AWS VPC Endpoint for S3 with Terraform - Error: multiple VPC Endpoint Services matched

Question

I'm using aws_vpc_endpoint_service in Terraform (v0.11.14) to create an AWS VPC Endpoint for S3 on my AWS account and recently started facing the following error: Error: multiple VPC Endpoint Services matched; use additional constraints to reduce matches to a single VPC Endpoint Service

The same code was working fine before. What's the resolution?

Abdullah Khawer · Accepted Answer

I have found the solution.

Causes of the Issue:

AWS has just released a new feature in S3 (PrivateLink) which means that multiple results are now being returned when searching for the S3 endpoint service. Reference: Amazon S3 now supports AWS PrivateLink
Singular data sources in the Terraform AWS Provider (like aws_vpc_endpoint_service) return an error if multiple results are returned.

Solution if AWS Provider Version >= v3.10.0:

Use the following in the Terraform template:

data "aws_vpc_endpoint_service" "s3" {
  service      = "s3"
  service_type = "Gateway"
}

Solution if AWS Provider Version < v3.10.0:

If you are unable to update to a recent version of the provider, as a temporary workaround you can also use com.amazonaws.REGION.s3 as an endpoint value in downstream configurations rather than using the datasource.

Use the following in the Terraform template:

data "aws_region" "current" {}

resource "aws_vpc_endpoint" "s3" {
  vpc_id       = "${local.vpc_id}"
  service_name = "com.amazonaws.${data.aws_region.current.name}.s3"
}

That is all.

Previous code for reference that is not working anymore:

data "aws_vpc_endpoint_service" "s3" {
  service = "s3"
}

resource "aws_vpc_endpoint" "s3" {
  vpc_id       = "${local.vpc_id}"
  service_name = "${data.aws_vpc_endpoint_service.s3.service_name}"
}

AWS VPC Endpoint for S3 with Terraform - Error: multiple VPC Endpoint Services matched

Answers (2)

Related Questions