d/vpc_endpoint_service: support cross-region endpoint services

[jscaltreto]

Description

This PR adds support for cross-region VPC endpoint services in the aws_vpc_endpoint_service data source. A new argument, service_regions is added, corresponding to the ServiceRegion.N request parameter. Additionally, the region attribute is added (populated from the API response) as it can no longer be assumed that returned services are in the same region as the provider.

Relations

Closes #40792.
Relates #40583.
Relates #40346.

References

DescribeVpcEndpointServices Documentation

Output from Acceptance Testing

% make testacc TESTS=TestAccVPCEndpointServiceDataSource PKG=ec2

make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.3 test ./internal/service/ec2/... -v -count 1 -parallel 5 -run='TestAccVPCEndpointServiceDataSource'  -timeout 360m
2025/01/06 20:18:38 Initializing Terraform AWS Provider...
=== RUN   TestAccVPCEndpointServiceDataSource_ServiceType_gateway
=== PAUSE TestAccVPCEndpointServiceDataSource_ServiceType_gateway
=== RUN   TestAccVPCEndpointServiceDataSource_ServiceType_interface
=== PAUSE TestAccVPCEndpointServiceDataSource_ServiceType_interface
=== RUN   TestAccVPCEndpointServiceDataSource_custom
=== PAUSE TestAccVPCEndpointServiceDataSource_custom
=== RUN   TestAccVPCEndpointServiceDataSource_Custom_filter
=== PAUSE TestAccVPCEndpointServiceDataSource_Custom_filter
=== RUN   TestAccVPCEndpointServiceDataSource_CustomFilter_tags
=== PAUSE TestAccVPCEndpointServiceDataSource_CustomFilter_tags
=== RUN   TestAccVPCEndpointServiceDataSource_Custom_crossRegion
=== PAUSE TestAccVPCEndpointServiceDataSource_Custom_crossRegion
=== CONT  TestAccVPCEndpointServiceDataSource_ServiceType_gateway
=== CONT  TestAccVPCEndpointServiceDataSource_Custom_filter
=== CONT  TestAccVPCEndpointServiceDataSource_custom
=== CONT  TestAccVPCEndpointServiceDataSource_ServiceType_interface
=== CONT  TestAccVPCEndpointServiceDataSource_Custom_crossRegion
--- PASS: TestAccVPCEndpointServiceDataSource_ServiceType_interface (7.41s)
=== CONT  TestAccVPCEndpointServiceDataSource_CustomFilter_tags
--- PASS: TestAccVPCEndpointServiceDataSource_ServiceType_gateway (7.41s)
--- PASS: TestAccVPCEndpointServiceDataSource_custom (192.78s)
--- PASS: TestAccVPCEndpointServiceDataSource_Custom_filter (195.96s)
--- PASS: TestAccVPCEndpointServiceDataSource_CustomFilter_tags (195.44s)
--- PASS: TestAccVPCEndpointServiceDataSource_Custom_crossRegion (211.09s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/ec2        215.649s

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[github-actions]

Welcome @jscaltreto 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTOR guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

[ewbankkit]

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccVPCEndpointServiceDataSource_' PKG=ec2 ACCTEST_PARALLELISM=3
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.3 test ./internal/service/ec2/... -v -count 1 -parallel 3  -run=TestAccVPCEndpointServiceDataSource_ -timeout 360m
2025/01/07 10:54:16 Initializing Terraform AWS Provider...
=== RUN   TestAccVPCEndpointServiceDataSource_ServiceType_gateway
=== PAUSE TestAccVPCEndpointServiceDataSource_ServiceType_gateway
=== RUN   TestAccVPCEndpointServiceDataSource_ServiceType_interface
=== PAUSE TestAccVPCEndpointServiceDataSource_ServiceType_interface
=== RUN   TestAccVPCEndpointServiceDataSource_custom
=== PAUSE TestAccVPCEndpointServiceDataSource_custom
=== RUN   TestAccVPCEndpointServiceDataSource_Custom_filter
=== PAUSE TestAccVPCEndpointServiceDataSource_Custom_filter
=== RUN   TestAccVPCEndpointServiceDataSource_CustomFilter_tags
=== PAUSE TestAccVPCEndpointServiceDataSource_CustomFilter_tags
=== RUN   TestAccVPCEndpointServiceDataSource_Custom_crossRegion
=== PAUSE TestAccVPCEndpointServiceDataSource_Custom_crossRegion
=== CONT  TestAccVPCEndpointServiceDataSource_ServiceType_gateway
=== CONT  TestAccVPCEndpointServiceDataSource_Custom_filter
=== CONT  TestAccVPCEndpointServiceDataSource_custom
--- PASS: TestAccVPCEndpointServiceDataSource_ServiceType_gateway (9.02s)
=== CONT  TestAccVPCEndpointServiceDataSource_Custom_crossRegion
--- PASS: TestAccVPCEndpointServiceDataSource_Custom_filter (228.12s)
=== CONT  TestAccVPCEndpointServiceDataSource_CustomFilter_tags
--- PASS: TestAccVPCEndpointServiceDataSource_custom (250.39s)
=== CONT  TestAccVPCEndpointServiceDataSource_ServiceType_interface
--- PASS: TestAccVPCEndpointServiceDataSource_ServiceType_interface (8.27s)
--- PASS: TestAccVPCEndpointServiceDataSource_Custom_crossRegion (325.91s)
--- PASS: TestAccVPCEndpointServiceDataSource_CustomFilter_tags (238.87s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	472.456s

[ewbankkit]

@jscaltreto Thanks for the contribution 🎉 👏.

[github-actions]

This functionality has been released in v5.83.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[aaleksandrov]

I updated the provider to 5.83.0 and specified service_regions but getting a validation error

│ Error: Unsupported argument
│ 
│   on modules/private-link/main.tf line 202, in resource "aws_vpc_endpoint_service" "vpc_endpoint_service":
│  202:   service_regions            = ["eu-west-1"]
│ 
│ An argument named "service_regions" is not expected here.

Full resource code

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.83.0"

      configuration_aliases = [
        aws
      ]
    }
  }
}


resource "aws_vpc_endpoint_service" "vpc_endpoint_service" {
  acceptance_required        = false
  network_load_balancer_arns = [aws_lb.nlb[0].arn]
  allowed_principals         = lookup(local.allowed_principals, var.environment, [])
  private_dns_name           = local.private_dns_name
  service_regions            = ["eu-west-1"]

  tags = {
    Name = "${var.region_short_code}.private.${var.api_domain}"
  }
}

TF version is 1.6.5 if it matters

[aaleksandrov]

@jscaltreto Am I doing something wrong? Or it's some bug in the code?

[aaleksandrov]

I feel like the issue is that it's actually called supported_regions in the actual resource 21da8a7#diff-ccc1fcb04907a24915edca8b56a95f9843cbb8ba37c9c28aaace129ee71c97f0R141-R148

[jscaltreto]

@aaleksandrov I think you're mixing up the vpc_endpoint_service resource and data source. This PR pertains to the data source which supports service_regions. In your example above you're using the resource, in which case you should use supported_regions.