Fixing edge case when VPC is not symmetrical with few private subnets (#45)

d19812dd · Anton Babenko · GitHub · 1f0e4fb9 · d19812dd · d19812dd
Commit d19812dd authored Dec 11, 2017 by Anton Babenko Committed by GitHub Dec 11, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 1 deletion

main.tf examples/complete-vpc/main.tf +26 -0

main.tf main.tf +1 -1

No files found.
--- a/examples/complete-vpc/main.tf
+++ b/examples/complete-vpc/main.tf
@@ -26,5 +26,31 @@ module "vpc" {
  tags = {
    Owner       = "user"
    Environment = "staging"
+    Name        = "complete"
+  }
+}
+
+# This example creates resources which are not present in all AZs.
+# This should be seldomly needed from architectural point of view,
+# and it can also lead this module to some edge cases.
+module "not_symmetrical_vpc" {
+  source = "../../"
+
+  name = "not-symmetrical-example"
+
+  cidr = "10.0.0.0/16"
+
+  azs              = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
+  private_subnets  = ["10.0.1.0/24"]
+  public_subnets   = ["10.0.101.0/24", "10.0.102.0/24"]
+  database_subnets = ["10.0.21.0/24", "10.0.22.0/24", "10.0.23.0/24"]
+
+  create_database_subnet_group = true
+  enable_nat_gateway           = true
+
+  tags = {
+    Terraform   = "true"
+    Environment = "dev"
+    Name        = "not-symmetrical"
  }
 }
--- a/main.tf
+++ b/main.tf
@@ -186,7 +186,7 @@ resource "aws_nat_gateway" "this" {
 }

 resource "aws_route" "private_nat_gateway" {
-  count = "${var.enable_nat_gateway ? length(var.azs) : 0}"
+  count = "${var.enable_nat_gateway ? length(var.private_subnets) : 0}"

  route_table_id         = "${element(aws_route_table.private.*.id, count.index)}"
  destination_cidr_block = "0.0.0.0/0"