A Terraform module for deploying NAT Instances using fck-nat. The (f)easible (c)ost (k)onfigurable NAT! The following is a list of features available with this module:
- High-availability mode achieved through a floating internal ENI automatically attached to instances being started by an ASG
- Optional consistent static IP via EIP re-attachment to the internet facing ENI
- Cloudwatch metrics reported similar to those available with the managed NAT Gateway
- Use of spot instances instead of on-demand for reduced costs
module "fck-nat" {
source = "RaJiska/fck-nat/aws"
name = "my-fck-nat"
vpc_id = "vpc-abc1234"
subnet_id = "subnet-abc1234"
update_route_table = true
route_table_id = "rtb-abc1234"
# ha_mode = true # Enables high-availability mode
# eip_allocation_ids = ["eipalloc-abc1234"] # Allocation ID of an existing EIP
# use_cloudwatch_agent = true # Enables Cloudwatch agent and have metrics reported
}| Name | Version |
|---|---|
| terraform | ~> 1.3 |
| aws | >= 4.0 |
| Name | Version |
|---|---|
| aws | >= 4.0 |
No modules.
| Name | Type |
|---|---|
| aws_autoscaling_group.main | resource |
| aws_iam_instance_profile.main | resource |
| aws_iam_role.main | resource |
| aws_instance.main | resource |
| aws_launch_template.main | resource |
| aws_network_interface.main | resource |
| aws_route.main | resource |
| aws_security_group.main | resource |
| aws_ssm_parameter.cloudwatch_agent_config | resource |
| aws_ami.main | data source |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.main | data source |
| aws_region.current | data source |
| aws_vpc.main | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ami_id | AMI to use for the NAT instance. Uses fck-nat latest AMI in the region if none provided | string |
null |
no |
| cloudwatch_agent_configuration | CloudWatch configuration for the NAT instance | object({ |
{ |
no |
| cloudwatch_agent_configuration_param_arn | ARN of the SSM parameter containing the CloudWatch agent configuration. If none provided, creates one | string |
null |
no |
| ebs_root_volume_size | Size of the EBS root volume in GB | number |
2 |
no |
| eip_allocation_ids | EIP allocation IDs to use for the NAT instance. Automatically assign a public IP if none is provided. Note: Currently only supports at most one EIP allocation. | list(string) |
[] |
no |
| encryption | Whether or not to encrypt the EBS volume | bool |
true |
no |
| ha_mode | Whether or not high-availability mode should be enabled via autoscaling group | bool |
true |
no |
| instance_type | Instance type to use for the NAT instance | string |
"t4g.micro" |
no |
| kms_key_id | Will use the provided KMS key ID to encrypt the EBS volume. Uses the default KMS key if none provided | string |
null |
no |
| name | Name used for resources created within the module | string |
n/a | yes |
| route_table_id | Route table to update. Only valid if update_route_table is true | string |
null |
no |
| subnet_id | Subnet ID to deploy the NAT instance into | string |
n/a | yes |
| tags | Tags to apply to resources created within the module | map(string) |
{} |
no |
| update_route_table | Whether or not to update the route table with the NAT instance | bool |
false |
no |
| use_cloudwatch_agent | Whether or not to enable CloudWatch agent for the NAT instance | bool |
false |
no |
| use_spot_instances | Whether or not to use spot instances for running the NAT instance | bool |
false |
no |
| vpc_id | VPC ID to deploy the NAT instance into | string |
n/a | yes |
| Name | Description |
|---|---|
| ami_id | AMI to use for the NAT instance. Uses fck-nat latest arm64 AMI in the region if none provided |
| autoscaling_group_arn | The ARN of the autoscaling group if running in HA mode |
| cw_agent_config_ssm_parameter_arn | The ARN of the SSM parameter containing the Cloudwatch agent config |
| encryption | Whether or not fck-nat instance EBS volumes are encrypted |
| eni_arn | The ARN of the static ENI used by the fck-nat instance |
| eni_id | The ID of the static ENI used by the fck-nat instance |
| ha_mode | Whether or not high-availability mode is enabled via autoscaling group |
| instance_arn | The ARN of the fck-nat instance if running in non-HA mode |
| instance_profile_arn | The ARN of the instance profile used by the fck-nat instance |
| instance_type | Instance type used for the fck-nat instance |
| kms_key_id | KMS key ID to use for encrypting fck-nat instance EBS volumes |
| launch_template_id | The ID of the launch template used to spawn fck-nat instances |
| name | Name used for resources created within the module |
| role_arn | The ARN of the role used by the fck-nat instance profile |
| security_group_id | The ID of the security group used by fck-nat ENIs |
| subnet_id | Subnet ID to which the fck-nat instance is deployed into |
| vpc_id | VPC ID to which the fck-nat instance is deployed into |