| additional_security_group_ids |
A list of identifiers of security groups to be added for the NAT instance |
list(string) |
[] |
no |
| ami_id |
AMI to use for the NAT instance. Uses fck-nat latest AMI in the region if none provided |
string |
null |
no |
| attach_ssm_policy |
Whether to attach the minimum required IAM permissions to connect to the instance via SSM. |
bool |
true |
no |
| auto_rollout |
Whether to automatically rollout configuration changes to the launch template (like AMI and cloud init) |
bool |
false |
no |
| cloud_init_parts |
Cloud-init parts to add to the user data script |
list(object({
content = string
content_type = string
})) |
[] |
no |
| cloudwatch_agent_configuration |
CloudWatch configuration for the NAT instance |
object({
namespace = optional(string, "fck-nat"),
collection_interval = optional(number, 60),
endpoint_override = optional(string, "")
}) |
{
"collection_interval": 60,
"endpoint_override": "",
"namespace": "fck-nat"
} |
no |
| cloudwatch_agent_configuration_param_arn |
ARN of the SSM parameter containing the CloudWatch agent configuration. If none provided, creates one |
string |
null |
no |
| credit_specification |
Customize the credit specification of the instance |
string |
null |
no |
| ebs_root_volume_size |
Size of the EBS root volume in GB |
number |
8 |
no |
| eip_allocation_ids |
EIP allocation IDs to use for the NAT instance. Automatically assign a public IP if none is provided. Note: Currently only supports at most one EIP allocation. |
list(string) |
[] |
no |
| encryption |
Whether or not to encrypt the EBS volume |
bool |
true |
no |
| ha_mode |
Whether or not high-availability mode should be enabled via autoscaling group |
bool |
true |
no |
| instance_type |
Instance type to use for the NAT instance |
string |
"t4g.micro" |
no |
| kms_key_id |
Will use the provided KMS key ID to encrypt the EBS volume. Uses the default KMS key if none provided |
string |
null |
no |
| name |
Name used for resources created within the module |
string |
n/a |
yes |
| region |
Region in which to create resources, defaults to provider region if not set |
string |
null |
no |
| route_table_id |
Deprecated. Use route_tables_ids instead |
string |
null |
no |
| route_tables6_ids |
Route tables to update for IPv6. Only valid if update_route_tables and use_nat64 are true |
map(string) |
{} |
no |
| route_tables_ids |
Route tables to update. Only valid if update_route_tables is true |
map(string) |
{} |
no |
| ssh_cidr_blocks |
CIDR blocks to allow SSH access to the NAT instance from |
object({
ipv4 = optional(list(string), [])
ipv6 = optional(list(string), [])
}) |
{
"ipv4": [],
"ipv6": []
} |
no |
| ssh_key_name |
Name of the SSH key to use for the NAT instance. SSH access will be enabled only if a key name is provided |
string |
null |
no |
| subnet_id |
Subnet ID to deploy the NAT instance into |
string |
n/a |
yes |
| tags |
Tags to apply to resources created within the module |
map(string) |
{} |
no |
| update_route_table |
Deprecated. Use update_route_tables instead |
bool |
false |
no |
| update_route_tables |
Whether or not to update the route tables with the NAT instance |
bool |
false |
no |
| use_cloudwatch_agent |
Whether or not to enable CloudWatch agent for the NAT instance |
bool |
false |
no |
| use_default_security_group |
Whether or not to use the default security group for the NAT instance |
bool |
true |
no |
| use_nat64 |
Whether or not to enable NAT64 on the NAT instance. Your VPC and at least the public subnet this NAT instance is deployed into must support IPv6 |
bool |
false |
no |
| use_spot_instances |
Whether or not to use spot instances for running the NAT instance |
bool |
false |
no |
| use_ssh |
Whether or not to enable SSH access to the NAT instance |
bool |
false |
no |
| vpc_id |
VPC ID to deploy the NAT instance into |
string |
n/a |
yes |