Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No NAT Gateway created if private subnets are not set #216

Open
nnsense opened this issue Sep 20, 2024 · 0 comments
Open

No NAT Gateway created if private subnets are not set #216

nnsense opened this issue Sep 20, 2024 · 0 comments
Labels
bug 🐛 An issue with the system

Comments

@nnsense
Copy link

nnsense commented Sep 20, 2024
edited
Loading

Describe the Bug

This module has features leaving to think it's able to deploy private and public subnets separately. It mostly works but, apparently, you must have both public and private enabled to get the NAT Gateways created, leaving the user to deal with it separately even if the resources to create them are already existing into the module.

This is due to:
local.nat_gateway_enabled is true if
nat_gateway_enabled = local.nat_gateway_useful && local.nat_gateway_setting

local.nat_gateway_useful is true if
nat_gateway_useful = local.nat_instance_useful || local.public_dns64_enabled || local.private_dns64_enabled

About nat_gateway_setting, if nat_instance_enabled is set to true, we set the default for nat_gateway_enabled to false. This is the only place across the module where the var nat_gateway_enabled is actually used.

then local.nat_instance_useful is true if
nat_instance_useful = local.private4_enabled

and local.private4_enabled is true if
private4_enabled = local.private_enabled && local.ipv4_enabled

finally
private_enabled = local.e && var.private_subnets_enabled

So, the NATGW won't be created if the private_subnets_enabled variable is set to false.

The change is obviosly trivial, I would just set

nat_instance_useful = local.private4_enabled || local.public4_enabled

or, in all honesty even

nat_instance_useful = local.public4_enabled

My question is:

  • Is there a reason I'm overlooking linking the NATGW creation to the private subnets (beside the need of private to use it, but we would create them separately).
  • Would my change breaking or go against any internal logic you are aware of? My first choice would be to set nat_instance_useful = local.public4_enabled because that's what the NATGW requires, but, to be backward compatible, even nat_instance_useful = local.private4_enabled || local.public4_enabled would be OK, at least we could deploy (and I would be happy to share a working an example on how to do it) different number of private/public at will.

Expected Behavior

If the variable nat_gateway_enabled is set to true with private_subnets_enabled set to false, I would expect the NAT gateways to be created, leaving the user able to use that instead of creating it separately.

Steps to Reproduce

Just try to deploy the module with

nat_gateway_enabled = true
private_subnets_enabled = false

No NAT gateways will be created

Screenshots

No response

Environment

No response

Additional Context

No response
@nnsense nnsense added the bug 🐛 An issue with the system label Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐛 An issue with the system
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nnsense