You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+16-9Lines changed: 16 additions & 9 deletions
Original file line number
Diff line number
Diff line change
@@ -68,22 +68,29 @@ Passing the IPs into the module is done by setting two variables `reuse_nat_ips
68
68
69
69
This module supports three scenarios for creating NAT gateways. Each will be explained in further detail in the corresponding sections.
70
70
71
-
- One NAT Gateway per subnet (default behavior)
72
-
-`enable_nat_gateway = true`
73
-
-`single_nat_gateway = false`
74
-
-`one_nat_gateway_per_az = false`
75
-
- Single NAT Gateway
71
+
-**Single NAT Gateway** (cost-saving):
76
72
-`enable_nat_gateway = true`
77
73
-`single_nat_gateway = true`
78
-
-`one_nat_gateway_per_az = false`
79
-
- One NAT Gateway per availability zone
74
+
-`one_nat_gateway_per_az = false` (or true — has no effect)
75
+
- ✅ Creates one NAT Gateway shared across all private subnets
76
+
77
+
-**One NAT Gateway per Availability Zone** (high availability):
80
78
-`enable_nat_gateway = true`
81
79
-`single_nat_gateway = false`
82
80
-`one_nat_gateway_per_az = true`
81
+
- ✅ Creates one NAT Gateway in each AZ you specify in `var.azs`
82
+
83
+
-**Default (no special config):**
84
+
-`enable_nat_gateway = true`
85
+
-`single_nat_gateway = false`
86
+
-`one_nat_gateway_per_az = false`
87
+
- ✅ Behavior depends on private subnet layout — only one NAT Gateway is created unless multiple are required
83
88
84
-
If both `single_nat_gateway` and `one_nat_gateway_per_az` are set to `true`, then `single_nat_gateway` takes precedence.
89
+
> ⚠️ **Important:** If both `single_nat_gateway = true` and `one_nat_gateway_per_az = true` are set,
90
+
> the module will **only create one NAT Gateway**.
91
+
> The `single_nat_gateway` setting takes precedence and overrides `one_nat_gateway_per_az`.
85
92
86
-
### One NAT Gateway per subnet (default)
93
+
### NAT Gateway Behavior Overview
87
94
88
95
By default, the module will determine the number of NAT Gateways to create based on the `max()` of the private subnet lists (`database_subnets`, `elasticache_subnets`, `private_subnets`, and `redshift_subnets`). The module **does not** take into account the number of `intra_subnets`, since the latter are designed to have no Internet access via NAT Gateway. For example, if your configuration looks like the following:
0 commit comments