diff --git a/README.md b/README.md
index dda7670..5d6b5d9 100644
--- a/README.md
+++ b/README.md
@@ -432,11 +432,13 @@ Available targets:
 | <a name="output_nat_ips"></a> [nat\_ips](#output\_nat\_ips) | Elastic IP Addresses in use by NAT |
 | <a name="output_private_network_acl_id"></a> [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the Network ACL created for private subnets |
 | <a name="output_private_route_table_ids"></a> [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | IDs of the created private route tables |
+| <a name="output_private_subnet_arns"></a> [private\_subnet\_arns](#output\_private\_subnet\_arns) | ARNs of the created private subnets |
 | <a name="output_private_subnet_cidrs"></a> [private\_subnet\_cidrs](#output\_private\_subnet\_cidrs) | IPv4 CIDR blocks of the created private subnets |
 | <a name="output_private_subnet_ids"></a> [private\_subnet\_ids](#output\_private\_subnet\_ids) | IDs of the created private subnets |
 | <a name="output_private_subnet_ipv6_cidrs"></a> [private\_subnet\_ipv6\_cidrs](#output\_private\_subnet\_ipv6\_cidrs) | IPv6 CIDR blocks of the created private subnets |
 | <a name="output_public_network_acl_id"></a> [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the Network ACL created for public subnets |
 | <a name="output_public_route_table_ids"></a> [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | IDs of the created public route tables |
+| <a name="output_public_subnet_arns"></a> [public\_subnet\_arns](#output\_public\_subnet\_arns) | ARNs of the created public subnets |
 | <a name="output_public_subnet_cidrs"></a> [public\_subnet\_cidrs](#output\_public\_subnet\_cidrs) | IPv4 CIDR blocks of the created public subnets |
 | <a name="output_public_subnet_ids"></a> [public\_subnet\_ids](#output\_public\_subnet\_ids) | IDs of the created public subnets |
 | <a name="output_public_subnet_ipv6_cidrs"></a> [public\_subnet\_ipv6\_cidrs](#output\_public\_subnet\_ipv6\_cidrs) | IPv6 CIDR blocks of the created public subnets |
diff --git a/docs/terraform.md b/docs/terraform.md
index 896600f..975589c 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -169,11 +169,13 @@
 | <a name="output_nat_ips"></a> [nat\_ips](#output\_nat\_ips) | Elastic IP Addresses in use by NAT |
 | <a name="output_private_network_acl_id"></a> [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the Network ACL created for private subnets |
 | <a name="output_private_route_table_ids"></a> [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | IDs of the created private route tables |
+| <a name="output_private_subnet_arns"></a> [private\_subnet\_arns](#output\_private\_subnet\_arns) | ARNs of the created private subnets |
 | <a name="output_private_subnet_cidrs"></a> [private\_subnet\_cidrs](#output\_private\_subnet\_cidrs) | IPv4 CIDR blocks of the created private subnets |
 | <a name="output_private_subnet_ids"></a> [private\_subnet\_ids](#output\_private\_subnet\_ids) | IDs of the created private subnets |
 | <a name="output_private_subnet_ipv6_cidrs"></a> [private\_subnet\_ipv6\_cidrs](#output\_private\_subnet\_ipv6\_cidrs) | IPv6 CIDR blocks of the created private subnets |
 | <a name="output_public_network_acl_id"></a> [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the Network ACL created for public subnets |
 | <a name="output_public_route_table_ids"></a> [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | IDs of the created public route tables |
+| <a name="output_public_subnet_arns"></a> [public\_subnet\_arns](#output\_public\_subnet\_arns) | ARNs of the created public subnets |
 | <a name="output_public_subnet_cidrs"></a> [public\_subnet\_cidrs](#output\_public\_subnet\_cidrs) | IPv4 CIDR blocks of the created public subnets |
 | <a name="output_public_subnet_ids"></a> [public\_subnet\_ids](#output\_public\_subnet\_ids) | IDs of the created public subnets |
 | <a name="output_public_subnet_ipv6_cidrs"></a> [public\_subnet\_ipv6\_cidrs](#output\_public\_subnet\_ipv6\_cidrs) | IPv6 CIDR blocks of the created public subnets |
diff --git a/outputs.tf b/outputs.tf
index be6b005..24e8817 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -15,12 +15,22 @@ output "public_subnet_ids" {
   value       = aws_subnet.public[*].id
 }
 
+output "public_subnet_arns" {
+  description = "ARNs of the created public subnets"
+  value       = aws_subnet.public[*].arn
+}
+
 output "private_subnet_ids" {
   description = "IDs of the created private subnets"
   value       = aws_subnet.private[*].id
 }
 
-# Provide some consistency in CDIR outputs by always returning a list.
+output "private_subnet_arns" {
+  description = "ARNs of the created private subnets"
+  value       = aws_subnet.private[*].arn
+}
+
+# Provide some consistency in CIDR outputs by always returning a list.
 # Avoid (or at least reduce) `count` problems by toggling the return
 # value via configuration rather than computing it via `compact()`.
 output "public_subnet_cidrs" {
diff --git a/variables.tf b/variables.tf
index f09f6de..6eb2e21 100644
--- a/variables.tf
+++ b/variables.tf
@@ -446,6 +446,35 @@ variable "public_subnets_additional_tags" {
   nullable    = false
 }
 
+variable "subnets_per_az_count" {
+  type        = number
+  description = <<-EOT
+    The number of subnet of each type (public or private) to provision per Availability Zone.
+    EOT
+  default     = 1
+  nullable    = false
+  validation {
+    condition = var.subnets_per_az_count > 0
+    # Validation error messages must be on a single line, among other restrictions.
+    # See https://github.com/hashicorp/terraform/issues/24123
+    error_message = "The `subnets_per_az` value must be greater than 0."
+  }
+}
+
+variable "subnets_per_az_names" {
+  type = list(string)
+
+  description = <<-EOT
+    The subnet names of each type (public or private) to provision per Availability Zone.
+    This variable is optional.
+    If a list of names is provided, the list items will be used as keys in the outputs `named_private_subnets_map`, `named_public_subnets_map`,
+    `named_private_route_table_ids_map` and `named_public_route_table_ids_map`
+    EOT
+  default     = ["common"]
+  nullable    = false
+}
+
+#############################################################
 ############## NAT instance configuration ###################
 variable "nat_instance_type" {
   type        = string
@@ -515,30 +544,5 @@ variable "nat_instance_root_block_device_encrypted" {
 }
 locals { nat_instance_root_block_device_encrypted = var.root_block_device_encrypted == null ? var.nat_instance_root_block_device_encrypted : var.root_block_device_encrypted }
 
-variable "subnets_per_az_count" {
-  type        = number
-  description = <<-EOT
-    The number of subnet of each type (public or private) to provision per Availability Zone.
-    EOT
-  default     = 1
-  nullable    = false
-  validation {
-    condition = var.subnets_per_az_count > 0
-    # Validation error messages must be on a single line, among other restrictions.
-    # See https://github.com/hashicorp/terraform/issues/24123
-    error_message = "The `subnets_per_az` value must be greater than 0."
-  }
-}
-
-variable "subnets_per_az_names" {
-  type = list(string)
-
-  description = <<-EOT
-    The subnet names of each type (public or private) to provision per Availability Zone.
-    This variable is optional.
-    If a list of names is provided, the list items will be used as keys in the outputs `named_private_subnets_map`, `named_public_subnets_map`,
-    `named_private_route_table_ids_map` and `named_public_route_table_ids_map`
-    EOT
-  default     = ["common"]
-  nullable    = false
-}
+############## END of NAT instance configuration ########################
+############## Please add new variables above this section ##############