NAT Gateway module
Purpose
Terraform module used to deploy Azure NAT Gateway. For limitations and zone-resiliency considerations please refer to Microsoft documentation.
This module can be used to either create a new NAT Gateway or to connect an existing one with subnets deployed using (for example) the VNET module.
Usage
To deploy this resource in it's minimum configuration following code snippet can be used (assuming that the VNET module is used to deploy VNET and Subnets):
module "natgw" {
source = "PaloAltoNetworks/vmseries-modules/azurerm//modules/natgw"
name = "NATGW_name"
resource_group_name = "resource_group_name"
location = "region_name"
subnet_ids = { "a_subnet_name" = module.vnet.subnet_ids["a_subnet_name"] }
}
This will create a NAT Gateway in with a single Public IP in a zone chosen by Azure.
Reference
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.2, < 2.0 |
| azurerm | ~> 3.25 |
Providers
| Name | Version |
|---|---|
| azurerm | ~> 3.25 |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| azurerm_nat_gateway.this | resource |
| azurerm_nat_gateway_public_ip_association.this | resource |
| azurerm_nat_gateway_public_ip_prefix_association.nat_ips | resource |
| azurerm_public_ip.this | resource |
| azurerm_public_ip_prefix.this | resource |
| azurerm_subnet_nat_gateway_association.this | resource |
| azurerm_nat_gateway.this | data source |
| azurerm_public_ip.this | data source |
| azurerm_public_ip_prefix.this | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | Name of a NAT Gateway. | string | n/a | yes |
| create_natgw | Triggers creation of a NAT Gateway when set to true.Set it to false to source an existing resource. In this 'mode' the module will only bind an existing NAT Gateway to specified subnets. | bool | true | no |
| resource_group_name | Name of a Resource Group hosting the NAT Gateway (either the existing one or the one that will be created). | string | n/a | yes |
| location | Azure region. Only for newly created resources. | string | n/a | yes |
| tags | A map of tags that will be assigned to resources created by this module. Only for newly created resources. | map(string) | {} | no |
| zone | Controls if the NAT Gateway will be bound to a specific zone or not. This is a string with the zone number or null. Only for newly created resources.NAT Gateway is not zone-redundant. It is a zonal resource. It means that it's always deployed in a zone. It's up to the user to decide if a zone will be specified during resource deployment or if Azure will take that decision for the user. Keep in mind that regardless of the fact that NAT Gateway is placed in a specific zone it can serve traffic for resources in all zones. But if that zone becomes unavailable resources in other zones will loose internet connectivity. For design considerations, limitation and examples of zone-resiliency architecture please refer to Microsoft documentation. | string | null | no |
| idle_timeout | Connection IDLE timeout in minutes. Only for newly created resources. | number | null | no |
| subnet_ids | A map of subnet IDs what will be bound with this NAT Gateway. Value is the subnet ID, key value does not matter but should be unique, typically it can be a subnet name. | map(string) | n/a | yes |
| create_pip | Set true to create a Public IP resource that will be connected to newly created NAT Gateway. Not used when NAT Gateway is only sourced.Setting this property to false has two meanings:when existing_pip_name is null simply no Public IP will be createdwhen existing_pip_name is set to a name of an exiting Public IP resource it will be sourced and associated to this NAT Gateway. | bool | true | no |
| existing_pip_name | Name of an existing Public IP resource to associate with the NAT Gateway. Only for newly created resources. | string | null | no |
| existing_pip_resource_group_name | Name of a resource group hosting the Public IP resource specified in existing_pip_name. When omitted Resource Group specified in resource_group_name will be used. | string | null | no |
| create_pip_prefix | Set true to create a Public IP Prefix resource that will be connected to newly created NAT Gateway. Not used when NAT Gateway is only sourced.Setting this property to false has two meanings:when existing_pip_prefix_name is null simply no Public IP Prefix will be createdwhen existing_pip_prefix_name is set to a name of an exiting Public IP Prefix resource it will be sourced and associated to this NAT Gateway. | bool | false | no |
| pip_prefix_length | Number of bits of the Public IP Prefix. This basically specifies how many IP addresses are reserved. Azure default is /28.This value can be between 0 and 31 but can be limited by limits set on Subscription level. | number | null | no |
| existing_pip_prefix_name | Name of an existing Public IP Prefix resource to associate with the NAT Gateway. Only for newly created resources. | string | null | no |
| existing_pip_prefix_resource_group_name | Name of a resource group hosting the Public IP Prefix resource specified in existing_pip_name. When omitted Resource Group specified in resource_group_name will be used. | string | null | no |
Outputs
| Name | Description |
|---|---|
| natgw_pip | n/a |
| natgw_pip_prefix | n/a |