Add NAT Gateway IDs to subnet stats maps

Incorporate feature from PR #225 to expose NAT Gateway IDs in the subnet stats outputs.

- Add `nat_gateway_id` field to `named_private_subnets_stats_map` (maps to the NAT Gateway that the private subnet routes to for egress)
- Add `nat_gateway_id` field to `named_public_subnets_stats_map` (maps to the NAT Gateway in that public subnet, if any)
- Create helper locals to correctly map subnets to NAT Gateways
- Update output descriptions to reflect the new fourth field

This makes the subnet stats more complete and enables downstream components to reference NAT Gateway IDs when needed (e.g., network firewall routing configurations).

Implementation correctly handles our new NAT placement features:
- Works with index-based NAT placement (`nat_gateway_public_subnet_indices`)
- Works with name-based NAT placement (`nat_gateway_public_subnet_names`)
- Private subnets correctly map to the NAT they route to (using existing `private_route_table_to_nat_map`)
- Public subnets correctly identify which ones contain NAT Gateways

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: aknysh

main.tf

@@ -333,12 +333,22 @@ locals {
     compact([for k, v in local.az_public_route_table_ids_map : try(v[i], "")]))
   }
 
+  # Create a map from public subnet ID to NAT Gateway ID (for public subnets that have NAT Gateways)
+  public_subnet_to_nat_gateway_map = { for nat in aws_nat_gateway.default : nat.subnet_id => nat.id }
+
+  # Create a map from private subnet ID to NAT Gateway ID (the NAT that the private subnet routes to)
+  private_subnet_to_nat_gateway_map = local.nat_gateway_enabled && local.private4_enabled ? {
+    for idx, subnet in aws_subnet.private :
+    subnet.id => aws_nat_gateway.default[local.private_route_table_to_nat_map[idx]].id
+  } : {}
+
   named_private_subnets_stats_map = { for i, s in local.private_subnets_per_az_names : s => (
     [
       for k, v in local.az_private_route_table_ids_map : {
         az             = k
         route_table_id = try(v[i], "")
         subnet_id      = try(local.az_private_subnets_map[k][i], "")
+        nat_gateway_id = try(local.private_subnet_to_nat_gateway_map[local.az_private_subnets_map[k][i]], "")
       }
     ])
   }
@@ -349,6 +359,7 @@ locals {
         az             = k
         route_table_id = try(v[i], "")
         subnet_id      = try(local.az_public_subnets_map[k][i], "")
+        nat_gateway_id = try(local.public_subnet_to_nat_gateway_map[local.az_public_subnets_map[k][i]], "")
       }
     ])
   }

outputs.tf

@@ -139,11 +139,11 @@ output "named_public_route_table_ids_map" {
 }
 
 output "named_private_subnets_stats_map" {
-  description = "Map of subnet names (specified in `private_subnets_per_az_names` or `subnets_per_az_names` variable) to lists of objects with each object having three items: AZ, private subnet ID, private route table ID"
+  description = "Map of subnet names (specified in `private_subnets_per_az_names` or `subnets_per_az_names` variable) to lists of objects with each object having four items: AZ, private subnet ID, private route table ID, NAT Gateway ID (the NAT Gateway that this private subnet routes to for egress)"
   value       = local.named_private_subnets_stats_map
 }
 
 output "named_public_subnets_stats_map" {
-  description = "Map of subnet names (specified in `public_subnets_per_az_names` or `subnets_per_az_names` variable) to lists of objects with each object having three items: AZ, public subnet ID, public route table ID"
+  description = "Map of subnet names (specified in `public_subnets_per_az_names` or `subnets_per_az_names` variable) to lists of objects with each object having four items: AZ, public subnet ID, public route table ID, NAT Gateway ID (the NAT Gateway in this public subnet, if any)"
   value       = local.named_public_subnets_stats_map
 }