awscc.ec2_nat_gateway
CloudFormation Type: AWS::EC2::NatGateway
Specifies a network address translation (NAT) gateway in the specified subnet. You can create either a public NAT gateway or a private NAT gateway. The default is a public NAT gateway. If you create a public NAT gateway, you must specify an elastic IP address.
With a NAT gateway, instances in a private subnet can connect to the internet, other AWS services, or an on-premises network using the IP address of the NAT gateway. For more information, see NAT gateways in the Amazon VPC User Guide.
If you add a default route (AWS::EC2::Route resource) that points to a NAT gateway, specify the NAT gateway ID for the route’s NatGatewayId property.
When you associate an Elastic IP address or secondary Elastic IP address with a public NAT gateway, the network border group of the Elastic IP address must match the network border group of the Availability Zone (AZ) that the public NAT gateway is in. Otherwise, the NAT gateway fails to launch. You can see the network border group for the AZ by viewing the details of the subnet. Similarly, you can view the network border group for the Elastic IP address by viewing its details. For more information, see Allocate an Elastic IP address in the Amazon VPC User Guide.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
allocation_id | String | No | [Public NAT gateway only] The allocation ID of the Elastic IP address that’s associated with the NAT gateway. This property is required for a public NAT gateway and cannot be specified with a private NAT gateway. |
auto_provision_zones | String | (read-only) | |
auto_scaling_ips | String | (read-only) | |
availability_mode | String | No | Indicates whether this is a zonal (single-AZ) or regional (multi-AZ) NAT gateway. A zonal NAT gateway is a NAT Gateway that provides redundancy and scalability within a single availability zone. A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region. For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide. |
availability_zone_addresses | List | No | For regional NAT gateways only: Specifies which Availability Zones you want the NAT gateway to support and the Elastic IP addresses (EIPs) to use in each AZ. The regional NAT gateway uses these EIPs to handle outbound NAT traffic from their respective AZs. If not specified, the NAT gateway will automatically expand to new AZs and associate EIPs upon detection of an elastic network interface. If you specify this parameter, auto-expansion is disabled and you must manually manage AZ coverage. A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region. For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide. |
connectivity_type | String | No | Indicates whether the NAT gateway supports public or private connectivity. The default is public connectivity. |
eni_id | String | (read-only) | |
max_drain_duration_seconds | Int | No | The maximum amount of time to wait (in seconds) before forcibly releasing the IP addresses if connections are still in progress. Default value is 350 seconds. |
nat_gateway_id | String | (read-only) | |
private_ip_address | String | No | The private IPv4 address to assign to the NAT gateway. If you don’t provide an address, a private IPv4 address will be automatically assigned. |
route_table_id | String | (read-only) | |
secondary_allocation_ids | List | No | Secondary EIP allocation IDs. For more information, see Create a NAT gateway in the Amazon VPC User Guide. |
secondary_private_ip_address_count | Int | No | [Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see Create a NAT gateway in the Amazon Virtual Private Cloud User Guide. SecondaryPrivateIpAddressCount and SecondaryPrivateIpAddresses cannot be set at the same time. |
secondary_private_ip_addresses | List | No | Secondary private IPv4 addresses. For more information about secondary addresses, see Create a NAT gateway in the Amazon Virtual Private Cloud User Guide. SecondaryPrivateIpAddressCount and SecondaryPrivateIpAddresses cannot be set at the same time. |
subnet_id | String | No | The ID of the subnet in which the NAT gateway is located. |
tags | Map | No | The tags for the NAT gateway. |
vpc_id | String | No | The ID of the VPC in which the NAT gateway is located. |
Example
let vpc = awscc.ec2_vpc {
name = "example-vpc"
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
}
let public_subnet = awscc.ec2_subnet {
name = "example-public-subnet"
vpc_id = vpc.vpc_id
cidr_block = "10.0.1.0/24"
availability_zone = "ap-northeast-1a"
map_public_ip_on_launch = true
}
let eip = awscc.ec2_eip {
name = "example-nat-eip"
domain = "vpc"
}
awscc.ec2_nat_gateway {
name = "example-nat-gw"
allocation_id = eip.allocation_id
subnet_id = public_subnet.subnet_id
tags = {
Environment = "example"
}
}