search

terraform-aws-modules / terraform-aws-vpc

Terraform module to create AWS VPC resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws
Apache License 2.0
2.96k stars 4.41k forks source link

Support for Private NAT Gateways #907

Closed bcarpio closed 1 year ago

bcarpio commented 1 year ago

AWS now supports AWS Private Gateways . This feature is supported in terraform in the following AWS Provider

Is your request related to a problem? Please describe.

Many companies define private_subnets with corporate IP space and attach them to a transit gateway. However some accounts have large autoscaling ecosystems and it does not make sense to eat up corporate IP space for ECS tasks, EC2 instances, etc.. so they create non-routable IP space and use a private NAT gateway so 100s of hosts only eat up a single IP on the corporate network as described in the URL referenced above.

Describe the solution you'd like.

For our internal use I forked this repo and created a new subnet type and called it vpc_private_subnets. I just made that up out of thin air. But these subnets can then attach NAT Gateways with the connectivity_type set to private and the Private NAT Gateway's subnet_id set to the subnet_id of a private_subnet in the same AZ.

I'd like to submit this as a PR for review. I can rename vpc_private to something more reasonable just let me know if this is even something this project wants to consider supporting.

Example from README.md

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = "my-vpc"
  cidr = "10.0.0.0/16"
  secondary_cidr_blocks = ["100.64.0.0/16"]

  azs                 = ["us-west-1a", "us-west-1b", "us-west-1c"]
  private_subnets     = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  public_subnets      = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
  vpc_private_subnets = ["100.64.0.0/24", "100.64.1.0/24", "100.64.2.0/24"]

  enable_nat_gateway = true
  enable_vpn_gateway = true

  enable_vpc_private_nat_gateway = true
  single_vpc_private_nat_gateway = false

  public_subnet_tags = {
    Name = "Public Subnets VPC Module"
  }

  private_subnet_tags = {
    Name = "Private Subnets VPC Module"
  }

  vpc_private_subnet_tags = {
    Name = "VPC Private VPC Module"
  }

  tags = {
    Terraform = "true"
    Environment = "dev"
  }
}
JCW-USDA commented 1 year ago

Ability to use the connectivity_type parameter would be wonderful. Also, to ability to set the Internet Gateway creation to false.

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] commented 1 year ago

This issue was automatically closed because of stale in 10 days

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.