docs: Allow statement to example VPC endpoint policy and switch S3 endpoint to type 'Gateway'

Alex Hewson · Alex Hewson · commit 420920fd5130 · 2025-06-09T10:45:41.000+01:00
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,30 +1,6 @@
 repos:
-  - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.99.0
-    hooks:
-      - id: terraform_fmt
-      - id: terraform_docs
-        args:
-          - '--args=--lockfile=false'
-      - id: terraform_tflint
-        args:
-          - '--args=--only=terraform_deprecated_interpolation'
-          - '--args=--only=terraform_deprecated_index'
-          - '--args=--only=terraform_unused_declarations'
-          - '--args=--only=terraform_comment_syntax'
-          - '--args=--only=terraform_documented_outputs'
-          - '--args=--only=terraform_documented_variables'
-          - '--args=--only=terraform_typed_variables'
-          - '--args=--only=terraform_module_pinned_source'
-          - '--args=--only=terraform_naming_convention'
-          - '--args=--only=terraform_required_version'
-          - '--args=--only=terraform_required_providers'
-          - '--args=--only=terraform_standard_module_structure'
-          - '--args=--only=terraform_workspace_remote'
-      - id: terraform_validate
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
-    hooks:
-      - id: check-merge-conflict
-      - id: end-of-file-fixer
-      - id: trailing-whitespace
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.99.3
+  hooks:
+    - id: terraform_fmt
+    - id: terraform_docs
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -106,10 +106,9 @@ module "vpc_endpoints" {
     s3 = {
       service             = "s3"
       private_dns_enabled = true
-      dns_options = {
-        private_dns_only_for_inbound_resolver_endpoint = false
-      }
-      tags = { Name = "s3-vpc-endpoint" }
+      type                = "Gateway"
+      route_table_ids     = flatten([module.vpc.intra_route_table_ids, module.vpc.private_route_table_ids, module.vpc.public_route_table_ids])
+      tags                = { Name = "s3-vpc-endpoint" }
     },
     dynamodb = {
       service         = "dynamodb"
@@ -210,6 +209,17 @@ data "aws_iam_policy_document" "generic_endpoint_policy" {
       values = [module.vpc.vpc_id]
     }
   }
+
+  statement {
+    effect    = "Allow"
+    actions   = ["*"]
+    resources = ["*"]
+
+    principals {
+      type        = "*"
+      identifiers = ["*"]
+    }
+  }
 }
 
 resource "aws_security_group" "rds" {
