacoboy-doordash I am working on it. Let me push my progress tomorrow latest. I added the service_region to the schema and updated the create function. I also added another function to verify that the service exists in this region. Currently I am adding the test functions and afterwards I will check read,update,destroy functions

[drewtul]

That might be why they chose to be specific at the underlying API level. Was just an idea.

So has somebody picked this up? I peeked at @MS99-9's fork and didn't see any activity.

No worries, it was a good idea, it being automatic would be easier for users, I asked the same question.

[catrielg]

Kindly update the documentation when the feature is ready. I also don't see the new related argument for aws_vpc_endpoint_service since the feature was added for #40321

[github-actions]

Warning

This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[github-actions]

This functionality has been released in v5.82.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[CarlosLanderas]

Thanks for the contribution @MS99-9. I'm testing v 5.82.1 and I can confirm it works like a charm now when creating cross region VPC endpoints!

PD: Referencing my previous comment HERE