From 80cd5418cfe1e7b1ce7428a57698ce5c2a43f9ad Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Thu, 1 Aug 2024 14:46:52 +0100
Subject: [PATCH 1/8] add configuraiton for secondary ip on natgateways

---
 main.tf      | 15 +++++++++++++++
 variables.tf |  9 +++++++++
 2 files changed, 24 insertions(+)

diff --git a/main.tf b/main.tf
index 32239e588..c8e253ce8 100644
--- a/main.tf
+++ b/main.tf
@@ -1086,6 +1086,21 @@ resource "aws_nat_gateway" "this" {
     var.single_nat_gateway ? 0 : count.index,
   )
 
+  secondary_private_ip_address_count = [for eip in element(
+    var.external_nat_secondary_eips,
+    var.single_nat_gateway ? 0 : count.index,
+  ) : eip.association_id]
+
+  secondary_allocation_ids = length(element(
+    var.external_nat_secondary_eips,
+    var.single_nat_gateway ? 0 : count.index,
+  ))
+
+  secondary_private_ip_addresses = [for eip in element(
+    var.external_nat_secondary_eips,
+    var.single_nat_gateway ? 0 : count.index,
+  ) : eip.private_id]
+
   tags = merge(
     {
       "Name" = format(
diff --git a/variables.tf b/variables.tf
index e0f31ad12..d72f87428 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1222,6 +1222,15 @@ variable "external_nat_ips" {
   default     = []
 }
 
+variable "external_nat_secondary_eips" {
+  description = "List of lists containing exteral elastic ip details to configure secondary ip addresses"
+  type = list(list(object({
+    association_id = string
+    private_id     = string
+  })))
+  default = []
+}
+
 variable "nat_gateway_tags" {
   description = "Additional tags for the NAT gateways"
   type        = map(string)

From 79778fbe2c90385873e117409c012bf5dc3d4d0e Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Thu, 1 Aug 2024 15:15:45 +0100
Subject: [PATCH 2/8] default array

---
 main.tf | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/main.tf b/main.tf
index c8e253ce8..5e6767132 100644
--- a/main.tf
+++ b/main.tf
@@ -1051,8 +1051,9 @@ resource "aws_route" "private_ipv6_egress" {
 ################################################################################
 
 locals {
-  nat_gateway_count = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length
-  nat_gateway_ips   = var.reuse_nat_ips ? var.external_nat_ip_ids : aws_eip.nat[*].id
+  nat_gateway_count  = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length
+  nat_gateway_ips    = var.reuse_nat_ips ? var.external_nat_ip_ids : aws_eip.nat[*].id
+  nat_secondary_eips = length(var.external_nat_secondary_eips) == 0 ? [for eip in aws_eip.nat : {}] : var.external_nat_secondary_eips
 }
 
 resource "aws_eip" "nat" {
@@ -1087,17 +1088,17 @@ resource "aws_nat_gateway" "this" {
   )
 
   secondary_private_ip_address_count = [for eip in element(
-    var.external_nat_secondary_eips,
+    local.nat_secondary_eips,
     var.single_nat_gateway ? 0 : count.index,
   ) : eip.association_id]
 
   secondary_allocation_ids = length(element(
-    var.external_nat_secondary_eips,
+    local.nat_secondary_eips,
     var.single_nat_gateway ? 0 : count.index,
   ))
 
   secondary_private_ip_addresses = [for eip in element(
-    var.external_nat_secondary_eips,
+    local.nat_secondary_eips,
     var.single_nat_gateway ? 0 : count.index,
   ) : eip.private_id]
 

From 2823a66ff75edbfe5a2748aab12a97bf57eea51f Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Thu, 1 Aug 2024 15:41:27 +0100
Subject: [PATCH 3/8] fix

---
 main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 5e6767132..74519bc7d 100644
--- a/main.tf
+++ b/main.tf
@@ -1087,12 +1087,12 @@ resource "aws_nat_gateway" "this" {
     var.single_nat_gateway ? 0 : count.index,
   )
 
-  secondary_private_ip_address_count = [for eip in element(
+  secondary_allocation_ids = [for eip in element(
     local.nat_secondary_eips,
     var.single_nat_gateway ? 0 : count.index,
   ) : eip.association_id]
 
-  secondary_allocation_ids = length(element(
+  secondary_private_ip_address_count = length(element(
     local.nat_secondary_eips,
     var.single_nat_gateway ? 0 : count.index,
   ))

From 9b409ae4cacca87f0d941a6f0b80fde73a1cf9a6 Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Thu, 1 Aug 2024 15:57:17 +0100
Subject: [PATCH 4/8] hard code default vaules

---
 main.tf | 31 +++++++++++++++++--------------
 1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/main.tf b/main.tf
index 74519bc7d..5059f4e79 100644
--- a/main.tf
+++ b/main.tf
@@ -1087,20 +1087,23 @@ resource "aws_nat_gateway" "this" {
     var.single_nat_gateway ? 0 : count.index,
   )
 
-  secondary_allocation_ids = [for eip in element(
-    local.nat_secondary_eips,
-    var.single_nat_gateway ? 0 : count.index,
-  ) : eip.association_id]
-
-  secondary_private_ip_address_count = length(element(
-    local.nat_secondary_eips,
-    var.single_nat_gateway ? 0 : count.index,
-  ))
-
-  secondary_private_ip_addresses = [for eip in element(
-    local.nat_secondary_eips,
-    var.single_nat_gateway ? 0 : count.index,
-  ) : eip.private_id]
+  secondary_allocation_ids = []
+  # [for eip in element(
+  #   local.nat_secondary_eips,
+  #   var.single_nat_gateway ? 0 : count.index,
+  # ) : eip.association_id]
+
+  secondary_private_ip_address_count = 0
+  # length(element(
+  #   local.nat_secondary_eips,
+  #   var.single_nat_gateway ? 0 : count.index,
+  # ))
+
+  secondary_private_ip_addresses = []
+  # [for eip in element(
+  #   local.nat_secondary_eips,
+  #   var.single_nat_gateway ? 0 : count.index,
+  # ) : eip.private_id]
 
   tags = merge(
     {

From bff8601ee2b460e9aa02162c68e008fa81a8a652 Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Thu, 1 Aug 2024 16:03:45 +0100
Subject: [PATCH 5/8] try emtpy arrays

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 5059f4e79..b1c94472c 100644
--- a/main.tf
+++ b/main.tf
@@ -1093,7 +1093,7 @@ resource "aws_nat_gateway" "this" {
   #   var.single_nat_gateway ? 0 : count.index,
   # ) : eip.association_id]
 
-  secondary_private_ip_address_count = 0
+  # secondary_private_ip_address_count = 0
   # length(element(
   #   local.nat_secondary_eips,
   #   var.single_nat_gateway ? 0 : count.index,

From 3cc7409052292b72f29b1d5a2cc99868fe7538f5 Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Thu, 1 Aug 2024 16:07:03 +0100
Subject: [PATCH 6/8] test

---
 main.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/main.tf b/main.tf
index b1c94472c..88e238517 100644
--- a/main.tf
+++ b/main.tf
@@ -1087,19 +1087,19 @@ resource "aws_nat_gateway" "this" {
     var.single_nat_gateway ? 0 : count.index,
   )
 
-  secondary_allocation_ids = []
+  # secondary_allocation_ids = []
   # [for eip in element(
   #   local.nat_secondary_eips,
   #   var.single_nat_gateway ? 0 : count.index,
   # ) : eip.association_id]
 
-  # secondary_private_ip_address_count = 0
+  secondary_private_ip_address_count = 0
   # length(element(
   #   local.nat_secondary_eips,
   #   var.single_nat_gateway ? 0 : count.index,
   # ))
 
-  secondary_private_ip_addresses = []
+  # secondary_private_ip_addresses = []
   # [for eip in element(
   #   local.nat_secondary_eips,
   #   var.single_nat_gateway ? 0 : count.index,

From 75b2896d9f03031843a85897cdd6e72e6084799f Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Fri, 2 Aug 2024 08:20:52 +0100
Subject: [PATCH 7/8] tidy

---
 main.tf      | 44 ++++++++++++++++++++++++--------------------
 variables.tf | 11 ++++-------
 2 files changed, 28 insertions(+), 27 deletions(-)

diff --git a/main.tf b/main.tf
index 88e238517..6ba98bed6 100644
--- a/main.tf
+++ b/main.tf
@@ -1051,9 +1051,9 @@ resource "aws_route" "private_ipv6_egress" {
 ################################################################################
 
 locals {
-  nat_gateway_count  = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length
-  nat_gateway_ips    = var.reuse_nat_ips ? var.external_nat_ip_ids : aws_eip.nat[*].id
-  nat_secondary_eips = length(var.external_nat_secondary_eips) == 0 ? [for eip in aws_eip.nat : {}] : var.external_nat_secondary_eips
+  nat_gateway_count = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length
+  nat_gateway_ips   = var.reuse_nat_ips ? var.external_nat_ip_ids : aws_eip.nat[*].id
+  seips_suffixs     = [for num in range(0, var.number_of_secondary_eips_per_gateway) : "s${num + 1}"]
 }
 
 resource "aws_eip" "nat" {
@@ -1075,6 +1075,26 @@ resource "aws_eip" "nat" {
   depends_on = [aws_internet_gateway.this]
 }
 
+resource "aws_eip" "secondary" {
+  for_each = toset(flatten([for nat in aws_eip.nat : [for suffix in local.seips_suffixs : "${nat.tags.Name}-${suffix}"]]))
+
+  domain = "vpc"
+
+  tags = merge(
+    {
+      "Name" = format(
+        "${var.name}-%s-%s",
+        element(var.azs, var.single_nat_gateway ? 0 : count.index),
+        each.key,
+      )
+    },
+    var.tags,
+    var.nat_eip_tags,
+  )
+
+  depends_on = [aws_internet_gateway.this]
+}
+
 resource "aws_nat_gateway" "this" {
   count = local.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0
 
@@ -1087,23 +1107,7 @@ resource "aws_nat_gateway" "this" {
     var.single_nat_gateway ? 0 : count.index,
   )
 
-  # secondary_allocation_ids = []
-  # [for eip in element(
-  #   local.nat_secondary_eips,
-  #   var.single_nat_gateway ? 0 : count.index,
-  # ) : eip.association_id]
-
-  secondary_private_ip_address_count = 0
-  # length(element(
-  #   local.nat_secondary_eips,
-  #   var.single_nat_gateway ? 0 : count.index,
-  # ))
-
-  # secondary_private_ip_addresses = []
-  # [for eip in element(
-  #   local.nat_secondary_eips,
-  #   var.single_nat_gateway ? 0 : count.index,
-  # ) : eip.private_id]
+  secondary_allocation_ids = [for suffix in local.seips_suffixs : aws_eip.secondary["${aws_eip.nat[count.index].tags.Name}-${suffix}"].allocation_id]
 
   tags = merge(
     {
diff --git a/variables.tf b/variables.tf
index d72f87428..1fd9b0c1e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1222,13 +1222,10 @@ variable "external_nat_ips" {
   default     = []
 }
 
-variable "external_nat_secondary_eips" {
-  description = "List of lists containing exteral elastic ip details to configure secondary ip addresses"
-  type = list(list(object({
-    association_id = string
-    private_id     = string
-  })))
-  default = []
+variable "number_of_secondary_eips_per_gateway" {
+  description = "how many secondary eips per natgateway"
+  type        = number
+  default     = 0
 }
 
 variable "nat_gateway_tags" {

From 04d8ce67f431bcb4af73ce4ec493fc8361b401ef Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Fri, 2 Aug 2024 08:26:45 +0100
Subject: [PATCH 8/8] fix

---
 main.tf | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/main.tf b/main.tf
index 6ba98bed6..7288aaa1f 100644
--- a/main.tf
+++ b/main.tf
@@ -1082,11 +1082,7 @@ resource "aws_eip" "secondary" {
 
   tags = merge(
     {
-      "Name" = format(
-        "${var.name}-%s-%s",
-        element(var.azs, var.single_nat_gateway ? 0 : count.index),
-        each.key,
-      )
+      "Name" = each.key,
     },
     var.tags,
     var.nat_eip_tags,