aws.ec2-nat-gateway resource¶
Description¶
NatGateway is a zonal (single-AZ) NAT gateway: a managed device in one subnet that lets instances reach the internet (public connectivity) or other VPCs (private connectivity) without exposing them to inbound traffic. The subnet, the connectivity type, the Elastic IP allocation, and the primary private address are fixed when the gateway is created, so a change to any of them replaces the gateway. The secondary Elastic IP allocations (public) and secondary private addresses (private) are reconciled in place after create, each by its own EC2 call with a per-address settle wait; the secondary private address count is a create-time alternative to listing the addresses and is replaced rather than reconciled. A nil optional field is never sent: EC2 applies its own default and fills the computed outputs.
Only the zonal NAT gateway is modeled here. The regional (multi-AZ) variant -- the availability-mode, vpc-id, and per-Availability-Zone address fields -- is a separable addition; omitting availability-mode defaults the gateway to zonal.
Source: internal/service/ec2/nat_gateway_rsrc.go:34
Example usage:
imports: {
aws: 'github.com/cloudboss/unobin-library-aws'
}
resources: {
example: aws.ec2-nat-gateway {
# Set input fields here.
}
}
Inputs¶
subnet-id
string
connectivity-type
optional(string)
allocation-id
optional(string)
private-ip
optional(string)
secondary-allocation-ids
list(string)
SecondaryAllocationIds adds further Elastic IP allocations to a public gateway. It is reconciled in place on Update by AssociateNatGatewayAddress and DisassociateNatGatewayAddress.
secondary-private-ip-addresses
list(string)
SecondaryPrivateIpAddresses adds further private addresses. On a private gateway it is reconciled in place by AssignPrivateNatGatewayAddress and UnassignPrivateNatGatewayAddress; on a public gateway the added entries accompany an Associate as the paired private IPs, so a change to this list alone, with no newly added secondary-allocation-ids, sends nothing.
secondary-private-ip-address-count
optional(integer)
SecondaryPrivateIpAddressCount asks EC2 to assign that many private addresses to a private gateway at create time, instead of listing them. It is a create-only alternative to the addresses list; changing it replaces the gateway rather than reconciling in place.
tags
map(string)
Input Constraints¶
Connectivity type rules
connectivity-type must be public or private.
Rule logic
- When
input.connectivity-type != null- Require
input.connectivity-type == 'public'
|| input.connectivity-type == 'private'
allocation-id is required for a public NAT gateway.
Rule logic
- When
input.connectivity-type == 'public'
|| input.connectivity-type == null- Require
input.allocation-id != null
allocation-id is not supported with connectivity-type private.
Rule logic
- When
input.connectivity-type == 'private'- Require
input.allocation-id == null
secondary-allocation-ids is not supported with connectivity-type private.
Rule logic
- When
input.connectivity-type == 'private'- Require
input.secondary-allocation-ids == null
Secondary private ip address count rules
secondary-private-ip-address-count is supported only with connectivity-type private.
Rule logic
- When
input.secondary-private-ip-address-count != null- Require
input.connectivity-type == 'private'
Field combinations
At most one of secondary-private-ip-address-count or secondary-private-ip-addresses.
Outputs¶
nat-gateway-id
string
network-interface-id
string
public-ip
string
private-ip
string