Skip to content
This repository was archived by the owner on Jul 20, 2024. It is now read-only.

Commit 93c502f

Browse files
int128int128
authored
Change doc (#1)
* Update README.md * Added diagram.svg * Update README.md
1 parent d2d35cb commit 93c502f

File tree

2 files changed

+70
-3
lines changed

2 files changed

+70
-3
lines changed

README.md

Lines changed: 67 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,82 @@
11
# terraform-aws-nat-instance
22

3-
This is a Terraform module which provisions a NAT instance using an auto scaling group and spot request.
3+
This is a Terraform module to provision a NAT instance for private subnet(s).
4+
It provides the following features:
5+
6+
- Auto healing using the ASG
7+
- Lower cost using a spot instance
8+
- Fixed public IP address using an EIP and ENI
9+
- SSM session manager support
10+
11+
Take a look at the diagram:
12+
13+
![diagram](diagram.svg)
14+
15+
Note that you should use a NAT gateway in general.
16+
This module is only for development or testing purpose.
17+
18+
19+
## Getting Started
20+
21+
```tf
22+
module "vpc" {
23+
source = "terraform-aws-modules/vpc/aws"
24+
25+
name = "hello-vpc"
26+
cidr = "172.18.0.0/16"
27+
private_subnets = ["172.18.64.0/20", "172.18.80.0/20", "172.18.96.0/20"]
28+
public_subnets = ["172.18.128.0/20", "172.18.144.0/20", "172.18.160.0/20"]
29+
enable_dns_hostnames = true
30+
}
31+
32+
module "nat" {
33+
source = "github.com/int128/terraform-aws-nat-instance"
34+
35+
name = "hello-nat"
36+
vpc_id = module.vpc.vpc_id
37+
public_subnet = module.vpc.public_subnets[0]
38+
private_subnets_cidr_blocks = module.vpc.private_subnets_cidr_blocks
39+
40+
# (Optional)
41+
# you can specify this to set the default route to the ENI in the route tables
42+
private_route_table_ids = module.vpc.private_route_table_ids
43+
}
44+
```
445

546

647
## How it works
748

8-
This provisions an EC2 instance for NAT.
49+
This module provisions the following resources:
50+
51+
- Launch Template
52+
- Auto Scaling Group with miexed instances policy
53+
- Elastic IP
54+
- Elastic Network Interface
55+
- Security Group (allow from private subnets and to Internet)
56+
- IAM Role for SSM and ENI attachment
57+
- VPC Route (optional)
58+
59+
The auto scaling group will create an instance.
960

1061
The instance does the following things on startup:
1162

1263
1. Attach the ENI to `eth1`.
1364
1. Enable IP forwarding.
1465
1. Set to ignore ICMP redirect packets.
1566
1. Enable IP masquerade.
16-
1. Tear down `eth0`.
67+
1. Switch the default route to `eth1`.
1768

1869
See [init.sh](data/init.sh) for more.
70+
71+
72+
## TODOs
73+
74+
- [ ] Outputs
75+
- [ ] Variables descriptions
76+
- [ ] CI
77+
- [ ] Parameters list in README.md
78+
79+
80+
## Contributions
81+
82+
This is an open source software. Feel free to open issues and pull requests.

0 commit comments

Comments
 (0)