Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/terraform-community-modules/tf_aws_nat
NAT instances for AWS. Module is not maintained.
https://github.com/terraform-community-modules/tf_aws_nat
Last synced: 5 days ago
JSON representation
NAT instances for AWS. Module is not maintained.
- Host: GitHub
- URL: https://github.com/terraform-community-modules/tf_aws_nat
- Owner: terraform-community-modules
- License: apache-2.0
- Created: 2015-04-13T08:23:48.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2024-08-23T17:26:05.000Z (3 months ago)
- Last Synced: 2024-08-23T19:18:15.266Z (3 months ago)
- Language: HCL
- Homepage:
- Size: 34.2 KB
- Stars: 38
- Watchers: 8
- Forks: 22
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-terraform - tf_aws_nat - NAT instances for AWS. (Community Modules / Miscellaneous)
README
# tf_aws_nat
## Module to launch NAT instances on AWS.
This module will provision a specified number of nat instances in the public subnets to allow
outbound internet traffic from the private subnets. For route publishing and High Availability
each instance runs the [AWSnycast](https://github.com/bobtfish/AWSnycast) service. If the nat
instance becomes unavailable it will remove the instance from the route table (this requires
at least 2 instances). NAT instances are an alternative to NAT Gateways to determine which one
is best for your use case please see the following:* https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-comparison.html
* https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html
* https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html## Inputs
* `ami_name_pattern` - The regex to filter which ami used (defaults to Ubuntu Xenial 16.04)
* `ami_publisher` - The ami publisher id (defaults to Canonical's)
* `instance_type` - The type of instance to provision (required)
* `instance_count` - The number of nat instances to provision. At least two are required for HA. It is recommended to have one per subnet (required)
* `az_list` - A list of availability zones to provision in (required)
* `public_subnet_ids` - A list of the public subnets to provision in (required)
* `private_subnet_ids` - A list of the private subnets to allow traffic from (required)
* `security_groups` - A list of security groups applied to the nat instances (required)
* `aws_key_name` - The name of the AWS key pair to provision the instances with (required)
* `ssh_bastion_host` - The ip of the bastion host
* `ssh_bastion_user` - The name of bastion user (required for ssh_bastion_host)
* `aws_private_key` - The contents of private key file for the bastion instance (required for ssh_bastion_host; this is fed to the `private_key` argument; renamed in v1.4, formerly `aws_key_location`)
* `tags` - A list of tags to apply to the nat instances
* `route_table_identifier` - The identifier used in the route table regexp used by AWSnycast. For backwards compatibility it defaults to "rt-private". If you are using the terraform-aws-vpc module you will need to set its value to "private"## Outputs
* `private_ips` - A list of the nat instances private ips
* `public_ips` - A list of the nat instances public ips
* `instance_ids` - A list of the nat instance ids## Usage
```hcl
resource "aws_security_group" "nat" {
name = "nat"
description = "Allow nat traffic"
vpc_id = "${module.vpc.vpc_id}"ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}module "nat" {
source = "github.com/terraform-community-modules/tf_aws_nat"
name = "${var.name}"
instance_type = "t2.nano"
instance_count = "2"
aws_key_name = "mykeyname"
public_subnet_ids = "${module.vpc.public_subnets}"
private_subnet_ids = "${module.vpc.private_subnets}"
vpc_security_group_ids = ["${aws_security_group.nat.id}"]
az_list = "${var.azs}"
subnets_count = "${length(var.azs)}"
route_table_identifier = "private"
ssh_bastion_user = "ubuntu"
ssh_bastion_host = "${aws_instance.bastion.public_ip}"
# this was formerly aws_key_location, renamed in v1.4
aws_private_key = "${file("pathtokeyfile")}"
}
```# LICENSE
Apache2, see the included LICENSE file for more information.