From 80cd5418cfe1e7b1ce7428a57698ce5c2a43f9ad Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Thu, 1 Aug 2024 14:46:52 +0100
Subject: [PATCH 01/11] add configuraiton for secondary ip on natgateways

---
 main.tf      | 15 +++++++++++++++
 variables.tf |  9 +++++++++
 2 files changed, 24 insertions(+)

diff --git a/main.tf b/main.tf
index 32239e588..c8e253ce8 100644
--- a/main.tf
+++ b/main.tf
@@ -1086,6 +1086,21 @@ resource "aws_nat_gateway" "this" {
     var.single_nat_gateway ? 0 : count.index,
   )
 
+  secondary_private_ip_address_count = [for eip in element(
+    var.external_nat_secondary_eips,
+    var.single_nat_gateway ? 0 : count.index,
+  ) : eip.association_id]
+
+  secondary_allocation_ids = length(element(
+    var.external_nat_secondary_eips,
+    var.single_nat_gateway ? 0 : count.index,
+  ))
+
+  secondary_private_ip_addresses = [for eip in element(
+    var.external_nat_secondary_eips,
+    var.single_nat_gateway ? 0 : count.index,
+  ) : eip.private_id]
+
   tags = merge(
     {
       "Name" = format(
diff --git a/variables.tf b/variables.tf
index e0f31ad12..d72f87428 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1222,6 +1222,15 @@ variable "external_nat_ips" {
   default     = []
 }
 
+variable "external_nat_secondary_eips" {
+  description = "List of lists containing exteral elastic ip details to configure secondary ip addresses"
+  type = list(list(object({
+    association_id = string
+    private_id     = string
+  })))
+  default = []
+}
+
 variable "nat_gateway_tags" {
   description = "Additional tags for the NAT gateways"
   type        = map(string)

From 79778fbe2c90385873e117409c012bf5dc3d4d0e Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Thu, 1 Aug 2024 15:15:45 +0100
Subject: [PATCH 02/11] default array

---
 main.tf | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/main.tf b/main.tf
index c8e253ce8..5e6767132 100644
--- a/main.tf
+++ b/main.tf
@@ -1051,8 +1051,9 @@ resource "aws_route" "private_ipv6_egress" {
 ################################################################################
 
 locals {
-  nat_gateway_count = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length
-  nat_gateway_ips   = var.reuse_nat_ips ? var.external_nat_ip_ids : aws_eip.nat[*].id
+  nat_gateway_count  = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length
+  nat_gateway_ips    = var.reuse_nat_ips ? var.external_nat_ip_ids : aws_eip.nat[*].id
+  nat_secondary_eips = length(var.external_nat_secondary_eips) == 0 ? [for eip in aws_eip.nat : {}] : var.external_nat_secondary_eips
 }
 
 resource "aws_eip" "nat" {
@@ -1087,17 +1088,17 @@ resource "aws_nat_gateway" "this" {
   )
 
   secondary_private_ip_address_count = [for eip in element(
-    var.external_nat_secondary_eips,
+    local.nat_secondary_eips,
     var.single_nat_gateway ? 0 : count.index,
   ) : eip.association_id]
 
   secondary_allocation_ids = length(element(
-    var.external_nat_secondary_eips,
+    local.nat_secondary_eips,
     var.single_nat_gateway ? 0 : count.index,
   ))
 
   secondary_private_ip_addresses = [for eip in element(
-    var.external_nat_secondary_eips,
+    local.nat_secondary_eips,
     var.single_nat_gateway ? 0 : count.index,
   ) : eip.private_id]
 

From 2823a66ff75edbfe5a2748aab12a97bf57eea51f Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Thu, 1 Aug 2024 15:41:27 +0100
Subject: [PATCH 03/11] fix

---
 main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 5e6767132..74519bc7d 100644
--- a/main.tf
+++ b/main.tf
@@ -1087,12 +1087,12 @@ resource "aws_nat_gateway" "this" {
     var.single_nat_gateway ? 0 : count.index,
   )
 
-  secondary_private_ip_address_count = [for eip in element(
+  secondary_allocation_ids = [for eip in element(
     local.nat_secondary_eips,
     var.single_nat_gateway ? 0 : count.index,
   ) : eip.association_id]
 
-  secondary_allocation_ids = length(element(
+  secondary_private_ip_address_count = length(element(
     local.nat_secondary_eips,
     var.single_nat_gateway ? 0 : count.index,
   ))

From 9b409ae4cacca87f0d941a6f0b80fde73a1cf9a6 Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Thu, 1 Aug 2024 15:57:17 +0100
Subject: [PATCH 04/11] hard code default vaules

---
 main.tf | 31 +++++++++++++++++--------------
 1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/main.tf b/main.tf
index 74519bc7d..5059f4e79 100644
--- a/main.tf
+++ b/main.tf
@@ -1087,20 +1087,23 @@ resource "aws_nat_gateway" "this" {
     var.single_nat_gateway ? 0 : count.index,
   )
 
-  secondary_allocation_ids = [for eip in element(
-    local.nat_secondary_eips,
-    var.single_nat_gateway ? 0 : count.index,
-  ) : eip.association_id]
-
-  secondary_private_ip_address_count = length(element(
-    local.nat_secondary_eips,
-    var.single_nat_gateway ? 0 : count.index,
-  ))
-
-  secondary_private_ip_addresses = [for eip in element(
-    local.nat_secondary_eips,
-    var.single_nat_gateway ? 0 : count.index,
-  ) : eip.private_id]
+  secondary_allocation_ids = []
+  # [for eip in element(
+  #   local.nat_secondary_eips,
+  #   var.single_nat_gateway ? 0 : count.index,
+  # ) : eip.association_id]
+
+  secondary_private_ip_address_count = 0
+  # length(element(
+  #   local.nat_secondary_eips,
+  #   var.single_nat_gateway ? 0 : count.index,
+  # ))
+
+  secondary_private_ip_addresses = []
+  # [for eip in element(
+  #   local.nat_secondary_eips,
+  #   var.single_nat_gateway ? 0 : count.index,
+  # ) : eip.private_id]
 
   tags = merge(
     {

From bff8601ee2b460e9aa02162c68e008fa81a8a652 Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Thu, 1 Aug 2024 16:03:45 +0100
Subject: [PATCH 05/11] try emtpy arrays

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 5059f4e79..b1c94472c 100644
--- a/main.tf
+++ b/main.tf
@@ -1093,7 +1093,7 @@ resource "aws_nat_gateway" "this" {
   #   var.single_nat_gateway ? 0 : count.index,
   # ) : eip.association_id]
 
-  secondary_private_ip_address_count = 0
+  # secondary_private_ip_address_count = 0
   # length(element(
   #   local.nat_secondary_eips,
   #   var.single_nat_gateway ? 0 : count.index,

From 3cc7409052292b72f29b1d5a2cc99868fe7538f5 Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Thu, 1 Aug 2024 16:07:03 +0100
Subject: [PATCH 06/11] test

---
 main.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/main.tf b/main.tf
index b1c94472c..88e238517 100644
--- a/main.tf
+++ b/main.tf
@@ -1087,19 +1087,19 @@ resource "aws_nat_gateway" "this" {
     var.single_nat_gateway ? 0 : count.index,
   )
 
-  secondary_allocation_ids = []
+  # secondary_allocation_ids = []
   # [for eip in element(
   #   local.nat_secondary_eips,
   #   var.single_nat_gateway ? 0 : count.index,
   # ) : eip.association_id]
 
-  # secondary_private_ip_address_count = 0
+  secondary_private_ip_address_count = 0
   # length(element(
   #   local.nat_secondary_eips,
   #   var.single_nat_gateway ? 0 : count.index,
   # ))
 
-  secondary_private_ip_addresses = []
+  # secondary_private_ip_addresses = []
   # [for eip in element(
   #   local.nat_secondary_eips,
   #   var.single_nat_gateway ? 0 : count.index,

From 75b2896d9f03031843a85897cdd6e72e6084799f Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Fri, 2 Aug 2024 08:20:52 +0100
Subject: [PATCH 07/11] tidy

---
 main.tf      | 44 ++++++++++++++++++++++++--------------------
 variables.tf | 11 ++++-------
 2 files changed, 28 insertions(+), 27 deletions(-)

diff --git a/main.tf b/main.tf
index 88e238517..6ba98bed6 100644
--- a/main.tf
+++ b/main.tf
@@ -1051,9 +1051,9 @@ resource "aws_route" "private_ipv6_egress" {
 ################################################################################
 
 locals {
-  nat_gateway_count  = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length
-  nat_gateway_ips    = var.reuse_nat_ips ? var.external_nat_ip_ids : aws_eip.nat[*].id
-  nat_secondary_eips = length(var.external_nat_secondary_eips) == 0 ? [for eip in aws_eip.nat : {}] : var.external_nat_secondary_eips
+  nat_gateway_count = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length
+  nat_gateway_ips   = var.reuse_nat_ips ? var.external_nat_ip_ids : aws_eip.nat[*].id
+  seips_suffixs     = [for num in range(0, var.number_of_secondary_eips_per_gateway) : "s${num + 1}"]
 }
 
 resource "aws_eip" "nat" {
@@ -1075,6 +1075,26 @@ resource "aws_eip" "nat" {
   depends_on = [aws_internet_gateway.this]
 }
 
+resource "aws_eip" "secondary" {
+  for_each = toset(flatten([for nat in aws_eip.nat : [for suffix in local.seips_suffixs : "${nat.tags.Name}-${suffix}"]]))
+
+  domain = "vpc"
+
+  tags = merge(
+    {
+      "Name" = format(
+        "${var.name}-%s-%s",
+        element(var.azs, var.single_nat_gateway ? 0 : count.index),
+        each.key,
+      )
+    },
+    var.tags,
+    var.nat_eip_tags,
+  )
+
+  depends_on = [aws_internet_gateway.this]
+}
+
 resource "aws_nat_gateway" "this" {
   count = local.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0
 
@@ -1087,23 +1107,7 @@ resource "aws_nat_gateway" "this" {
     var.single_nat_gateway ? 0 : count.index,
   )
 
-  # secondary_allocation_ids = []
-  # [for eip in element(
-  #   local.nat_secondary_eips,
-  #   var.single_nat_gateway ? 0 : count.index,
-  # ) : eip.association_id]
-
-  secondary_private_ip_address_count = 0
-  # length(element(
-  #   local.nat_secondary_eips,
-  #   var.single_nat_gateway ? 0 : count.index,
-  # ))
-
-  # secondary_private_ip_addresses = []
-  # [for eip in element(
-  #   local.nat_secondary_eips,
-  #   var.single_nat_gateway ? 0 : count.index,
-  # ) : eip.private_id]
+  secondary_allocation_ids = [for suffix in local.seips_suffixs : aws_eip.secondary["${aws_eip.nat[count.index].tags.Name}-${suffix}"].allocation_id]
 
   tags = merge(
     {
diff --git a/variables.tf b/variables.tf
index d72f87428..1fd9b0c1e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1222,13 +1222,10 @@ variable "external_nat_ips" {
   default     = []
 }
 
-variable "external_nat_secondary_eips" {
-  description = "List of lists containing exteral elastic ip details to configure secondary ip addresses"
-  type = list(list(object({
-    association_id = string
-    private_id     = string
-  })))
-  default = []
+variable "number_of_secondary_eips_per_gateway" {
+  description = "how many secondary eips per natgateway"
+  type        = number
+  default     = 0
 }
 
 variable "nat_gateway_tags" {

From 04d8ce67f431bcb4af73ce4ec493fc8361b401ef Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Fri, 2 Aug 2024 08:26:45 +0100
Subject: [PATCH 08/11] fix

---
 main.tf | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/main.tf b/main.tf
index 6ba98bed6..7288aaa1f 100644
--- a/main.tf
+++ b/main.tf
@@ -1082,11 +1082,7 @@ resource "aws_eip" "secondary" {
 
   tags = merge(
     {
-      "Name" = format(
-        "${var.name}-%s-%s",
-        element(var.azs, var.single_nat_gateway ? 0 : count.index),
-        each.key,
-      )
+      "Name" = each.key,
     },
     var.tags,
     var.nat_eip_tags,

From 2d5750c6cf18f51f949c6421e4b6346a364be16d Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Fri, 2 Aug 2024 10:30:30 +0100
Subject: [PATCH 09/11] inprove description

---
 variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/variables.tf b/variables.tf
index 1fd9b0c1e..d4e9bab8c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1223,7 +1223,7 @@ variable "external_nat_ips" {
 }
 
 variable "number_of_secondary_eips_per_gateway" {
-  description = "how many secondary eips per natgateway"
+  description = "how many secondary eips per NAT Gateway"
   type        = number
   default     = 0
 }

From 1361fbe66dac68162cd6d85c1c877bdf236f3a9d Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Fri, 2 Aug 2024 10:33:38 +0100
Subject: [PATCH 10/11] update docs

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index d2b28a8b6..327b3f298 100644
--- a/README.md
+++ b/README.md
@@ -281,6 +281,7 @@ No modules.
 | [aws_default_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc) | resource |
 | [aws_egress_only_internet_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/egress_only_internet_gateway) | resource |
 | [aws_eip.nat](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
+| [aws_eip.secondary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
 | [aws_elasticache_subnet_group.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource |
 | [aws_flow_log.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | resource |
 | [aws_iam_policy.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
@@ -496,6 +497,7 @@ No modules.
 | <a name="input_nat_eip_tags"></a> [nat\_eip\_tags](#input\_nat\_eip\_tags) | Additional tags for the NAT EIP | `map(string)` | `{}` | no |
 | <a name="input_nat_gateway_destination_cidr_block"></a> [nat\_gateway\_destination\_cidr\_block](#input\_nat\_gateway\_destination\_cidr\_block) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route | `string` | `"0.0.0.0/0"` | no |
 | <a name="input_nat_gateway_tags"></a> [nat\_gateway\_tags](#input\_nat\_gateway\_tags) | Additional tags for the NAT gateways | `map(string)` | `{}` | no |
+| <a name="input_number_of_secondary_eips_per_gateway"></a> [number\_of\_secondary\_eips\_per\_gateway](#input\_number\_of\_secondary\_eips\_per\_gateway) | how many secondary eips per NAT Gateway | `number` | `0` | no |
 | <a name="input_one_nat_gateway_per_az"></a> [one\_nat\_gateway\_per\_az](#input\_one\_nat\_gateway\_per\_az) | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs` | `bool` | `false` | no |
 | <a name="input_outpost_acl_tags"></a> [outpost\_acl\_tags](#input\_outpost\_acl\_tags) | Additional tags for the outpost subnets network ACL | `map(string)` | `{}` | no |
 | <a name="input_outpost_arn"></a> [outpost\_arn](#input\_outpost\_arn) | ARN of Outpost you want to create a subnet in | `string` | `null` | no |

From 7a83c0501b827dcdc14b0dafbbff642f211f6d30 Mon Sep 17 00:00:00 2001
From: Alexis Coles <alexis.coles@live.co.uk>
Date: Tue, 13 Aug 2024 08:19:54 +0100
Subject: [PATCH 11/11] add number_of_secondary_eips_per_gateway to complete
 example

---
 examples/complete/main.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 579a47395..5716003ab 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -68,6 +68,8 @@ module "vpc" {
 
   enable_vpn_gateway = true
 
+  number_of_secondary_eips_per_gateway = 2
+
   enable_dhcp_options              = true
   dhcp_options_domain_name         = "service.consul"
   dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"]