Overview
Client sometimes have the requirements for fixing IP address. For external API requests, a NAT Gateway(public) is commonly used. However, for internal requests, we can use NAT Gateway in private mode. I recently discovered this feature and would like to discuss it in this article.
Use case
The use case is simple. When using Direct Connect(DX) or Direct Connect Gateway(DXGW), how do we maintain a fixed IP address?
Let’s say, we make requests to DXGW through a Virtual Private Gateway (VPGW) from an ECS in a private subnet. In this scenario, the IP address is fixed.
Applying a Private NAT Gateway
After applying NAT, the system design is like below. In this design, I create the private subnet for NAT, then we try to access it from ECS. Finally, this allows us to set a fixed IP address.
How do we implement it by terraform
The Terraform implementation is as follows. Setting up NAT is straightforward: simply set the connectivity_type to private. In term of route table, we have to create two them. One of them is for NAT from ECS. One of them is for VGGW from NAT.
resource "aws_nat_gateway" "hoge" {
connectivity_type = "private"
subnet_id = aws_subnet.subnet["a"].id
tags = {
Name = "sample"
}
}
resource "aws_route_table" "to_nat" {
vpc_id = aws_vpc.hoge.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.hoge.id
}
tags = {
Name = "sample"
}
}
resource "aws_route_table" "to_vgw" {
vpc_id = aws_vpc.hoge.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_vpn_gateway.hogehoge.id
}
tags = {
Name = "sample"
}
}
resource "aws_route_table_association" "subnet_a" {
subnet_id = aws_subnet.subnet["a"].id
route_table_id = aws_route_table.to_nat.id
}
resource "aws_route_table_association" "subnet_b" {
subnet_id = aws_subnet.subnet["b"].id
route_table_id = aws_route_table.to_vgw.id
}