From a52c8dd3bc77ad306cba7938e0625322a5d52e19 Mon Sep 17 00:00:00 2001 From: Pierin Sako Date: Mon, 7 Feb 2022 14:07:24 +0100 Subject: [PATCH 1/5] feat: Adds ability to specifiy a custom destination route for NAT Gatateway --- main.tf | 2 +- variables.tf | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index fa8eb5db0..d33f9a41e 100644 --- a/main.tf +++ b/main.tf @@ -1043,7 +1043,7 @@ resource "aws_route" "private_nat_gateway" { count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0 route_table_id = element(aws_route_table.private[*].id, count.index) - destination_cidr_block = "0.0.0.0/0" + destination_cidr_block = var.private_nat_gateway_destination_route == null ? "0.0.0.0/0" : var.private_nat_gateway_destination_route nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index) timeouts { diff --git a/variables.tf b/variables.tf index f7bfd39aa..5fa6d5d68 100644 --- a/variables.tf +++ b/variables.tf @@ -298,6 +298,12 @@ variable "enable_nat_gateway" { default = false } +variable "private_nat_gateway_destination_route" { + description = "Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route." + type = string + default = null +} + variable "single_nat_gateway" { description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks" type = bool From 8ebf19888541cbd05e776d680def39c513bfe648 Mon Sep 17 00:00:00 2001 From: Pierin Sako Date: Mon, 7 Feb 2022 14:18:09 +0100 Subject: [PATCH 2/5] chore: Updates README.md file --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 97197c6ee..28acfb6b1 100644 --- a/README.md +++ b/README.md @@ -375,6 +375,7 @@ No modules. | [enable\_flow\_log](#input\_enable\_flow\_log) | Whether or not to enable VPC Flow Logs | `bool` | `false` | no | | [enable\_ipv6](#input\_enable\_ipv6) | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. | `bool` | `false` | no | | [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Should be true if you want to provision NAT Gateways for each of your private networks | `bool` | `false` | no | +| [private\_nat\_gateway\_destination\_route](#input\private\_nat\_gateway\_destination\_route) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route. | `string` | `null` | no | | [enable\_public\_redshift](#input\_enable\_public\_redshift) | Controls if redshift should have public routing table | `bool` | `false` | no | | [enable\_vpn\_gateway](#input\_enable\_vpn\_gateway) | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | `bool` | `false` | no | | [external\_nat\_ip\_ids](#input\_external\_nat\_ip\_ids) | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse\_nat\_ips) | `list(string)` | `[]` | no | From fe3b04c28776adff81ac5238f7fa31cb501249d6 Mon Sep 17 00:00:00 2001 From: piersf Date: Mon, 7 Feb 2022 14:50:38 +0100 Subject: [PATCH 3/5] refactor: Removes conditional approach for variable private_nat_gateway_destination_route --- README.md | 2 +- main.tf | 2 +- variables.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 28acfb6b1..13aaf92bd 100644 --- a/README.md +++ b/README.md @@ -375,7 +375,7 @@ No modules. | [enable\_flow\_log](#input\_enable\_flow\_log) | Whether or not to enable VPC Flow Logs | `bool` | `false` | no | | [enable\_ipv6](#input\_enable\_ipv6) | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. | `bool` | `false` | no | | [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Should be true if you want to provision NAT Gateways for each of your private networks | `bool` | `false` | no | -| [private\_nat\_gateway\_destination\_route](#input\private\_nat\_gateway\_destination\_route) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route. | `string` | `null` | no | +| [private\_nat\_gateway\_destination\_route](#input\private\_nat\_gateway\_destination\_route) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route. | `string` | `0.0.0.0/0` | no | | [enable\_public\_redshift](#input\_enable\_public\_redshift) | Controls if redshift should have public routing table | `bool` | `false` | no | | [enable\_vpn\_gateway](#input\_enable\_vpn\_gateway) | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | `bool` | `false` | no | | [external\_nat\_ip\_ids](#input\_external\_nat\_ip\_ids) | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse\_nat\_ips) | `list(string)` | `[]` | no | diff --git a/main.tf b/main.tf index d33f9a41e..547924710 100644 --- a/main.tf +++ b/main.tf @@ -1043,7 +1043,7 @@ resource "aws_route" "private_nat_gateway" { count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0 route_table_id = element(aws_route_table.private[*].id, count.index) - destination_cidr_block = var.private_nat_gateway_destination_route == null ? "0.0.0.0/0" : var.private_nat_gateway_destination_route + destination_cidr_block = var.private_nat_gateway_destination_route nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index) timeouts { diff --git a/variables.tf b/variables.tf index 5fa6d5d68..3bb939e82 100644 --- a/variables.tf +++ b/variables.tf @@ -301,7 +301,7 @@ variable "enable_nat_gateway" { variable "private_nat_gateway_destination_route" { description = "Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route." type = string - default = null + default = "0.0.0.0/0" } variable "single_nat_gateway" { From eb01793b39c9a0d5b9a46a48ae5c7a3931ea554d Mon Sep 17 00:00:00 2001 From: piersf Date: Mon, 7 Feb 2022 15:33:49 +0100 Subject: [PATCH 4/5] fix: Changes variable name according to suggestion --- README.md | 2 +- main.tf | 2 +- variables.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 13aaf92bd..d6749c966 100644 --- a/README.md +++ b/README.md @@ -375,7 +375,7 @@ No modules. | [enable\_flow\_log](#input\_enable\_flow\_log) | Whether or not to enable VPC Flow Logs | `bool` | `false` | no | | [enable\_ipv6](#input\_enable\_ipv6) | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. | `bool` | `false` | no | | [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Should be true if you want to provision NAT Gateways for each of your private networks | `bool` | `false` | no | -| [private\_nat\_gateway\_destination\_route](#input\private\_nat\_gateway\_destination\_route) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route. | `string` | `0.0.0.0/0` | no | +| [nat\_gateway\_destination\_cidr\_block](#input\_nat\_gateway\_destination\_cidr\_block) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route. | `string` | `0.0.0.0/0` | no | | [enable\_public\_redshift](#input\_enable\_public\_redshift) | Controls if redshift should have public routing table | `bool` | `false` | no | | [enable\_vpn\_gateway](#input\_enable\_vpn\_gateway) | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | `bool` | `false` | no | | [external\_nat\_ip\_ids](#input\_external\_nat\_ip\_ids) | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse\_nat\_ips) | `list(string)` | `[]` | no | diff --git a/main.tf b/main.tf index 547924710..e78fa08d3 100644 --- a/main.tf +++ b/main.tf @@ -1043,7 +1043,7 @@ resource "aws_route" "private_nat_gateway" { count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0 route_table_id = element(aws_route_table.private[*].id, count.index) - destination_cidr_block = var.private_nat_gateway_destination_route + destination_cidr_block = var.nat_gateway_destination_cidr_block nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index) timeouts { diff --git a/variables.tf b/variables.tf index 3bb939e82..8db62c258 100644 --- a/variables.tf +++ b/variables.tf @@ -298,7 +298,7 @@ variable "enable_nat_gateway" { default = false } -variable "private_nat_gateway_destination_route" { +variable "nat_gateway_destination_cidr_block" { description = "Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route." type = string default = "0.0.0.0/0" From 492126058e405be84161225f23cb1d68d003cb5f Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 7 Feb 2022 16:22:13 +0100 Subject: [PATCH 5/5] Fixed docs --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d6749c966..5a62fd400 100644 --- a/README.md +++ b/README.md @@ -375,7 +375,6 @@ No modules. | [enable\_flow\_log](#input\_enable\_flow\_log) | Whether or not to enable VPC Flow Logs | `bool` | `false` | no | | [enable\_ipv6](#input\_enable\_ipv6) | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. | `bool` | `false` | no | | [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Should be true if you want to provision NAT Gateways for each of your private networks | `bool` | `false` | no | -| [nat\_gateway\_destination\_cidr\_block](#input\_nat\_gateway\_destination\_cidr\_block) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route. | `string` | `0.0.0.0/0` | no | | [enable\_public\_redshift](#input\_enable\_public\_redshift) | Controls if redshift should have public routing table | `bool` | `false` | no | | [enable\_vpn\_gateway](#input\_enable\_vpn\_gateway) | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | `bool` | `false` | no | | [external\_nat\_ip\_ids](#input\_external\_nat\_ip\_ids) | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse\_nat\_ips) | `list(string)` | `[]` | no | @@ -411,6 +410,7 @@ No modules. | [map\_public\_ip\_on\_launch](#input\_map\_public\_ip\_on\_launch) | Should be false if you do not want to auto-assign public IP on launch | `bool` | `true` | no | | [name](#input\_name) | Name to be used on all the resources as identifier | `string` | `""` | no | | [nat\_eip\_tags](#input\_nat\_eip\_tags) | Additional tags for the NAT EIP | `map(string)` | `{}` | no | +| [nat\_gateway\_destination\_cidr\_block](#input\_nat\_gateway\_destination\_cidr\_block) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route. | `string` | `"0.0.0.0/0"` | no | | [nat\_gateway\_tags](#input\_nat\_gateway\_tags) | Additional tags for the NAT gateways | `map(string)` | `{}` | no | | [one\_nat\_gateway\_per\_az](#input\_one\_nat\_gateway\_per\_az) | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | `bool` | `false` | no | | [outpost\_acl\_tags](#input\_outpost\_acl\_tags) | Additional tags for the outpost subnets network ACL | `map(string)` | `{}` | no |