Closed nitrocode closed 2 years ago
Nuru
commented
2 years ago NAT Instances are deprecated and do not support NAT64. I am therefore not inclined to add additional support for them.
How would a launch template solve this problem, anyway? The AMIs would still drift and you would still need to re-apply the module to update the AMIs.
Nuru
commented
2 years ago Also, NAT Instances require EIPs, which are not compatible with ASGs.
nitrocode
commented
2 years ago NAT Instances are deprecated and do not support NAT64. I am therefore not inclined to add additional support for them.
We use them for customers that want to reduce cost. For instance, cplive.
How would a launch template solve this problem, anyway? The AMIs would still drift and you would still need to re-apply the module to update the AMIs.
When a launch template updates an AMI, it doesn't cause destruction of the ec2 instances. The ec2 instances can be rotated via instance refresh.
Also, NAT Instances require EIPs, which are not compatible with ASGs.
Interesting. I did not know that EIPs are incompatible with ASGs.
It does seem like there could be a hacky solution but probably not worth the effort at the moment.
nitrocode
commented
2 years ago Actually, this has been done with another module. I think this is worth re-opening for future thoughts.
https://github.com/int128/terraform-aws-nat-instance
https://github.com/int128/terraform-aws-nat-instance/blob/master/runonce.sh
Nuru
commented
2 years ago Actually, this has been done with another module.
If you want to create NAT instances with this other module, you are free to do so, and it is easy to create routes to it and use it instead of any NAT instance or gateway created by this module.
The only reason to create NAT Instances instead of using NAT Gateways is to save money, currently on the order of $20/month. It is not worth our time and effort to further enhance and support the NAT instances beyond what this module already supports.
Our recommended cost-saving solution going forward is to use a single NAT Gateway rather than one per region. For a typical installation of 3 regions, that is approximately budget neutral (one NAT Gateway costs about the same as 3 t3.micro NAT instances).
Have a question? Please checkout our Slack Community or visit our Slack Archive.
Describe the Feature
Every month or so a new AMI is released which causes this module to show drift, as expected. The NAT instances will need to be recreated using the new AMI.
If the NAT instances were created using an auto scaling group with a launch template, then the launch template would contain the new image id, the asg could be rotated periodically, and there would be zero downtime.
Currently the vpc component uses this module so this affects current clients who opt to use a nat instance for cost savings over using a nat gateway.