modify stacker_blueprints to use vpc nat gateway instead of nat instances

[cyommer]

Since cloudformation and troposphere support nat gateways now, should they be used instead of nat instances? I'm working on trying to modify vpc.py to support that, but I keep doing something wrong, so I don't have a pull request ready yet. Is this a direction in which you are moving, or are you planning on sticking with nat instances?

Also, thanks for doing some great work with this and empire!

[phobologic]

I'm actually really excited to get nat gateways going - but with that big of a change, I would first want to test what the failure case would be when upgrading (ie: the nat gateways get created, then the nat instances get deleted, etc). Anyway, I'm definitely moving that way - just want to make sure it's safe for everyone. That may mean having a new class, or something else (maybe a Parameter?)

Any ideas would be appreciated! Thanks!

[cyommer]

@phobologic Yeah, I get that. I was able to modify vpc.py to create the nat gateways and everything, and it worked as I'd hoped - it created the new eip and nat gateway first, updated the routing table and then it tore down the old nat instances after everything completed properly. So it updated my stack with the only interruption being the changing of the route table, which was almost instantaneous.

So, a couple things to think about:

• Does there need to be support for both nat instances and nat gateways, even if for only backwards compatibility? I think I answered my own question there.
• What else needs to be tested for this? Unfortunately, I'm new to the whole empire/stacker thing, so I'm not 100% sure what can break.

I'm going to work on getting a parameterized version of that file going so that the switch to nat gateways isn't the default and won't happen automatically if you don't set use_nat_gateways = true (or something like that).

[phobologic]

Hey @cyommer - this was actually fixed back in April, so just getting around to cleaning things up. Not sure if you're still working on this, but if so please take a look at the update to the vpc blueprint. Thanks!