diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml
index bfe489e..cacf9a8 100644
--- a/.github/workflows/pullrequest.yml
+++ b/.github/workflows/pullrequest.yml
@@ -18,7 +18,7 @@ jobs:
           ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup TFLint
-        uses: terraform-linters/setup-tflint@v2
+        uses: terraform-linters/setup-tflint@v3
 
       - name: Init TFLint
         run: tflint --init
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index 069087a..aaaa1f7 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -2,24 +2,24 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.terraform.io/hashicorp/aws" {
-  version     = "4.39.0"
+  version     = "4.40.0"
   constraints = "~> 4.0"
   hashes = [
-    "h1:5jIAzI33opxKT6TFoAP/UVvRKvtpDe7Dsaw20go3U7w=",
-    "zh:08e3d453bbeaccda3f4ab7ae45f81d515ab49a765ce2d43f060842bb2e653846",
-    "zh:238a460231e9e6ca786b2cb2088a98edfc48f0e36c433edd7d65a250980f7566",
-    "zh:4d5663c2cf521e91caddd5508b13759110bc21b2e9543ff6a9f8cf8d02af1aeb",
-    "zh:5b397e46aac6db155b4b9162ac168010473d6309ae363301f0335184c1f50be6",
-    "zh:7178536cfebc6423336798aead72fe774f4d8118ae19ffe6a6a1108fe60608d7",
-    "zh:867c5269cea2fe15f7ea837507ad0fe97e8913be4348868b284c12217d689457",
-    "zh:88db4bb188f68011cb05eefb3ea7e5741da1d9acdb3c7bd517e715dfc8c0cfc3",
-    "zh:95b4da4bdbb2eb02333e52c2ced0c5f133d854f730e3744c0c239268c21feee6",
+    "h1:wZ0mPxigFhz6C+0YUzI5vecGwya1PqlCGTSr6giqjvg=",
+    "zh:04ca7287b7f5a2a310b60308cc08df11e97714d32d1a10c34a94454d330af66e",
+    "zh:13c28ba9b324c526580783a3807007a296ce58c607c7bdc94ae2bb72b35b6495",
+    "zh:2c84dbc0701b9724802f7343f916f50b6914a044dfbfc6654f264c9347f02dac",
+    "zh:33255a22e1d1ecec2ad8ccfec1e4a54dc33a8d71f3edad098c25d822958a138b",
+    "zh:4583b5e92b8de3662c8d8ff8a6527572ec23ad8c64dd686ff9dd528bc6934a4f",
+    "zh:4a9f502c0b8abe45abda846e0601f8d8ef582e62e0b92cb747b4200a711ba739",
+    "zh:558959e19935ec5e7f0647e900fc8561f4961a377be0178496a6495805136721",
+    "zh:6b3dc4b034d34885db620d73c75d3bb9abeee539e61ca9d0670fb995353e165d",
+    "zh:72f0dac5dbba355bce88599ded2baabc7d109ee786b89c6648ae720cb00a4bbf",
+    "zh:77981b87e2bcbb278402e8ff863d5e50aafbdc03629d7a57273c06989884a22f",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:9bbe67eaa03bfb293913431b39879385e42473bdb61be842fd78b3c89333f1ba",
-    "zh:a06b9b5fbe8c84a0da431a22d9dd583143406846c1d8febe06f62fc89aeccd1d",
-    "zh:cb925338b164e916f289e717f8ecaacf5fd5df56790ec6296158e76d6131b914",
-    "zh:d9dbf68b0defc220085eda1348f439f724ce83a0636bec18dc83aa73fe2385d5",
-    "zh:eb59e6234e73bd0d48fe372201155802c9b920711a1da078e5b07508271312ee",
-    "zh:f68b2685ee86bcf314d74a20e97b5cbe0c63741827143f7a4ba7ec56555329dc",
+    "zh:c5b4dd61558a4887a23847d23cd3b41a97ad03a9f3624d0687cb5461fee514b0",
+    "zh:c8949bc6600ec10ea5c0abdd4c1ffee8f82519c0cda8cc7a651e6258960e6249",
+    "zh:d1c88ab98f126d65cd0c7b6c9e1d06d59e766217ae374d5a908052817e3692a3",
+    "zh:ff2e921440bcbfd440ef84f5127ba881c930b2b70773e725de35c0fa3baddc4b",
   ]
 }
diff --git a/README.md b/README.md
index 5385ba6..0113b83 100644
--- a/README.md
+++ b/README.md
@@ -103,7 +103,7 @@ resource "aws_s3_bucket_public_access_block" "mwaa" {
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.39.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.40.0 |
 
 ## Modules
 
@@ -116,6 +116,7 @@ No modules.
 | [aws_eip.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
 | [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
+| [aws_internet_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource |
 | [aws_mwaa_environment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mwaa_environment) | resource |
 | [aws_nat_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway) | resource |
 | [aws_route_table.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
@@ -144,7 +145,7 @@ No modules.
 | <a name="input_dag_s3_path"></a> [dag\_s3\_path](#input\_dag\_s3\_path) | Relative path of the dags folder within the source bucket | `string` | `"dags/"` | no |
 | <a name="input_environment_class"></a> [environment\_class](#input\_environment\_class) | n/a | `string` | `"mw1.small"` | no |
 | <a name="input_environment_name"></a> [environment\_name](#input\_environment\_name) | Name of the MWAA environment | `string` | n/a | yes |
-| <a name="input_internet_gateway_id"></a> [internet\_gateway\_id](#input\_internet\_gateway\_id) | ID of the internet gateway to the VPC | `string` | n/a | yes |
+| <a name="input_internet_gateway_id"></a> [internet\_gateway\_id](#input\_internet\_gateway\_id) | ID of the internet gateway to the VPC, if not set and create\_networking\_config = true an internet gateway will be created | `string` | `null` | no |
 | <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | KMS CMK ARN to use by MWAA for data encryption. MUST reference the same KMS key as used by S3 bucket specified by source\_bucket\_arn, if the bucket uses KMS. If not specified, the default AWS owned key for MWAA will be used for backward compatibility with version 1.0.1 of this module. | `string` | `null` | no |
 | <a name="input_max_workers"></a> [max\_workers](#input\_max\_workers) | numeric string, min 1 | `string` | `"10"` | no |
 | <a name="input_min_workers"></a> [min\_workers](#input\_min\_workers) | numeric string, min 1 | `string` | `"1"` | no |
diff --git a/variables.tf b/variables.tf
index c90a3e8..9b8693d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -59,8 +59,9 @@ variable "vpc_id" {
   type        = string
 }
 variable "internet_gateway_id" {
-  description = "ID of the internet gateway to the VPC"
+  description = "ID of the internet gateway to the VPC, if not set and create_networking_config = true an internet gateway will be created"
   type        = string
+  default     = null
 }
 variable "create_networking_config" {
   description = "true if networking resources (subnets, eip, NAT gateway and route table) should be created."
diff --git a/vpc.tf b/vpc.tf
index bd46933..101525d 100644
--- a/vpc.tf
+++ b/vpc.tf
@@ -1,55 +1,56 @@
-/*
-This module deploys a VPC, with a pair of public and private subnets spread
-across two Availability Zones. It deploys an internet gateway, with a default
-route on the public subnets. It deploys a pair of NAT gateways (one in each
-AZ), and default routes for them in the private subnets.
-*/
-
 resource "aws_subnet" "public" {
-  count = var.create_networking_config ? length(var.public_subnet_cidrs): 0
-  cidr_block = var.public_subnet_cidrs[count.index]
-  vpc_id = var.vpc_id
+  count                   = var.create_networking_config ? length(var.public_subnet_cidrs) : 0
+  cidr_block              = var.public_subnet_cidrs[count.index]
+  vpc_id                  = var.vpc_id
   map_public_ip_on_launch = true
-  availability_zone = count.index % 2 == 0 ? "${var.region}a" : "${var.region}b"
-  tags = merge({
+  availability_zone       = count.index % 2 == 0 ? "${var.region}a" : "${var.region}b"
+  tags                    = merge({
     Name = "mwaa-${var.environment_name}-public-subnet-${count.index}"
   }, var.tags)
 }
 
 resource "aws_subnet" "private" {
-  count = var.create_networking_config ? length(var.private_subnet_cidrs): 0
-  cidr_block = var.private_subnet_cidrs[count.index]
-  vpc_id = var.vpc_id
+  count                   = var.create_networking_config ? length(var.private_subnet_cidrs) : 0
+  cidr_block              = var.private_subnet_cidrs[count.index]
+  vpc_id                  = var.vpc_id
   map_public_ip_on_launch = false
-  availability_zone = count.index % 2 == 0 ? "${var.region}a" : "${var.region}b"
-  tags = merge({
+  availability_zone       = count.index % 2 == 0 ? "${var.region}a" : "${var.region}b"
+  tags                    = merge({
     Name = "mwaa-${var.environment_name}-private-subnet-${count.index}"
   }, var.tags)
 }
 
 resource "aws_eip" "this" {
-  count = var.create_networking_config ? length(var.public_subnet_cidrs): 0
-  vpc = true
-  tags = merge({
+  count = var.create_networking_config ? length(var.public_subnet_cidrs) : 0
+  vpc   = true
+  tags  = merge({
     Name = "mwaa-${var.environment_name}-eip-${count.index}"
   }, var.tags)
 }
 
 resource "aws_nat_gateway" "this" {
-  count = var.create_networking_config ? length(var.public_subnet_cidrs): 0
+  count         = var.create_networking_config ? length(var.public_subnet_cidrs) : 0
   allocation_id = aws_eip.this[count.index].id
-  subnet_id = aws_subnet.public[count.index].id
-  tags = merge({
+  subnet_id     = aws_subnet.public[count.index].id
+  tags          = merge({
     Name = "mwaa-${var.environment_name}-nat-gateway-${count.index}"
   }, var.tags)
 }
 
+resource "aws_internet_gateway" "this" {
+  count  = var.create_networking_config && var.internet_gateway_id==null ? 1 : 0
+  vpc_id = var.vpc_id
+  tags   = merge({
+    Name = "mwaa-${var.environment_name}-internet-gateway"
+  }, var.tags)
+}
+
 resource "aws_route_table" "public" {
-  count = var.create_networking_config ? 1: 0
+  count  = var.create_networking_config ? 1 : 0
   vpc_id = var.vpc_id
   route {
     cidr_block = "0.0.0.0/0"
-    gateway_id = var.internet_gateway_id
+    gateway_id = var.internet_gateway_id!=null ? var.internet_gateway_id : aws_internet_gateway.this[0].id
   }
   tags = merge({
     Name = "mwaa-${var.environment_name}-public-routes"
@@ -57,16 +58,16 @@ resource "aws_route_table" "public" {
 }
 
 resource "aws_route_table_association" "public" {
-  count = var.create_networking_config ? length(aws_subnet.public): 0
+  count          = var.create_networking_config ? length(aws_subnet.public) : 0
   route_table_id = aws_route_table.public[0].id
-  subnet_id = aws_subnet.public[count.index].id
+  subnet_id      = aws_subnet.public[count.index].id
 }
 
 resource "aws_route_table" "private" {
-  count = length(aws_nat_gateway.this)
+  count  = length(aws_nat_gateway.this)
   vpc_id = var.vpc_id
   route {
-    cidr_block = "0.0.0.0/0"
+    cidr_block     = "0.0.0.0/0"
     nat_gateway_id = aws_nat_gateway.this[count.index].id
   }
   tags = merge({
@@ -75,27 +76,27 @@ resource "aws_route_table" "private" {
 }
 
 resource "aws_route_table_association" "private" {
-  count = var.create_networking_config ?  length(aws_subnet.private): 0
+  count          = var.create_networking_config ?  length(aws_subnet.private) : 0
   route_table_id = aws_route_table.private[count.index].id
-  subnet_id = aws_subnet.private[count.index].id
+  subnet_id      = aws_subnet.private[count.index].id
 }
 
 resource "aws_security_group" "this" {
   vpc_id = var.vpc_id
-  name = "mwaa-${var.environment_name}-no-ingress-sg"
-  tags = merge({
+  name   = "mwaa-${var.environment_name}-no-ingress-sg"
+  tags   = merge({
     Name = "mwaa-${var.environment_name}-no-ingress-sg"
   }, var.tags  )
   ingress {
     from_port = 0
-    to_port = 0
-    protocol = "-1"
-    self = true
+    to_port   = 0
+    protocol  = "-1"
+    self      = true
   }
   egress {
-    from_port = 0
-    to_port = 0
-    protocol = "-1"
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
     cidr_blocks = [
       "0.0.0.0/0"
     ]