-
Notifications
You must be signed in to change notification settings - Fork 1
/
nat_gateways.tf
72 lines (58 loc) · 1.88 KB
/
nat_gateways.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
###
# EIP to control NAT IPs on Internet
##
resource "aws_eip" "nat" {
count = "${length(data.aws_availability_zones.available.names)}"
}
###
# HA AWS NAT Gateway (expensive but HA ideal for production workload).
##
resource "aws_nat_gateway" "nat" {
count = "${var.price_saving_enabled == "1" ? 0 : length(data.aws_availability_zones.available.names)}"
allocation_id = "${element(aws_eip.nat.*.id, count.index)}"
subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
}
###
# Simple tiny EC2 instances to NAT internet access (not HA but cheap to test).
##
data "aws_ami" "nat" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = ["amzn-ami-vpc-nat-hvm-*"]
}
}
resource "aws_instance" "nat" {
count = "${var.price_saving_enabled == "1" ? length(data.aws_availability_zones.available.names) : 0}"
instance_type = "t3.nano"
ami = "${data.aws_ami.nat.id}"
vpc_security_group_ids = ["${aws_security_group.nat.id}"]
subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
source_dest_check = false
tags {
Name = "${var.name_prefix}nat-${element(data.aws_availability_zones.available.names, count.index)}"
}
}
resource "aws_eip_association" "nat" {
count = "${var.price_saving_enabled == "1" ? length(data.aws_availability_zones.available.names) : 0}"
instance_id = "${element(aws_instance.nat.*.id, count.index)}"
allocation_id = "${element(aws_eip.nat.*.id, count.index)}"
}
resource "aws_security_group" "nat" {
count = "${var.price_saving_enabled == "1" ? 1 : 0}"
name_prefix = "${var.name_prefix}nat-"
vpc_id = "${aws_vpc.v.id}"
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["${aws_subnet.private.*.cidr_block}"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}