| ami_id |
Explicit AMI ID to use (overrides AMI lookup entirely) |
string |
null |
no |
| ami_name_pattern |
AMI name pattern used when resolving the default nat-zero AMI. Override this to use your own shared AMI. |
string |
"nat-zero-al2023-minimal-arm64-20260306-064438" |
no |
| ami_owner_account |
Owner account ID used when resolving the default nat-zero AMI by name pattern. Override this to use your own shared AMI. |
string |
"590144423513" |
no |
| availability_zones |
List of availability zones to deploy NAT instances in |
list(string) |
n/a |
yes |
| block_device_size |
Size in GB of the root EBS volume |
number |
10 |
no |
| build_lambda_locally |
Build the Lambda binary from Go source during apply instead of downloading a pre-compiled release. This is primarily for local development and may require a second apply after code changes. |
bool |
false |
no |
| enable_logging |
Create a CloudWatch log group for the Lambda function |
bool |
true |
no |
| encrypt_root_volume |
Encrypt the root EBS volume. |
bool |
true |
no |
| ignore_tag_key |
Tag key used to mark instances the Lambda should ignore |
string |
"nat-zero:ignore" |
no |
| ignore_tag_value |
Tag value used to mark instances the Lambda should ignore |
string |
"true" |
no |
| instance_type |
Instance type for the NAT instance |
string |
"t4g.nano" |
no |
| lambda_binary_path |
Optional path to a pre-built Lambda zip on disk. Use this to build the artifact outside Terraform and avoid apply-time compilation. |
string |
null |
no |
| lambda_memory_size |
Memory allocated to the Lambda function in MB (also scales CPU proportionally) |
number |
128 |
no |
| log_retention_days |
CloudWatch log retention in days (only used when enable_logging is true) |
number |
14 |
no |
| market_type |
Whether to use spot or on-demand instances |
string |
"on-demand" |
no |
| name |
Name prefix for all resources created by this module |
string |
n/a |
yes |
| nat_tag_key |
Tag key used to identify NAT instances |
string |
"nat-zero:managed" |
no |
| nat_tag_value |
Tag value used to identify NAT instances |
string |
"true" |
no |
| private_route_table_ids |
Route table IDs for the private subnets (one per AZ) |
list(string) |
n/a |
yes |
| private_subnets |
Private subnet IDs (one per AZ) for NAT instance private ENIs |
list(string) |
n/a |
yes |
| private_subnets_cidr_blocks |
CIDR blocks for the private subnets (one per AZ, used in security group rules) |
list(string) |
n/a |
yes |
| public_subnets |
Public subnet IDs (one per AZ) for NAT instance public ENIs |
list(string) |
n/a |
yes |
| tags |
Additional tags to apply to all resources |
map(string) |
{} |
no |
| vpc_id |
The VPC ID where NAT instances will be deployed |
string |
n/a |
yes |