feat: Control database subnet route table pattern #1063
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Support for multiple database subnet architectures.
Motivation and Context
Before this change, when
create_database_internet_gateway_route
was set to true, the database subnet had the following behavior:However, the Egress-Only Internet Gateway only allows outbound traffic. Consequently, the database subnet might receive inbound IPv4 traffic and outbound IPv4 traffic, but only outbound traffic for IPv6.
After this change, there are four patterns for the database subnet:
Public Pattern:
Full NAT Pattern:
IPv4 NAT + IPv6 Egress-Only:
IPv6 Egress-Only Pattern:
Breaking Changes
If
create_database_internet_gateway_route = true
,"aws_route" "database_ipv6_egress"
resource will be destroyed and replaced by"aws_route" "database_internet_gateway_ipv6"
.How Has This Been Tested?
examples/*
to demonstrate and validate my change(s)examples/*
projectspre-commit run -a
on my pull requestThe Terraform code was tested for all scenarios described in the motivation and context section.