Terraform configuration to set up VPC endpoint to connect to Planetscale from AWS VPC via AWS PrivateLink

planetscale-vpc-endpoint.tf

# Private networking from VPC -> PlanetScale
# Based on https://planetscale.com/docs/vitess/connecting/private-connections
#
# Verified!
#   root@ubuntu:/# dig +short aws-us-east-2.private-connect.psdb.cloudt-2.pri
#   10.0.1.104
#   10.0.2.131
#   10.0.0.161
#   root@ubuntu:/# curl https://aws-us-east-2.private-connect.psdb.cloud
#   Welcome to PlanetScale.
#
module "planetscale_vpce_sg" {
  source  = "terraform-aws-modules/security-group/aws//modules/https-443"
  version = "5.3.0"

  name        = "${module.this.id}-planetscale-vpce"
  description = "Ingress 443 from VPC to PlanetScale PrivateLink"
  vpc_id      = module.vpc.vpc_id # assumes you are deploying your VPC in the same root module 

  ingress_cidr_blocks = [module.vpc.vpc_cidr_block] # would be better to allow ingress from specific Security Groups 
}

module "planetscale_vpce" {
  source  = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
  version = "6.4.0"

  vpc_id             = module.vpc.vpc_id
  security_group_ids = [module.planetscale_vpce_sg.security_group_id]

  endpoints = {
    planetscale = {
      service_name        = "com.amazonaws.vpce.us-east-2.vpce-svc-069f88c102c1a7fba" # us-east-2 endpoint retrieved from https://planetscale.com/docs/vitess/connecting/private-connections
      tags                = { Name = "planetscale-vpc-endpoint" }
      private_dns_enabled = true
      subnet_ids          = module.vpc.private_subnets
    }
  }
}