Terraform Module for creating several DNAT entries for Nat Gateway on Alibaba Cloud. terraform-alicloud-dnat
English | 简体中文
Terraform module used to create several DNAT entries for an existing Nat Gateway on Alibaba Cloud. The DNAT function which maps a public IP address to an ECS instance so that the ECS instance can provide Internet services.
These types of resources are supported:
// Create vpc and vswitches
module "vpc" {
source = "alibaba/vpc/alicloud"
# ... omitted
}
// Create ecs instance
module "ecs-instance" {
source = "alibaba/ecs-instance/alicloud"
# ... omitted
}
// create a new nat gateway
module "nat" {
source = "terraform-alicloud-modules/nat-gateway/alicloud"
# ... omitted
}
module "complete" {
source = "terraform-alicloud-modules/dnat/alicloud"
create = true
dnat_table_id = module.nat.this_dnat_table_id
# Default public ip, which will be used for all dnat entries.
external_ip = module.nat.this_eip_ips[0]
# Open to CIDRs blocks
entries = [
{
name = "dnat-443-8443"
ip_protocol = "tcp"
external_port = "443"
internal_port = "8443"
internal_ip = module.ecs-instance.this_private_ip.0
external_ip = module.nat.this_eip_ips[1]
},
{
name = "dnat-80-80"
ip_protocol = "tcp"
external_port = "80"
internal_ip = module.ecs-instance.this_private_ip.1
}
]
}- Complete example shows all available parameters to configure dnat entry.
From the version v1.1.0, the module has removed the following provider setting:
provider "alicloud" {
profile = var.profile != "" ? var.profile : null
shared_credentials_file = var.shared_credentials_file != "" ? var.shared_credentials_file : null
region = var.region != "" ? var.region : null
skip_region_validation = var.skip_region_validation
configuration_source = "terraform-alicloud-modules/dnat"
}If you still want to use the provider setting to apply this module, you can specify a supported version, like 1.0.0:
module "dnat" {
source = "terraform-alicloud-modules/dnat/alicloud"
version = "1.0.0"
region = "cn-hangzhou"
profile = "Your-Profile-Name"
create = true
// ...
}If you want to upgrade the module to 1.1.0 or higher in-place, you can define a provider which same region with previous region:
provider "alicloud" {
region = "cn-hangzhou"
profile = "Your-Profile-Name"
}
module "dnat" {
source = "terraform-alicloud-modules/dnat/alicloud"
create = true
// ...
}or specify an alias provider with a defined region to the module using providers:
provider "alicloud" {
region = "cn-hangzhou"
profile = "Your-Profile-Name"
alias = "hz"
}
module "dnat" {
source = "terraform-alicloud-modules/dnat/alicloud"
providers = {
alicloud = alicloud.hz
}
create = true
// ...
}and then run terraform init and terraform apply to make the defined provider effect to the existing module state.
More details see How to use provider in the module
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| Name | Version |
|---|---|
| alicloud | n/a |
No modules.
| Name | Type |
|---|---|
| alicloud_forward_entry.this | resource |
| alicloud_nat_gateways.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create | Whether to create dnat entries. If true, the 'entries' should be set. | bool |
true |
no |
| dnat_table_id | The dnat table id to use on all dnat entries. | string |
"" |
no |
| entries | A list of entries to create. Each item valid keys: 'name'(default to a string with prefix 'tf-dnat-entry' and numerical suffix), 'ip_protocol'(default to 'any'), 'external_ip'(if not, use root parameter 'external_ip'), 'external_port'(default to 'any'), 'internal_ip'(required), 'internal_port'(default to the 'external_port'). | list(map(string)) |
[] |
no |
| external_ip | The public ip address to use on all dnat entries. | string |
"" |
no |
| internal_ip | The internal ip, must a private ip. | string |
"" |
no |
| nat_gateway_id | The id of a nat gateway used to fetch the 'dnat_table_id'. | string |
"" |
no |
| Name | Description |
|---|---|
| this_forward_entry_id | The ID of the forward entrys |
If you have any problems when using this module, please opening a provider issue and let us know.
Note: There does not recommend to open an issue on this repo.
Created and maintained by Alibaba Cloud Terraform Team([email protected]).