The Security Reference Architecture (SRA) implements typical security features as Terraform Templates that are deployed by most high-security organizations, and enforces controls for the largest risks that customers ask about most often.
Currently in the code we only have two AZs as a possibility (us-east-1a and us-east-1b), we should refactor to be able to support as many AZs are available in the region.
If folks want to reduce the number of idling NGWs in the corresponding public subnets, they can reduce the number of AZs. Since that will be inline with standard AWS best practices
https://github.com/databricks/terraform-databricks-sra/blob/8f1cf46c5a3afa3e525b02d092a8f40d7ea74cbc/aws/tf/sra.tf#L18C1-L18C100
Currently in the code we only have two AZs as a possibility (us-east-1a and us-east-1b), we should refactor to be able to support as many AZs are available in the region.
If folks want to reduce the number of idling NGWs in the corresponding public subnets, they can reduce the number of AZs. Since that will be inline with standard AWS best practices