#!/bin/bashset -euo pipefail# VariablesAWS_ACCOUNT_ID="339712817747"VP

1. #!/bin/bash
2. set -euo pipefail
3.  
4. # Variables
5. AWS_ACCOUNT_ID="339712817747"
6. VPC_ID="vpc-08d3efd68534a97a4"
7. SUBNET_ID="subnet-0dad3c15fcdf97d3b"
8. REGION="eu-west-2"
9. S3_SERVICE_NAME="com.amazonaws.$REGION.s3"
10.  
11. # Function to get Route Table ID associated with the Subnet
12. get_route_table_id() {
13. aws ec2 describe-route-tables --filters "Name=association.subnet-id,Values=$SUBNET_ID" --query "RouteTables[0].RouteTableId" --output text
14. }
15.  
16. # Function to get the Security Group ID associated with the VPC Endpoint
17. get_security_group_id() {
18. aws ec2 describe-security-groups --filters "Name=vpc-id,Values=$VPC_ID" --query "SecurityGroups[0].GroupId" --output text
19. }
20.  
21. # Function to get VPC Endpoint ID for S3
22. get_vpc_endpoint_id() {
23. aws ec2 describe-vpc-endpoints --filters "Name=vpc-id,Values=$VPC_ID" "Name=service-name,Values=$S3_SERVICE_NAME" --query "VpcEndpoints[0].VpcEndpointId" --output text
24. }
25.  
26. # Function to create an S3 VPC Endpoint if it doesn't exist
27. create_s3_vpc_endpoint() {
28. echo "Creating S3 VPC Endpoint..."
29. aws ec2 create-vpc-endpoint --vpc-id $VPC_ID --service-name $S3_SERVICE_NAME --route-table-ids $ROUTE_TABLE_ID --region $REGION --query "VpcEndpoint.VpcEndpointId" --output text
30. }
31.  
32. # Function to check and add route to the Route Table if it doesn't exist
33. add_route_to_s3_endpoint() {
34. echo "Adding route to S3 Endpoint in Route Table..."
35. aws ec2 create-route --route-table-id $ROUTE_TABLE_ID --destination-prefix-list-id $PREFIX_LIST_ID --vpc-endpoint-id $VPC_ENDPOINT_ID --output json
36. }
37.  
38. # Function to check and add Security Group rules if they don't exist
39. add_security_group_rules() {
40. echo "Adding Security Group rules..."
41. aws ec2 authorize-security-group-ingress --group-id $SECURITY_GROUP_ID --protocol tcp --port 443 --cidr 0.0.0.0/0 --output json || echo "Ingress rule already exists or failed to add."
42. aws ec2 authorize-security-group-egress --group-id $SECURITY_GROUP_ID --protocol tcp --port 443 --cidr 0.0.0.0/0 --output json || echo "Egress rule already exists or failed to add."
43. }
44.  
45. # Get Route Table ID
46. ROUTE_TABLE_ID=$(get_route_table_id)
47. if [[ -z "$ROUTE_TABLE_ID" ]]; then
48. echo "No Route Table associated with Subnet $SUBNET_ID found."
49. exit 1
50. fi
51. echo "Route Table ID: $ROUTE_TABLE_ID"
52.  
53. # Get Security Group ID
54. SECURITY_GROUP_ID=$(get_security_group_id)
55. if [[ -z "$SECURITY_GROUP_ID" ]]; then
56. echo "No Security Group found in VPC $VPC_ID."
57. exit 1
58. fi
59. echo "Security Group ID: $SECURITY_GROUP_ID"
60.  
61. # Get VPC Endpoint ID
62. VPC_ENDPOINT_ID=$(get_vpc_endpoint_id)
63. if [[ -z "$VPC_ENDPOINT_ID" ]]; then
64. VPC_ENDPOINT_ID=$(create_s3_vpc_endpoint)
65. else
66. echo "S3 VPC Endpoint already exists: $VPC_ENDPOINT_ID"
67. fi
68.  
69. # Get Prefix List ID for S3
70. PREFIX_LIST_ID=$(aws ec2 describe-managed-prefix-lists --query "PrefixLists[?PrefixListName=='com.amazonaws.$REGION.s3'].PrefixListId" --output text)
71. if [[ -z "$PREFIX_LIST_ID" ]]; then
72. echo "Prefix List ID for S3 not found."
73. exit 1
74. fi
75.  
76. # Check and add route to S3 Endpoint
77. ROUTE_EXISTS=$(aws ec2 describe-route-tables --route-table-ids $ROUTE_TABLE_ID --query "RouteTables[0].Routes[?DestinationPrefixListId=='$PREFIX_LIST_ID'].DestinationPrefixListId" --output text)
78. if [[ -z "$ROUTE_EXISTS" ]]; then
79. add_route_to_s3_endpoint
80. else
81. echo "Route to S3 Endpoint already exists in Route Table."
82. fi
83.  
84. # Add Security Group rules
85. add_security_group_rules
86.  
87. echo "Configuration completed."
88.