Search code examples
amazon-web-servicesterraformterraform-provider-awsterraform-template-file

Terraform aws vpc module NATGW configuration

This might be confusing for maintenance later. How would toggle the 3 different states (or 4 states including off)

  • NATGW disabled
  • single NATGW
  • 1 NATGW per subnet
  • 1 NATGW per AZ
variable "enable_nat_gateway" {
  description = "Should be true if you want to provision NAT Gateways for each of your private networks"
  default     = false
  type        = bool
}

variable "single_nat_gateway" {
  description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks"
  default     = true
  type        = bool
}

variable "one_nat_gateway_per_az" {
  description = "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`."
  type        = bool
  default     = false
}

module "vpc" {
  source                 = "terraform-aws-modules/vpc/aws"
  name                   = var.vpc_name
  cidr                   = var.vpc_cidr
  # azs                    = slice(data.aws_availability_zones.available.names, 0, local.selected_azs)
  azs                    = slice(data.aws_availability_zones.available.names, 0, local.selected_azs)
  private_subnets        = var.ath_private_subnet_block
  public_subnets         = var.ath_public_subnet_block
  enable_nat_gateway     = var.enable_nat_gateway
  single_nat_gateway     = var.single_nat_gateway
  one_nat_gateway_per_az = var.one_nat_gateway_per_az
}


resource "aws_eip" "nat" {
  vpc = true
}

How can configure between the 4 modes using a single variable:

  • NATGW disabled
  • single NATGW
  • 1 NATGW per subnet
  • 1 NATGW per AZ
Solution

  • I would hide all details of the states in the local variable, and create only one variable called natgw_configuration that is the input of your script:

    variable "natgw_configuration" {
  type = string
  default = "NATGW_disabled"
}


locals {

  # example values of the paramters. You have to setup
  # correct values of each state you want
  natgw_states = {
    "NATGW_disabled" = {
      enable_nat_gateway = true
      single_nat_gateway = false
      one_nat_gateway_per_az = false      
    }
    "single_NATGW" = {
      enable_nat_gateway = false
      single_nat_gateway = false
      one_nat_gateway_per_az = false      
    }
    "1_NATGW_per_subnet" = {
      enable_nat_gateway = false
      single_nat_gateway = true
      one_nat_gateway_per_az = false      
    }
    "1_NATGW_per_AZ" = {
      enable_nat_gateway = false
      single_nat_gateway = true
      one_nat_gateway_per_az = true      
    }      
  }
}

    then you use it as follows:

    module "vpc" {
  source                 = "terraform-aws-modules/vpc/aws"
  #...
  enable_nat_gateway     = local.natgw_states[var.natgw_configuration].enable_nat_gateway
  single_nat_gateway     = local.natgw_states[var.natgw_configuration].single_nat_gateway
  one_nat_gateway_per_az = local.natgw_states[var.natgw_configuration].one_nat_gateway_per_az
}