diff --git a/CHANGELOG b/CHANGELOG
index 5ba88c43aca1049b61e914f94a2b56cba55b606c..eb7a005822ec73c1a84097cd1eb648000bceb431 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [4.0.1] - 2021-07-15
+### Changed
+ - Surface Cloud NAT variable for minimum number of SNAT tuples, supporting a larger
+ number of outbound connections if required.
+
## [4.0.0] - 2021-06-29
### Changed
- Add the requirement for an explicit image_name to deploy, which breaks previous
diff --git a/static_egress_ip.tf b/static_egress_ip.tf
index 7337b9b338e5579444d6e5c4cda267dcbbb7beeb..85b8db05392cfbe8c19c76ced7d3235a91a4d889 100644
--- a/static_egress_ip.tf
+++ b/static_egress_ip.tf
@@ -50,6 +50,7 @@ resource "google_compute_router_nat" "static-ip-nat" {
nat_ips = [google_compute_address.static-ip[0].self_link]
nat_ip_allocate_option = "MANUAL_ONLY"
region = var.cloud_run_region
+ min_ports_per_vm = var.min_ports_per_vm
source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
subnetwork {
diff --git a/variables.tf b/variables.tf
index 5b0d0520ccdafb613a980444c7b90850d05493c7..88935bbafb912b3ee7578e0b892ece0540447814 100644
--- a/variables.tf
+++ b/variables.tf
@@ -209,6 +209,16 @@ variable "static_egress_ip_cidr_range" {
description = "The cidr range used to create a subnet that this cloud run will use if assigned a static ip"
}
+variable "min_ports_per_vm" {
+ default = 64
+ type = number
+ description = <<-EOL
+ When using Cloud NAT to provide an egress route, Cloud NAT's minimum ports per VM
+ can be configured to determine how many concurrent connections can be established
+ to the same destination IP address and port.
+EOL
+}
+
variable "secrets_volume" {
type = list(object({
name = string # name of the file that is going to be mounted