How to add security group to VPC Endpoint in CDK (AWS)

Question

I have an existing VPC endpoint on my AWS account. When I deploy my CDK stack i need to somehow add a security group to that VPC endpoint for my server to be able to talk to a Redshift cluster on another network.

I define my security group like this:

const securityGroup = new ec2.SecurityGroup(this, "SecurityGroup", {
        vpc,
        allowAllOutbound: true,
    });

How can I add that security group to the VPC endpoint? I know the endpoint ID but somehow cant figure out how to do this. I have tried to get the VPC endpoint by ID and played around with security groups

Coin Graham Coin Graham · Accepted Answer · 2021-05-18T17:50:44

You'll want to use ec2.InterfaceVpcEndpoint which creates a new Vpc Endpoint and allows for you to add in security groups ids. Borrowing from here it might look like this:

    ec2.InterfaceVpcEndpoint(
        self,
        "VPCe - Redshift",
        service=ec2.InterfaceVpcEndpointService("redshift.amazonaws.com")
        ),
        private_dns_enabled=True,
        vpc=self.vpc,
        security_groups=[securityGroup],
    )

How to add security group to VPC Endpoint in CDK (AWS)

1 Answers