Merge pull request #22 from strvcom/feature/optional-nat

Optional NAT gateway
strvcom · Mar 2, 2019 · 8f757f7 · 8f757f7
2 parents 87310f4 + 32163ad
commit 8f757f7
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/main.tf b/main.tf
@@ -22,8 +22,8 @@ module "vpc" {
   private_subnets = "${var.vpc_private_subnets}"
 
   # NAT gateway for private subnets
-  enable_nat_gateway = true
-  single_nat_gateway = true
+  enable_nat_gateway = "${var.vpc_create_nat}"
+  single_nat_gateway = "${var.vpc_create_nat}"
 
   # Every instance deployed within the VPC will get a hostname
   enable_dns_hostnames = true
@@ -233,7 +233,10 @@ resource "aws_ecs_service" "this" {
 
   network_configuration {
     security_groups = ["${element(aws_security_group.services.*.id, count.index)}"]
-    subnets         = ["${module.vpc.private_subnets}"]
+
+    # https://github.com/hashicorp/terraform/issues/18259#issuecomment-438407005
+    subnets          = ["${split(",", var.vpc_create_nat ? join(",", module.vpc.private_subnets) : join(",", module.vpc.public_subnets))}"]
+    assign_public_ip = "${!var.vpc_create_nat}"
   }
 
   load_balancer {

diff --git a/variables.tf b/variables.tf
@@ -32,6 +32,11 @@ variable "vpc_private_subnets" {
   default     = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
 }
 
+variable "vpc_create_nat" {
+  description = "Whether or not create a NAT gateway in the VPC managed by this module. Note that disabling this, it will forced to put ALL Fargate services inside a PUBLIC subnet with a PUBLIC ip address"
+  default     = true
+}
+
 ## LOGS
 
 variable "cloudwatch_logs_default_retention_days" {