From 728a4d114000f256a24d8d4bc9895184df533d0c Mon Sep 17 00:00:00 2001
From: Pier Sf <13417510+piersf@users.noreply.github.com>
Date: Mon, 7 Feb 2022 16:23:10 +0100
Subject: [PATCH] feat: Added custom route for NAT gateway (#748)
---
README.md | 1 +
main.tf | 2 +-
variables.tf | 6 ++++++
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 97197c6ee..5a62fd400 100644
--- a/README.md
+++ b/README.md
@@ -410,6 +410,7 @@ No modules.
| [map\_public\_ip\_on\_launch](#input\_map\_public\_ip\_on\_launch) | Should be false if you do not want to auto-assign public IP on launch | `bool` | `true` | no |
| [name](#input\_name) | Name to be used on all the resources as identifier | `string` | `""` | no |
| [nat\_eip\_tags](#input\_nat\_eip\_tags) | Additional tags for the NAT EIP | `map(string)` | `{}` | no |
+| [nat\_gateway\_destination\_cidr\_block](#input\_nat\_gateway\_destination\_cidr\_block) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route. | `string` | `"0.0.0.0/0"` | no |
| [nat\_gateway\_tags](#input\_nat\_gateway\_tags) | Additional tags for the NAT gateways | `map(string)` | `{}` | no |
| [one\_nat\_gateway\_per\_az](#input\_one\_nat\_gateway\_per\_az) | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | `bool` | `false` | no |
| [outpost\_acl\_tags](#input\_outpost\_acl\_tags) | Additional tags for the outpost subnets network ACL | `map(string)` | `{}` | no |
diff --git a/main.tf b/main.tf
index fa8eb5db0..e78fa08d3 100644
--- a/main.tf
+++ b/main.tf
@@ -1043,7 +1043,7 @@ resource "aws_route" "private_nat_gateway" {
count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0
route_table_id = element(aws_route_table.private[*].id, count.index)
- destination_cidr_block = "0.0.0.0/0"
+ destination_cidr_block = var.nat_gateway_destination_cidr_block
nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index)
timeouts {
diff --git a/variables.tf b/variables.tf
index f7bfd39aa..8db62c258 100644
--- a/variables.tf
+++ b/variables.tf
@@ -298,6 +298,12 @@ variable "enable_nat_gateway" {
default = false
}
+variable "nat_gateway_destination_cidr_block" {
+ description = "Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route."
+ type = string
+ default = "0.0.0.0/0"
+}
+
variable "single_nat_gateway" {
description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks"
type = bool