Merge pull request #106 from NASA-IMPACT/feature/deploy-nat-instance

Deploy NAT instance with standalone base infrastructure
NASA-IMPACT · Sep 15, 2022 · 572f14a · 572f14a
2 parents 4b32593 + a55dbda
commit 572f14a
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 3 deletions.
diff --git a/standalone_base_infrastructure/README.md b/standalone_base_infrastructure/README.md
@@ -1,6 +1,6 @@
 # Standalone Base Infrastructure
 
-Optional shared base infrastructure provisioning. This CloudFormation stack is intended to simulate controlled deployment environments. It also useful for deploying a long-standing VPC that can be shared across stacks.
+Optional shared base infrastructure provisioning. This CloudFormation stack is intended to simulate controlled deployment environments. It also useful for deploying a long-standing VPC that can be shared across stacks. This VPC is deployed with an EC2 NAT Instance that is configured as the NAT gateway provider for the private subnets.
 
 ## Deployment
 
@@ -26,4 +26,4 @@ See main app [deployment instructions](../README.md#deployment).
 | `CDK_DEFAULT_REGION` | The AWS region id is required to deploy to an exiting VPC |
 | `VPC_CIDR` | The CIDR range to use for the VPC. Default is 10.100.0.0/16 |
 | `VPC_MAX_AZS` | Maximum number of availability zones per region. Default is 2. |
-| `VPC_NAT_GATEWAYS` | Number of gateways to create. Default is 0. |
+| `VPC_NAT_GATEWAYS` | Number of NAT gateways to create. Default is 1. |
diff --git a/standalone_base_infrastructure/network_construct.py b/standalone_base_infrastructure/network_construct.py
@@ -26,12 +26,17 @@ def __init__(
             subnet_type=aws_ec2.SubnetType.PRIVATE_ISOLATED,
         )
 
+        nat_provider_instance = aws_ec2.NatProvider.instance(
+            instance_type=aws_ec2.InstanceType("t3.nano")
+        )
+
         vpc = aws_ec2.Vpc(
             self,
             "vpc",
             max_azs=base_settings.vpc_max_azs,
             cidr=base_settings.vpc_cidr,
             subnet_configuration=[public_subnet, private_subnet],
+            nat_gateway_provider=nat_provider_instance,
             nat_gateways=base_settings.vpc_nat_gateways,
         )
 
@@ -48,4 +53,10 @@ def __init__(
             elif isinstance(service, aws_ec2.GatewayVpcEndpointAwsService):
                 vpc.add_gateway_endpoint(id, service=service)
 
+        # This config step associates the NAT instance EIP with the private subnet and should happen in VPC construct but does not
+        for private_subnet in vpc.select_subnets(
+            subnet_type=aws_ec2.SubnetType.PRIVATE_ISOLATED
+        ).subnets:
+            nat_provider_instance.configure_subnet(subnet=private_subnet)
+
         CfnOutput(self, "vpc-id", value=vpc.vpc_id)
diff --git a/standalone_base_infrastructure/standalone_config.py b/standalone_base_infrastructure/standalone_config.py
@@ -22,7 +22,7 @@ class baseSettings(BaseSettings):
 
     vpc_cidr: Optional[str] = "10.100.0.0/16"
     vpc_max_azs: Optional[int] = 2
-    vpc_nat_gateways: Optional[int] = 0
+    vpc_nat_gateways: Optional[int] = 1
 
     def cdk_env(self) -> dict:
         """Load a cdk environment dict for stack"""