Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Control database subnet route table pattern #1063

Closed
wants to merge 3 commits into from
Closed

feat: Control database subnet route table pattern #1063

wants to merge 3 commits into from

Conversation

gabrielhm1
Copy link

Description

Support for multiple database subnet architectures.

Motivation and Context

Before this change, when create_database_internet_gateway_route was set to true, the database subnet had the following behavior:

  • For IPv4 traffic: 0.0.0.0 -> Internet Gateway
  • For IPv6 traffic: ::/0 -> Egress-Only Internet Gateway

However, the Egress-Only Internet Gateway only allows outbound traffic. Consequently, the database subnet might receive inbound IPv4 traffic and outbound IPv4 traffic, but only outbound traffic for IPv6.

After this change, there are four patterns for the database subnet:

  1. Public Pattern:

    • For IPv4 traffic: 0.0.0.0 -> Internet Gateway
    • For IPv6 traffic: ::/0 -> Internet Gateway
    create_database_subnet_route_table = true
create_database_internet_gateway_route = true
create_database_egress_only_internet_gateway_route = false
create_database_nat_gateway_route = false

  2. Full NAT Pattern:

    • For IPv4 traffic: 0.0.0.0 -> NAT Gateway
    • For IPv6 traffic: 64:ff9b::/96 -> NAT Gateway
    create_database_subnet_route_table = true
create_database_internet_gateway_route = false
create_database_egress_only_internet_gateway_route = false
create_database_nat_gateway_route = true

  3. IPv4 NAT + IPv6 Egress-Only:

    • For IPv4 traffic: 0.0.0.0 -> NAT Gateway
    • For IPv6 traffic: ::/0 -> Egress-Only Internet Gateway
    create_database_subnet_route_table = true
create_database_internet_gateway_route = false
create_database_egress_only_internet_gateway_route = true
create_database_nat_gateway_route = true

  4. IPv6 Egress-Only Pattern:

    • For IPv4 traffic: 0.0.0.0/0 -> Not configured
    • For IPv6 traffic: ::/0 -> Egress-Only Internet Gateway
    create_database_subnet_route_table = true
create_database_internet_gateway_route = false
create_database_egress_only_internet_gateway_route = true
create_database_nat_gateway_route = false

Breaking Changes

If create_database_internet_gateway_route = true, "aws_route" "database_ipv6_egress" resource will be destroyed and replaced by "aws_route" "database_internet_gateway_ipv6".

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request

The Terraform code was tested for all scenarios described in the motivation and context section.

@github-actions GitHub Actions
Copy link

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

@github-actions github-actions bot added the stale label May 10, 2024
@github-actions GitHub Actions
Copy link

This PR was automatically closed because of stale in 10 days

@github-actions github-actions bot closed this May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@gabrielhm1