Description
Describe the feature
Currently, when creating Interface VPC Endpoints using the L2 construct ec2.InterfaceVpcEndpoint, there is no way to tag the automatically created Elastic Network Interfaces (ENIs).
While the Tags.of(endpoint).add() method allows tagging of the VPC endpoint itself, it does not propagate these tags to the ENIs. It would be extremely beneficial in adding native support for ENI tagging within the L2 construct, similar to how Auto Scaling Groups can propagate tags to EC2 instances.
Use Case
Many organizations have mandatory tagging policies enforced through SCPs that require all resources, including ENIs, to have specific tags for cost allocation, compliance, etc. Currently, users must resort to complex workarounds involving L1 constructs (CfnVPCEndpoint) and custom resources with Lambda functions to properly tag these ENIs.
Proposed Solution
// Simplified L2 construct with ENI tagging support
const endpoint = new ec2.InterfaceVpcEndpoint(stack, 'Endpoint', {
vpc,
service: ec2.InterfaceVpcEndpointAwsService.SECRETS_MANAGER,
tagOptions: {
propagateTagsToEni: true, // New property
eniTags: { // Optional additional ENI-specific tags
'resource-type': 'endpoint-eni'
}
}
});
Other Information
No response
Acknowledgements
- I may be able to implement this feature request
- This feature might incur a breaking change
AWS CDK Library version (aws-cdk-lib)
2.201.0
AWS CDK CLI version
2.1019.1
Environment details (OS name and version, etc.)
macOS Sequoia 15.5