diff --git a/CHANGELOG b/CHANGELOG
index a88f34811e8f55a382a55f421c8cb7d7cdc72c98..eb41dde53178667f0695b12d60f88653d08fb4ec 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [3.1.2] - 2021-07-15
+### Changed
+ - Surface Cloud NAT variable for minimum number of SNAT tuples, supporting a larger
+ number of outbound connections id required.
+
## [3.1.1] - 2021-06-16
### Changed
- Surface the alerting success threshold variable from the monitoring module.
diff --git a/static_egress_ip.tf b/static_egress_ip.tf
index 7337b9b338e5579444d6e5c4cda267dcbbb7beeb..85b8db05392cfbe8c19c76ced7d3235a91a4d889 100644
--- a/static_egress_ip.tf
+++ b/static_egress_ip.tf
@@ -50,6 +50,7 @@ resource "google_compute_router_nat" "static-ip-nat" {
nat_ips = [google_compute_address.static-ip[0].self_link]
nat_ip_allocate_option = "MANUAL_ONLY"
region = var.cloud_run_region
+ min_ports_per_vm = var.min_ports_per_vm
source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
subnetwork {
diff --git a/variables.tf b/variables.tf
index 22a4191f157bcbbdf083d316174386eec515576f..e8c49f6a89849ab5f5bc6958f5f0e5d62f375796 100644
--- a/variables.tf
+++ b/variables.tf
@@ -209,6 +209,16 @@ variable "static_egress_ip_cidr_range" {
description = "The cidr range used to create a subnet that this cloud run will use if assigned a static ip"
}
+variable "min_ports_per_vm" {
+ default = 64
+ type = number
+ description = <<-EOL
+ When using Cloud NAT to provide an egress route, Cloud NAT's minimum ports per VM
+ can be configured to determine how many concurrent connections can be established
+ to the same destination IP address and port.
+EOL
+}
+
variable "secrets_volume" {
type = list(object({
name = string # name of the file that is going to be mounted