-
-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error when creating VPC without any private subnets and has NAT gateways #1068
Comments
From my understanding you have to define private subnets in the egress vpc cf here ... |
@laserpedro not quite....the egress VPC can live in another account and has just public subnets with NAT gateways living in them. You can then use a Transit Gateway to link those subnets with private subnets in separate VPCs that live in separate accounts. By creating a VPC with just public subnets for the egress VPC, you can keep the IP space small (which is desirable because this will be an internet-facing VPC after all). |
What about using non routable IPs for the private subnets in your egress VPC ? |
This issue has been automatically marked as stale because it has been open 30 days |
I really think this is a valid use case and it's something I already witnessed on a past project. Also, AWS documents this pattern on some architectures, like here. I also made some local changes to the module so that the reproduction code (shared by @aiell0) works as expected. Can I open a PR for this? :) |
This issue has been automatically marked as stale because it has been open 30 days |
This issue was automatically closed because of stale in 10 days |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Description
When creating a VPC with only public subnets and with
one_nat_gateway_per_az
configured, module fails with an error.Versions
Module version [Required]: 5.7.1
Terraform version: 1.7.5
Provider version(s): 5.45.0
Reproduction Code [Required]
Steps to reproduce the behavior:
Run a
terraform plan
orterraform apply
.Expected behavior
VPC creates without issues.
Actual behavior
Module errors out.
Terminal Output Screenshot(s)
Additional context
This use case comes from AWS Prescriptive Guidance around setting up network architecture. In this case, an outbound VPC would only have NAT gateways. This VPC would then have routes to it via Transit Gateway connections to other VPCs which emulates the same functionality as private subnets. This module does not support that setup in the current form.
The text was updated successfully, but these errors were encountered: