NAT Gateway
π¦ Overviewβ
This Terraform module provisions an AWS NAT Gateway in a public subnet, enabling outbound internet access for private subnets without exposing them to inbound traffic.
Itβs a core networking component used to support secure, internet-connected architectures within private VPC segments.
β Key Featuresβ
- Provisions a NAT Gateway in a specified public subnet
- Associates an existing Elastic IP (EIP) for outbound routing
- Tags the NAT Gateway for environment context
- Supports scalable, secure access for private EC2 instances
πΌ Use Casesβ
- Allowing EC2 instances in private subnets to access the internet
- Supporting outbound calls from Lambda, ECS, or RDS with no public IP
- Isolating backend tiers from inbound exposure
- Enabling software updates or API communication from private services
π₯ Input Variablesβ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region to deploy the NAT Gateway |
| subnet_id | string | The ID of the public subnet to host the NAT Gateway |
| elastic_ip_id | string | The ID of the pre-allocated Elastic IP to associate with the NAT Gateway |
| environment | string | Tag to specify the deployment environment (e.g., dev, staging, prod) |
π€ Outputsβ
| Name | Description |
|---|---|
| nat_gateway_id | The ID of the created NAT Gateway |
π Deployment Readinessβ
- β Compatible with Terraform 1.0+
- β Tested with AWS provider 5.x
- π§ͺ Requires IAM permissions for VPC, NAT, and Elastic IP management
π οΈ Example Usageβ
module "nat_gateway" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//network/nat-gateway?ref=v1.0.0"
region = "us-east-1"
subnet_id = "subnet-0123456789abcdef0"
elastic_ip_id = "eipalloc-0123456789abcdef0"
environment = "dev"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
π§Ή Cleanup Optionsβ
Terraform Destroy (for test environments):
terraform destroy
or
tofu destroy
Manual Deletion (for production environments):
Delete via CLI:
aws ec2 delete-nat-gateway --nat-gateway-id "nat_gateway_id"
Then release the EIP if no longer needed:
aws ec2 release-address --allocation-id "elastic_ip_id"
π‘οΈ Notesβ
This is a Level 1 networking module for secure outbound internet access from private subnets. To complete NAT routing, ensure private subnets are associated with a route table that forwards 0.0.0.0/0 traffic to this NAT Gateway.
π Deployment Package Noticeβ
This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.