I created a stack in CloudFormation and I need help to improve it. In the stack below I have a VPC Endpoint but it is not possible to create it twice, that is, I cannot have two equal services name. Does anyone have any idea to create a condition that if the VPC Endpoint is created it skips this step?
VPCEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
ServiceName: !Join
- ''
- - com.amazonaws.
- !Ref 'AWS::Region'
- .execute-api
PrivateDnsEnabled: true
SecurityGroupIds:
- !Ref 9SecurityGroupId
SubnetIds:
Ref: 8SubnetIds
VpcEndpointType: Interface
VpcId:
Ref: 7VpcId
APIGateway:
Type: AWS::ApiGateway::RestApi
Properties:
Name: !Ref 1Name
EndpointConfiguration:
Types:
- PRIVATE
VpcEndpointIds:
- !Ref VPCEndpoint
Policy:
Statement:
- Action: 'execute-api:Invoke'
Effect: Allow
Principal: '*'
Resource: 'execute-api:/*'
- Action: 'execute-api:Invoke'
Condition:
StringNotEquals:
'aws:SourceVpce': !Ref VPCEndpoint
Effect: Deny
Principal: '*'
Resource: 'execute-api:/*'
Version: 2012-10-17
Does anyone have any idea to create a condition that if the VPC Endpoint is created it skips this step?
Yes, you have to either create macro or custom resource if you want the detection of pre-existing resources to be fully automated.
Otherwise, you can just create an input parameter to your template, e.g. ShouldCreateTheInterfaceEndpoint. Then you just set it to false or true when you deploy your template.