Multi az nat gateways (#29)

* Use one nat gateway per availability zone

Author: tkerdoncuff

README.md

@@ -22,11 +22,11 @@ This module creates the following resources in AWS:
 - 2 or more private subnets in different AZ
 - an internet gateway
 - route tables
+- a NAT gateway in each public subnet
 
-In addition, if NAT gateway is enabled:
+In addition, if NAT gateways are not provided an EIP allocation id:
 
-- an Elastic IP (optional)
-- a NAT gateway in one of the public subnets
+- an Elastic IP for each such NAT gateway
 
 ## Usage example
 
@@ -59,10 +59,10 @@ module "network" {
     }
   }
   nat_gateway = {
-    name       = "quortex"
-    subnet_key = "pub-eu-west-1b"
+    quortex = {
+      subnet_key = "pub-eu-west-1b"
+    }
   }
-  nat_eip_allocation_id = "" # set an existing EIP's id, or an empty string to create a new EIP
 }
 
 ```

locals.tf

@@ -1,5 +1,5 @@
 locals {
-  public_subnets     = { for k, v in aws_subnet.quortex : k => v if v.map_public_ip_on_launch == true }
-  private_subnets    = { for k, v in aws_subnet.quortex : k => v if v.map_public_ip_on_launch == false }
-  enable_nat_gateway = var.nat_gateway != null
+  public_subnets    = { for k, v in aws_subnet.quortex : k => v if v.map_public_ip_on_launch == true }
+  private_subnets   = { for k, v in aws_subnet.quortex : k => v if v.map_public_ip_on_launch == false }
+  zoned_gateway_ids = { for k, v in local.public_subnets : v.availability_zone => [for gw in values(aws_nat_gateway.quortex) : gw.id if gw.subnet_id == v.id][0] }
 }

main.tf

@@ -120,17 +120,17 @@ resource "aws_route_table" "quortex_private" {
 
   # Route to the NAT, if NAT is enabled...
   dynamic "route" {
-    for_each = local.enable_nat_gateway ? [1] : []
+    for_each = local.zoned_gateway_ids[each.value.availability_zone] != null ? [1] : []
 
     content {
       cidr_block     = "0.0.0.0/0"
-      nat_gateway_id = aws_nat_gateway.quortex[0].id
+      nat_gateway_id = local.zoned_gateway_ids[each.value.availability_zone]
     }
   }
 
   # ...otherwise, route to the Internet Gateway
   dynamic "route" {
-    for_each = local.enable_nat_gateway ? [] : [1]
+    for_each = local.zoned_gateway_ids[each.value.availability_zone] == null ? [1] : []
 
     content {
       cidr_block = "0.0.0.0/0"

nat_gateway.tf

@@ -16,30 +16,31 @@
 
 
 # A static Elastic IP used for Quortex cluster External NAT Gateway IP.
-# This resource is created only if no existing EIP is specified.
+# This resource is created for each nat gateway where no existing EIP is specified.
 resource "aws_eip" "quortex" {
-  count = (local.enable_nat_gateway && var.nat_eip_allocation_id == "") ? 1 : 0
+  for_each = { for k, v in var.nat_gateways : k => v if v.eip_allocation_id == null }
 
-  tags = merge({ "Name" = var.eip_name }, var.tags)
+  tags = merge({ "Name" = "${var.nat_gateway_name_prefix}${each.key}" }, var.tags)
 }
 
-# An existing Elastic IP that will be attached to the NAT gateway
-# This datasource is used only to display the IP address
+# An existing Elastic IP that will be attached to NAT gateways when
+# the id is defined. This datasource is used only to display the IP address
 data "aws_eip" "existing_eip" {
-  count = (local.enable_nat_gateway && var.nat_eip_allocation_id != "") ? 1 : 0
+  for_each = { for k, v in var.nat_gateways : k => v if v.eip_allocation_id != null }
 
-  id = var.nat_eip_allocation_id
+  id = each.value.eip_allocation_id
 }
 
-# A single NAT gateway is used for all subnets (NAT gateway is placed in the 1st subnet),
-# or, one NAT gateway in each subnet
+# Nat gateways depending on the list passed in the nat_gateways variable
 resource "aws_nat_gateway" "quortex" {
-  count = local.enable_nat_gateway ? 1 : 0
+  for_each = { for k, v in var.nat_gateways : k => v if local.public_subnets[v.subnet_key] != null }
 
-  allocation_id = var.nat_eip_allocation_id == "" ? aws_eip.quortex[0].id : data.aws_eip.existing_eip[0].id
-  subnet_id     = aws_subnet.quortex[var.nat_gateway.subnet_key].id
+  allocation_id = each.value.eip_allocation_id == null ? aws_eip.quortex[each.key].id : data.aws_eip.existing_eip[each.key].id
+  subnet_id     = local.public_subnets[each.value.subnet_key].id
 
-  tags = merge({ "Name" = var.nat_gateway.name }, var.tags)
+  tags = merge({
+    "Name" = "${var.nat_gateway_name_prefix}${each.key}"
+  }, var.tags)
 
   depends_on = [aws_internet_gateway.quortex]
 }

outputs.tf

@@ -50,12 +50,12 @@ output "route_table_ids_private" {
   description = "The IDs of the route tables for private subnets"
 }
 
-output "nat_eip_id" {
-  value       = try(local.enable_nat_gateway ? (var.nat_eip_allocation_id == "" ? aws_eip.quortex[0].id : var.nat_eip_allocation_id) : "", "")
-  description = "The ID of the Elastic IP associated to the Quortex cluster External NAT Gateway IP."
+output "nat_eip_ids" {
+  value       = concat(values(aws_eip.quortex)[*].allocation_id, [for k, v in var.nat_gateways : v.eip_allocation_id if v.eip_allocation_id != null])
+  description = "The IDs of the Elastic IPs associated to the Quortex cluster External NAT Gateways."
 }
 
-output "nat_eip_address" {
-  value       = try(local.enable_nat_gateway ? (var.nat_eip_allocation_id == "" ? aws_eip.quortex[0].public_ip : data.aws_eip.existing_eip[0].public_ip) : "", "")
-  description = "The public address of the Elastic IP associated to the Quortex cluster External NAT Gateway IP."
+output "nat_eip_addresses" {
+  value       = concat(values(aws_eip.quortex)[*].public_ip, values(data.aws_eip.existing_eip)[*].public_ip)
+  description = "The public addresses of the Elastic IP associated to the Quortex cluster External NAT Gateways."
 }

variables.tf

@@ -49,21 +49,21 @@ variable "route_table_prefix" {
   default     = "quortex-"
 }
 
-variable "nat_gateway" {
-  type        = object({ name = string, subnet_key = string })
+variable "nat_gateway_name_prefix" {
+  type        = string
+  description = "A prefix for the name of the NAT Gateways."
+  default     = "quortex-"
+}
+
+variable "nat_gateways" {
+  type        = map(object({ subnet_key = string, eip_allocation_id = optional(string) }))
   description = <<EOT
-The NAT gateway configuration, a name and a subnet_key that must match a key
-of the given subnets variable.
+The NAT gateways configuration, a map of object, each with a subnet_key that must
+match a key of the given subnets variable and an optional eip allocation id.
 EOT
   default     = null
 }
 
-variable "eip_name" {
-  type        = string
-  description = "Name for the Elastic IP resource"
-  default     = "quortex"
-}
-
 variable "vpc_cidr_block" {
   type        = string
   description = "The CIDR block for the VPC"
@@ -96,9 +96,3 @@ variable "tags" {
   description = "The tags (a map of key/value pairs) to be applied to created resources."
   default     = {}
 }
-
-variable "nat_eip_allocation_id" {
-  type        = string
-  description = "Allocation ID of an existing EIP that should be associated to the NAT gateway. Specify this ID if you want to associate an existing EIP to the NAT gateway. If not specified, a new EIP will be created and associated to the NAT gateway."
-  default     = ""
-}