Merge pull request #28 from base2Services/feature/toggle-nats

Ability to toggle nat creation
theonestack · Dec 20, 2021 · 74a2dcd · 74a2dcd
2 parents cfedb8b + 6492c44
commit 74a2dcd
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 4 deletions.
diff --git a/vpc.cfhighlander.rb b/vpc.cfhighlander.rb
@@ -28,6 +28,9 @@
       ComponentParam 'EnableTransitVPC', 'false', isGlobal: true
     end
 
+    ComponentParam 'NatEnabled', 'true',
+      allowedValues: ['true', 'false']
+
     # Account mappings for AZs
     maximum_availability_zones.times do |x|
       az = x

diff --git a/vpc.cfndsl.rb b/vpc.cfndsl.rb
@@ -6,15 +6,32 @@
   az_conditions(maximum_availability_zones)
   max_nat_conditions(maximum_availability_zones)
 
+
   # Render NAT Gateway and EIP Conditions
+  Condition(:NatEnabled, FnEquals(Ref(:NatEnabled), 'true'))
+
   maximum_availability_zones.times do |x|
     Condition("Nat#{x}EIPRequired", FnEquals(Ref("Nat#{x}EIPAllocationId"), 'dynamic'))
+    Condition("SingleNatRoute#{x}Create", FnAnd([
+      Condition("RoutedBySingleNat#{x}"),
+      Condition(:NatEnabled)
+    ]))
+    Condition("NatRoute#{x}Create", FnAnd([
+      Condition("RoutedByNat#{x}"),
+      Condition(:NatEnabled)
+    ]))
+    Condition("NatGateway#{x}Create", FnAnd([
+      Condition("NatGateway#{x}Exist"),
+      Condition(:NatEnabled)
+    ]))
     Condition("NatIPAddress#{x}Required", FnAnd([
         Condition("NatGateway#{x}Exist"),
-        Condition("Nat#{x}EIPRequired")
+        Condition("Nat#{x}EIPRequired"),
+        Condition(:NatEnabled)
     ]))
   end
 
+
   tags = []
   tags << { Key: 'Environment', Value: Ref(:EnvironmentName) }
   tags << { Key: 'EnvironmentType', Value: Ref(:EnvironmentType) }
@@ -125,7 +142,7 @@
     end
 
     EC2_NatGateway("NatGateway#{az}") do
-      Condition "NatGateway#{az}Exist"
+      Condition "NatGateway#{az}Create"
       # If EIP is passed manually as param, use that EIP, otherwise use one from
       # generated by CloudFormation
       AllocationId FnIf("Nat#{az}EIPRequired",
@@ -138,15 +155,15 @@
     # Private subnet internet route through NAT Gateway
 
     EC2_Route("RouteOutToInternet#{az}") do
-      Condition "RoutedByNat#{az}"
+      Condition("NatRoute#{az}Create")
       DependsOn ["NatGateway#{az}"]
       RouteTableId Ref("RouteTablePrivate#{az}")
       DestinationCidrBlock '0.0.0.0/0'
       NatGatewayId Ref("NatGateway#{az}")
     end
 
     EC2_Route("RouteOutToInternet#{az}Nat0") do
-      Condition "RoutedBySingleNat#{az}"
+      Condition "SingleNatRoute#{az}Create"
       DependsOn ["NatGateway0"]
       RouteTableId Ref("RouteTablePrivate#{az}")
       DestinationCidrBlock '0.0.0.0/0'
@@ -296,6 +313,7 @@
 
   nat_ip_list = nat_gateway_ips_list_internal(maximum_availability_zones)
   Output('NatGatewayIps') {
+    Condition(:NatEnabled)
     Value(FnJoin(',', nat_ip_list))
   }