Ability to Create a VPC with no internet gateway or public subnets

[prmarino1m]

In some cases especially in high security environment it may be necessary to create VPC which have no internet access. Particularly this is for things like RDS and other types of databases. Many of these services do not actually need any internet access or even access the the Amazon API's to operate. In a high security environment the ideal scenario is to have them in their own dedicated accounts and use either VPC peering, Transit gateway or one of several other methods to access them. The reason for this is it makes the configuration immutable by resources in the account using them also in the case of databases like PostgreSQL or Oracle it will prevent malicious procedural code from being able to export data out of the account.

For this reason it would be very helpful to be able to create VPC's that have RDS, ElastiCache, and or Redshift subnets but no NAT gateways or even internet gateways.

[matt-empson]

Have you tried setting create_igw = false and enable_nat_gateway = false? I think this should do what you need.

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[github-actions[bot]]

This issue was automatically closed because of stale in 10 days

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.