This Terraform module provides a flexible way to create highly available NAT instances on AWS.
While I am a proponent of using NAT instances, I would recommend that for production use, it's best to stick with the NAT Gateways provided by AWS or use them instead.
- Cloudtrail must be enabled in order to capture ASG events.
- The lambda scripts currently assume that instances have "-nat-" in their name and that private subnets have "-private-" in their name, which may not always be the case. While this approach works, a more flexible solution is being explored.
If you already have the VPC setup without terraform, you can put in the id's like this:
module "nat" {
source = "github.com/scamfield/terraform-aws-nat-instance"
name = module.vpc.name
aws_key_name = "ssh-key"
vpc_id = "vpc-056d68ea46d510b09"
public_subnet_ids = ["subnet-0873b9d701bf16b22", "subnet-0a9b98b6fefe81141"]
private_subnet_ids = ["subnet-0619e46d25c65c108", "subnet-0b907bfbb53c10637"]
}If you're utilizing the widely-used terraform-aws-modules/vpc/aws module, you can simply pass in the relevant details from the module. However, make sure that the vpc module is executed first.
module "nat" {
source = "github.com/scamfield/terraform-aws-nat-instance"
name = module.vpc.name
aws_key_name = "ssh-key"
vpc_id = module.vpc.vpc_id
public_subnet_ids = module.vpc.public_subnets
private_subnet_ids = module.vpc.private_subnets
}This Terraform module is designed to deploy an auto-scaling group in each availability zone. Each group includes one EC2 instance with a minimum and maximum capacity of one. The group is also configured with an ENI interface that acts as the destination for 0.0.0.0/0 routing table. This design ensures that the auto-scaling group can handle availability zone outages.
In case of a failure within the auto-scaling group, an event is triggered, which is then picked up by EventBridge. EventBridge, in turn, invokes a Lambda function that is authorized to update the routing table for the failed EC2 instance's subnet to a different one.
Report issues/questions/feature requests on in the issues section.
| Name | Version |
|---|---|
| terraform | >= 0.13.5 |
| aws | >= 3.22.0 |
| template | >= 2.1 |
| Name | Version |
|---|---|
| aws | >= 3.22.0 |
| template | >= 2.1 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_key_name | n/a | string |
"" |
no |
| instance_type | n/a | string |
"t4g.micro" |
no |
| name | n/a | string |
"default" |
no |
| private_subnet_ids | n/a | list(string) |
n/a | yes |
| public_subnet_ids | n/a | list(string) |
n/a | yes |
| vpc_id | n/a | string |
n/a | yes |
No Outputs.
If you come across the following error during deployment, it might be because the subnets have not been created yet or are invalid. This is due to looping through the subnets, causing the error to occur:
Error: Invalid for_each argument
│
│ on .terraform/modules/nat/data.tf line 36, in data "aws_subnet" "subnets":
│ 36: for_each = toset(concat(var.private_subnet_ids, var.public_subnet_ids))
│ ├────────────────
│ │ var.private_subnet_ids is list of string with 2 elements
│ │ var.public_subnet_ids is list of string with 2 elements
│
│ The "for_each" value depends on resource attributes that cannot be determined until apply, so Terraform cannot
│ predict how many instances will be created. To work around this, use the -target argument to first apply only the
│ resources that the for_each depends on.
Module is maintained by Stephen Camfield with help from these awesome contributors.