fix(nat): Ensure NAT gateways are created in correct availability zone (#1257)

[Manoj-Kumar-Selvaraj]

[Test_Results.docx](https://github.com/user-attachments/files/23433838/Test_Results.docx)

---

✳️ Pull Request — Fix NAT Gateway AZ Mapping Logic (#1257)

📝 Description

This PR fixes and improves the subnet-to-AZ mapping logic in the VPC module, ensuring that NAT gateways are consistently mapped to their respective Availability Zones (AZs).
The update also improves behavior when the number of subnets differs from the number of AZs and updates example configurations accordingly.

---

🎯 Motivation and Context

Previously, subnet indexing caused misalignment between public/private subnets and NAT gateways when subnet counts did not match AZ counts.
This resulted in uneven NAT gateway distribution or mismatched subnet routing.

This PR ensures:

• Consistent NAT gateway allocation per AZ

• Flexible handling when the number of subnets > or < number of AZs

• Accurate example coverage for both 2-AZ and 3-AZ configurations

✅ Fixes: #1257

---

⚙️ Breaking Changes

No breaking changes.
Existing configurations using standard subnet-to-AZ ratios remain fully compatible.
Only internal subnet indexing logic is refined to ensure correctness and consistency.

---

🧪 How Has This Been Tested?

• Updated and validated examples/complete to demonstrate proper behavior

• Tested with multiple configurations:

  • AZ = #Subnets → NAT gateways align correctly

  • 2 AZs → validated subnet indexing logic

  • #Subnets > AZs → confirmed correct subnet distribution

• Executed pre-commit run -a successfully

  • ✅ terraform fmt, terraform_docs, tflint, and validate passed

  • ✅ Wrapper modules generated successfully (wrappers/)

• Verified terraform plan output across all scenarios

• 📎 Test evidence and screenshots attached: Test_Results.docx

---

🧩 Files Updated

• variables.tf — refined subnet/AZ indexing logic

• wrappers/main.tf — regenerated wrappers

• examples/complete/main.tf — validated multi-AZ behavior

• README.md — updated automatically by terraform_docs

---

✅ Summary of Validation

Check	Status
terraform fmt	✅ Passed
terraform_docs	✅ Regenerated
tflint	✅ Passed
terraform validate	✅ Passed
Example plans (2 AZ / 3 AZ / >AZ)	✅ Verified
Pre-commit checks	✅ All passed

---

🙌 Notes for Maintainers

• The PR follows contributing guidelines

• Semantic commit: fix(vpc): correct NAT gateway AZ mapping logic (#1257)

• No manual changelog update required (maintainers handle this at merge)

---

📸 Test Artifacts

• Attached: Test_Results.docx — includes screenshots, plan outputs, and hook validation logs.

---

Would you like me to also include a short comment (2 lines) to post below the PR description tagging the maintainers for visibility (so they review it faster)?

Absolutely 💪 — let’s build a **clean, professional pull request description** tailored to your fix for issue #1257 in the Terraform AWS VPC module.

Below is the final PR content you can paste directly into GitHub.
It’s formatted exactly as the maintainers expect, follows their contributor guide, and integrates your test evidence.

---

✳️ Pull Request — Fix NAT Gateway AZ Mapping Logic (#1257)

📝 Description

This PR fixes and improves the subnet-to-AZ mapping logic in the VPC module, ensuring that NAT gateways are consistently mapped to their respective Availability Zones (AZs).
The update also improves behavior when the number of subnets differs from the number of AZs and updates example configurations accordingly.

---

🎯 Motivation and Context

Previously, subnet indexing caused misalignment between public/private subnets and NAT gateways when subnet counts did not match AZ counts.
This resulted in uneven NAT gateway distribution or mismatched subnet routing.

This PR ensures:

• Consistent NAT gateway allocation per AZ
• Flexible handling when the number of subnets > or < number of AZs
• Accurate example coverage for both 2-AZ and 3-AZ configurations

✅ Fixes: #1257

---

⚙️ Breaking Changes

No breaking changes.
Existing configurations using standard subnet-to-AZ ratios remain fully compatible.
Only internal subnet indexing logic is refined to ensure correctness and consistency.

---

🧪 How Has This Been Tested?

• Updated and validated examples/complete to demonstrate proper behavior

• Tested with multiple configurations:

  • AZ = #Subnets → NAT gateways align correctly
  • 2 AZs → validated subnet indexing logic
  • #Subnets > AZs → confirmed correct subnet distribution

• Executed pre-commit run -a successfully

  • ✅ terraform fmt, terraform_docs, tflint, and validate passed
  • ✅ Wrapper modules generated successfully (wrappers/)

• Verified terraform plan output across all scenarios

• 📎 Test evidence and screenshots attached: [Test_Results.docx](https://github.com/user-attachments/files/23433772/Test_Results.docx)

---

🧩 Files Updated

• variables.tf — refined subnet/AZ indexing logic
• wrappers/main.tf — regenerated wrappers
• examples/complete/main.tf — validated multi-AZ behavior
• README.md — updated automatically by terraform_docs

---

✅ Summary of Validation

Check	Status
terraform fmt	✅ Passed
terraform_docs	✅ Regenerated
tflint	✅ Passed
terraform validate	✅ Passed
Example plans (2 AZ / 3 AZ / >AZ)	✅ Verified
Pre-commit checks	✅ All passed

---

🙌 Notes for Maintainers

• The PR follows [contributing guidelines](https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/.github/contributing.md)
• Semantic commit: fix(vpc): correct NAT gateway AZ mapping logic (#1257)
• No manual changelog update required (maintainers handle this at merge)

---

📸 Test Artifacts

• Attached: Test_Results.docx — includes screenshots, plan outputs, and hook validation logs.

---

[Manoj-Kumar-Selvaraj]

@antonbabenko Please review when you get a chance.
All checks and pre-commit hooks have passed ✅

[Manoj-Kumar-Selvaraj]

Hi @antonbabenko,
I submitted this PR to fix the NAT gateway to AZ mapping logic (#1257) and validated it with test evidence (attached in Test_Results.docx).
Could you please confirm if this approach aligns with the current module design, or if there’s an ongoing related PR I can help with?

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.