Add VPCe for all aws services

[AndreKurait]

Description

Remove public communication from migration assistant services by removing VPC and declaring VPCe's for all services.

• Category: Enhancement
• Why these changes are required? Cost and Security requirements
• What is the old behavior before changes and new behavior after changes? Communication went through nat gateway

Issues Resolved

https://opensearch.atlassian.net/browse/MIGRATIONS-1969

Is this a backport? If so, please add backport PR # and/or commits #

Testing

Deployed and ran migration console commands in us-east-1 and us-gov-west-1

Check List

• New functionality includes testing
  • All tests pass, including unit test, integration test and doctest
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.16%. Comparing base (2107ccb) to head (a22728a).
Report is 9 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##               main    #1010   +/-   ##
=========================================
  Coverage     80.16%   80.16%           
  Complexity     2720     2720           
=========================================
  Files           370      370           
  Lines         13624    13624           
  Branches        938      938           
=========================================
  Hits          10922    10922           
  Misses         2131     2131           
  Partials        571      571           

Flag	Coverage Δ
gradle-test	78.17% <ø> (ø)
python-test	89.91% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[lewijacn]

What subnets get created with this? Previously was 2 public and 2 private. Would this now be only 2 isolated subnets?

[lewijacn]

I also expected this to be more of a breaking change but the Jenkins job passed...

[AndreKurait]

We still have 2 private and 2 public. The public are attached to an Internet Gateway that allows outside communication. The private do not have a NAT gateway so they are isolated within the VPC aside from the VPC Endpoints that connect into it

[lewijacn]

Ah I see, and wouldn't expect our Jenkins job to be affected since the elasticsearch ec2 CDK is creating the VPC