Private NAT Gateway provisioning is not supported

ArcTheMaster commented 8 months ago

Is your request related to a new offering from AWS?

Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.

No 🛑: please wait to file a request until the functionality is avaialble in the AWS provider

Is your request related to a problem? Please describe.

This feature request is not related to a problem in a sense but more about supported feature inside _aws_natgateway resource by design.

In fact this resource is called by the vpc module but the connectivity type cannot be specified. Because of that private NAT and private NAT with secondary private IP addresses are both not available via vpc module. Here are two unsupported code examples:

private NAT

resource "aws_nat_gateway" "example" {
  connectivity_type = "private"
  subnet_id         = aws_subnet.example.id
}

private NAT with secondary private IP addresses

resource "aws_nat_gateway" "example" {
  connectivity_type                  = "private"
  subnet_id                          = aws_subnet.example.id
  secondary_private_ip_address_count = 7
}

Doing so will prevent creating a public NAT gateway. Also, this feature might support one_nat_gateway_per_azand single_nat_gatewayparameters.

Describe the solution you'd like.

In order to support such feature, I propose something like the following:

create a new input for vpc module

private_nat_gateway bool Description: Should be true if you want the NAT gateway to be private or not. It sets the connectivity_type value to private if set to true Default: false

create a new output for vpc module

code example using vpc module

module "vpc" {
source  = "terraform-aws-modules/vpc/aws"
version = "5.2.0"

azs  = ["us-east-1a"]
cidr = "10.0.0.0/26"

enable_nat_gateway = true

name = "my_vpc"

single_nat_gateway          = true
one_nat_gateway_per_az = false
private_nat_gateway        = true

tags = {}
}

Describe alternatives you've considered.

No other way of doing the feature has been considered.

Additional context

Preventing the build of a own maintained vpc module that offers this feature or getting obligated to create a public NAT gateway using the public vpc module but with a private NAT resource creation done aside.

ArcTheMaster commented 8 months ago

Hello, Are there any updates on this one ? Thanks.

github-actions[bot] commented 7 months ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] commented 6 months ago

This issue was automatically closed because of stale in 10 days

github-actions[bot] commented 5 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

terraform-aws-modules / terraform-aws-vpc