From dddb7f9232b746c9c1f75128847b5d89c877c767 Mon Sep 17 00:00:00 2001
From: Dr Wajdi Hajji <wh330@cam.ac.uk>
Date: Tue, 6 Jul 2021 14:21:01 +0100
Subject: [PATCH] Added Cloud NAT "min ports per VM" config

(cherry picked from commit a068f5997592b0158f94da1de5b3ea9f695d4ed8)
---
 static_egress_ip.tf |  1 +
 variables.tf        | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/static_egress_ip.tf b/static_egress_ip.tf
index 7337b9b..85b8db0 100644
--- a/static_egress_ip.tf
+++ b/static_egress_ip.tf
@@ -50,6 +50,7 @@ resource "google_compute_router_nat" "static-ip-nat" {
   nat_ips                = [google_compute_address.static-ip[0].self_link]
   nat_ip_allocate_option = "MANUAL_ONLY"
   region                 = var.cloud_run_region
+  min_ports_per_vm       = var.min_ports_per_vm
 
   source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
   subnetwork {
diff --git a/variables.tf b/variables.tf
index 5b0d052..88935bb 100644
--- a/variables.tf
+++ b/variables.tf
@@ -209,6 +209,16 @@ variable "static_egress_ip_cidr_range" {
   description = "The cidr range used to create a subnet that this cloud run will use if assigned a static ip"
 }
 
+variable "min_ports_per_vm" {
+  default     = 64
+  type        = number
+  description = <<-EOL
+    When using Cloud NAT to provide an egress route, Cloud NAT's minimum ports per VM
+    can be configured to determine how many concurrent connections can be established
+    to the same destination IP address and port. 
+EOL
+}
+
 variable "secrets_volume" {
   type = list(object({
     name    = string # name of the file that is going to be mounted
-- 
GitLab