Palo Alto Networks NAT Gateway Set Module for AWS
A Terraform module for deploying a NAT Gateway set in AWS cloud. The "set" means that the module will create an identical/similar NAT Gateway in each specified Availability Zone.
Usage
module "vpc" {
source = "../../modules/vpc"
name = var.name
cidr_block = var.vpc_cidr_block
secondary_cidr_blocks = var.vpc_secondary_cidr_blocks
global_tags = var.global_tags
vpc_tags = var.vpc_tags
security_groups = var.security_groups
}
module "subnet_sets" {
source = "../../modules/subnet_set"
for_each = toset(distinct([for _, v in var.subnets : v.set]))
name = each.key
cidrs = { for k, v in var.subnets : k => v if v.set == each.key }
vpc_id = module.vpc.id
}
module "nat_gateway_set" {
source = "../../modules/nat_gateway_set"
subnets = module.subnet_sets["natgw-1"].subnets
}
Reference
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.0.0, < 2.0.0 |
| aws | ~> 5.17 |
Providers
| Name | Version |
|---|---|
| aws | ~> 5.17 |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| aws_eip.this | resource |
| aws_nat_gateway.this | resource |
| aws_eip.this | data source |
| aws_nat_gateway.this | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_eip | If false, does not create a new Elastic IP, but instead reads a pre-existing one. This input is ignored if create_nat_gateway is false. | bool | true | no |
| create_nat_gateway | If false, does not create a new NAT Gateway, but instead reads a pre-existing one. | bool | true | no |
| eip_domain | Indicates if this EIP is for use in VPC | string | "vpc" | no |
| eip_tags | n/a | map(string) | {} | no |
| eips | Optional map of Elastic IP attributes. Each key is an Availability Zone name, for example "us-east-1b". Each entry has optional attributes name, public_ip, id.These are mainly useful to select a pre-existing Elastic IP when create_eip is false. Example: name attribute can be used both for selecting the pre-existing Elastic IP, or for customizing a newly created Elastic IP: | map | {} | no |
| global_tags | n/a | map(string) | {} | no |
| nat_gateway_names | A map, where each key is an Availability Zone name, for example "us-east-1b". Each value in the map is a custom name of a NAT Gateway in that Availability Zone. The name is kept in an AWS standard Name tag. Example: | map(string) | {} | no |
| nat_gateway_tags | n/a | map(string) | {} | no |
| subnets | Map of Subnets where to create the NAT Gateways. Each map's key is the availability zone name and each map's object has an attribute id identifying AWS Subnet. Importantly, the traffic returning from the NAT Gateway uses the Subnet's route table.The keys of this input map are used for the output map endpoints.Example for users of module subnet_set: | | n/a | yes |
Outputs
| Name | Description |
|---|---|
| eips | The map of Elastic IP objects. Only valid if create_nat_gateway is at the default true value. |
| nat_gateways | The map of NAT Gateway objects. |
| next_hop_set | The Next Hop Set object, useful as the input to the vpc_route module. Example: |