Assign aws_transfer_server with VPC endpoint_type to network load balancer

In our current setup we use a aws_transfer_server with endpoint_type VPC_ENDPOINT . The VPC endpoint is connected to a NLB. This looks like this:

resource "aws_vpc_endpoint" "vpc_endpoint" {
  vpc_id              = var.vpc_id
  vpc_endpoint_type   = "Interface"
  service_name        = "com.amazonaws.${var.region}.transfer.server"
  subnet_ids          = var.subnet_ids
  security_group_ids  = [aws_security_group.vpc_endpoint.id]
}

resource "aws_transfer_server" "sftp-server" {
  identity_provider_type = "SERVICE_MANAGED"
  endpoint_type          = "VPC_ENDPOINT"

 endpoint_details {
   vpc_endpoint_id = aws_vpc_endpoint.vpc_endpoint.id
 }
}

data "aws_network_interface" "endpoint_nic_0" {
  count = length(var.subnet_ids) > 0 ? 1 : 0
  id    = reverse(sort(aws_vpc_endpoint.vpc_endpoint.network_interface_ids))[0]
}

resource "aws_alb_target_group_attachment" "target_group_attachment_0" {
  count            = length(var.subnet_ids) > 0 ? 1 : 0
  target_group_arn = aws_lb_target_group.nlb_target_group[0].arn
  target_id        = data.aws_network_interface.endpoint_nic_0[0].private_ip
}

The target group is connected to the NLB.

Now I would like to move the aws_transfer_server to an endpoint_type VPC as recommended by AWS. For existing setups we would like to retain the NLB as the single point of access, though, because there is an IP whitelisting in place. I update the existing transfer_server as described below and make the vpc_endpoint creation conditional on the provided endpoint_type.

resource "aws_transfer_server" "sftp-server" {
  identity_provider_type = "SERVICE_MANAGED"
  logging_role           = aws_iam_role.logger.arn
  endpoint_type          = var.endpoint_type

  dynamic "endpoint_details" {
    for_each = var.endpoint_type == "VPC_ENDPOINT" ? [1] : []
    content {
      vpc_endpoint_id = aws_vpc_endpoint.vpc_endpoint[0].id
    }
  }

  dynamic "endpoint_details" {
    for_each = var.endpoint_type == "VPC" ? [1] : []
    content {
      subnet_ids = var.subnet_ids
      vpc_id = var.vpc_id
    }
  }
}

Is there any way I can either provide the intended private IP addresses to the aws_transfer_server by keeping the VPC endpoint or extract the private IP addresses of the aws_transfer_server after its creation to attach it to my target group? I considered the address_allocation_ids parameter in the endpoint_details , but did not find any examples or additional documentation on how to use them.

My goal is that the aws_transfer_server registers the private IP addresses at the target group that is used by my NLB.