diff --git a/README.md b/README.md
index 9814ab2ee..957f7eeeb 100644
--- a/README.md
+++ b/README.md
@@ -281,6 +281,7 @@ No modules.
 | [aws_default_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc) | resource |
 | [aws_egress_only_internet_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/egress_only_internet_gateway) | resource |
 | [aws_eip.nat](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
+| [aws_eip.secondary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
 | [aws_elasticache_subnet_group.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource |
 | [aws_flow_log.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | resource |
 | [aws_iam_policy.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
@@ -500,6 +501,7 @@ No modules.
 | <a name="input_nat_eip_tags"></a> [nat\_eip\_tags](#input\_nat\_eip\_tags) | Additional tags for the NAT EIP | `map(string)` | `{}` | no |
 | <a name="input_nat_gateway_destination_cidr_block"></a> [nat\_gateway\_destination\_cidr\_block](#input\_nat\_gateway\_destination\_cidr\_block) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route | `string` | `"0.0.0.0/0"` | no |
 | <a name="input_nat_gateway_tags"></a> [nat\_gateway\_tags](#input\_nat\_gateway\_tags) | Additional tags for the NAT gateways | `map(string)` | `{}` | no |
+| <a name="input_number_of_secondary_eips_per_gateway"></a> [number\_of\_secondary\_eips\_per\_gateway](#input\_number\_of\_secondary\_eips\_per\_gateway) | how many secondary eips per NAT Gateway | `number` | `0` | no |
 | <a name="input_one_nat_gateway_per_az"></a> [one\_nat\_gateway\_per\_az](#input\_one\_nat\_gateway\_per\_az) | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs` | `bool` | `false` | no |
 | <a name="input_outpost_acl_tags"></a> [outpost\_acl\_tags](#input\_outpost\_acl\_tags) | Additional tags for the outpost subnets network ACL | `map(string)` | `{}` | no |
 | <a name="input_outpost_arn"></a> [outpost\_arn](#input\_outpost\_arn) | ARN of Outpost you want to create a subnet in | `string` | `null` | no |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 579a47395..5716003ab 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -68,6 +68,8 @@ module "vpc" {
 
   enable_vpn_gateway = true
 
+  number_of_secondary_eips_per_gateway = 2
+
   enable_dhcp_options              = true
   dhcp_options_domain_name         = "service.consul"
   dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"]
diff --git a/main.tf b/main.tf
index 05b4f5e22..54184a35f 100644
--- a/main.tf
+++ b/main.tf
@@ -1054,6 +1054,7 @@ resource "aws_route" "private_ipv6_egress" {
 locals {
   nat_gateway_count = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length
   nat_gateway_ips   = var.reuse_nat_ips ? var.external_nat_ip_ids : aws_eip.nat[*].id
+  seips_suffixs     = [for num in range(0, var.number_of_secondary_eips_per_gateway) : "s${num + 1}"]
 }
 
 resource "aws_eip" "nat" {
@@ -1075,6 +1076,22 @@ resource "aws_eip" "nat" {
   depends_on = [aws_internet_gateway.this]
 }
 
+resource "aws_eip" "secondary" {
+  for_each = toset(flatten([for nat in aws_eip.nat : [for suffix in local.seips_suffixs : "${nat.tags.Name}-${suffix}"]]))
+
+  domain = "vpc"
+
+  tags = merge(
+    {
+      "Name" = each.key,
+    },
+    var.tags,
+    var.nat_eip_tags,
+  )
+
+  depends_on = [aws_internet_gateway.this]
+}
+
 resource "aws_nat_gateway" "this" {
   count = local.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0
 
@@ -1087,6 +1104,8 @@ resource "aws_nat_gateway" "this" {
     var.single_nat_gateway ? 0 : count.index,
   )
 
+  secondary_allocation_ids = [for suffix in local.seips_suffixs : aws_eip.secondary["${aws_eip.nat[count.index].tags.Name}-${suffix}"].allocation_id]
+
   tags = merge(
     {
       "Name" = format(
diff --git a/variables.tf b/variables.tf
index 8bfae5164..3331839e5 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1228,6 +1228,12 @@ variable "external_nat_ips" {
   default     = []
 }
 
+variable "number_of_secondary_eips_per_gateway" {
+  description = "how many secondary eips per NAT Gateway"
+  type        = number
+  default     = 0
+}
+
 variable "nat_gateway_tags" {
   description = "Additional tags for the NAT gateways"
   type        = map(string)