Update to terraform-aws-dynamic-subnets v3.0.1

Updated the aws-vpc component to use terraform-aws-dynamic-subnets v3.0.1,
which includes a critical bug fix for NAT Gateway routing when max_nats is set
to fewer than the number of Availability Zones.

**Changes:**

1. **src/main.tf**: Updated module version from 3.0.0 to 3.0.1

2. **README.yaml**: Updated all references to v3.0.1
   - Added note about NAT routing bug fix
   - Updated related links to point to v3.0.1 release

3. **README.md & src/README.md**: Regenerated from README.yaml
   - Module version updated in tables
   - Feature list includes bug fix note
   - Related links updated

4. **docs/prd/upgrade-to-dynamic-subnets-v3.md**:
   - Updated title and version to 3.0.1
   - Added executive summary note about v3.0.1 patch
   - Updated all code examples to show v3.0.1
   - Changed "After (v3.0.0)" to "After (v3.0.x)" for clarity
   - Added v3.0.1 bug fix to success criteria
   - Added v1.2 changelog entry
   - Updated PRD version to 1.2 and date to 2025-11-03

**v3.0.1 Release Notes:**
The v3.0.1 patch fixes a critical bug where NAT Gateway routing failed with
"Invalid index" error when max_nats was set to fewer than the number of AZs.
This was caused by route tables attempting to reference non-existent NAT indices.

The fix adds modulo operations to the route table mapping formulas, ensuring
all route tables correctly reference available NAT Gateways.

**Testing:**
All existing tests pass without modification. The component test suite
comprehensively validates:
- NAT placement by index (TestNATPlacementByIndex)
- NAT placement by name (TestNATPlacementByName)
- Separate subnet counts (TestSeparateSubnetCounts)
- All other VPC configurations

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: aknysh

README.md

@@ -14,12 +14,13 @@ description: |-
   - VPC Endpoints for AWS services (S3, DynamoDB, and interface endpoints)
   - AWS Shield Advanced protection for NAT Gateway EIPs (optional)
 
-  **What's New in v3.0.0:**
-  - Uses `terraform-aws-dynamic-subnets` v3.0.0 with enhanced subnet configuration
+  **What's New in v3.0.1:**
+  - Uses `terraform-aws-dynamic-subnets` v3.0.1 with enhanced subnet configuration
   - Separate public/private subnet counts and names per AZ
   - Precise NAT Gateway placement control for cost optimization
   - NAT Gateway IDs exposed in subnet stats outputs
   - Requires AWS Provider v5.0+
+  - Fixes critical bug in NAT routing when `max_nats < num_azs`
 
 usage: |-
   **Stack Level**: Regional
@@ -229,11 +230,11 @@ references:
     description: CloudPosse VPC Module v3.0.0
     url: https://github.com/cloudposse/terraform-aws-vpc
   - name: terraform-aws-dynamic-subnets
-    description: CloudPosse Dynamic Subnets Module v3.0.0 - Enhanced subnet configuration with separate public/private control
+    description: CloudPosse Dynamic Subnets Module v3.0.1 - Enhanced subnet configuration with separate public/private control
     url: https://github.com/cloudposse/terraform-aws-dynamic-subnets
-  - name: terraform-aws-dynamic-subnets v3.0.0 Release
-    description: Release notes for dynamic-subnets v3.0.0 with new features
-    url: https://github.com/cloudposse/terraform-aws-dynamic-subnets/releases/tag/v3.0.0
+  - name: terraform-aws-dynamic-subnets v3.0.1 Release
+    description: Patch release fixing NAT routing bug when max_nats < num_azs
+    url: https://github.com/cloudposse/terraform-aws-dynamic-subnets/releases/tag/v3.0.1
 tags:
   - component/vpc
   - layer/network

README.yaml

@@ -1,19 +1,21 @@
-# Product Requirements Document: Upgrade to dynamic-subnets v3.0.0
+# Product Requirements Document: Upgrade to dynamic-subnets v3.0.1
 
-**Version:** 1.1
-**Date:** 2025-11-02
+**Version:** 1.2
+**Date:** 2025-11-03
 **Status:** Implemented
 **Author:** CloudPosse Team
 
 ---
 
 ## Executive Summary
 
-This PRD documents the upgrade of the `aws-vpc` component to use the latest `terraform-aws-dynamic-subnets` module version 3.0.0. This upgrade brings significant new capabilities for managing VPC subnets with independent control over public and private subnet counts and flexible NAT Gateway placement options.
+This PRD documents the upgrade of the `aws-vpc` component to use the latest `terraform-aws-dynamic-subnets` module version 3.0.1. This upgrade brings significant new capabilities for managing VPC subnets with independent control over public and private subnet counts and flexible NAT Gateway placement options.
+
+**Note:** Version 3.0.1 is a patch release that fixes a critical bug in NAT Gateway routing when `max_nats` is set to fewer than the number of Availability Zones. See the [v3.0.1 Release Notes](https://github.com/cloudposse/terraform-aws-dynamic-subnets/releases/tag/v3.0.1) for details.
 
 ### Key Changes
 
-1. **Module Upgrade**: Updated `terraform-aws-dynamic-subnets` from v2.4.2 to v3.0.0
+1. **Module Upgrade**: Updated `terraform-aws-dynamic-subnets` from v2.4.2 to v3.0.1
 2. **New Subnet Configuration**: Added support for separate public/private subnet counts per AZ
 3. **Flexible NAT Placement**: Added support for index-based and name-based NAT Gateway placement
 4. **AWS Provider Compatibility**: Updated to support AWS Provider v5.0+ (including v6.x)
@@ -31,7 +33,7 @@ This PRD documents the upgrade of the `aws-vpc` component to use the latest `ter
 
 ## Background
 
-The `terraform-aws-dynamic-subnets` module v3.0.0 introduces several major enhancements:
+The `terraform-aws-dynamic-subnets` module v3.0.x introduces several major enhancements:
 
 1. **Separate Public/Private Configuration**: Previously, you could only create the same number of public and private subnets per AZ. Now you can configure them independently.
 
@@ -50,7 +52,7 @@ subnets_per_az_count = 2  # Creates 2 public + 2 private, NATs in both public
 max_nats = 1              # Limits to 1 NAT total (not per AZ, global limit)
 ```
 
-**After (v3.0.0):**
+**After (v3.0.x):**
 ```hcl
 public_subnets_per_az_count  = 2
 private_subnets_per_az_count = 3
@@ -65,7 +67,7 @@ Create different named subnets for public vs private, like "web" and "loadbalanc
 subnets_per_az_names = ["common"]  # Same names for public and private
 ```
 
-**After (v3.0.0):**
+**After (v3.0.x):**
 ```hcl
 public_subnets_per_az_names  = ["web", "loadbalancer"]
 private_subnets_per_az_names = ["app", "database", "cache"]
@@ -83,11 +85,12 @@ private_subnets_per_az_names = ["app", "database", "cache"]
 ```hcl
 module "subnets" {
   source  = "cloudposse/dynamic-subnets/aws"
-  version = "3.0.0"  # Upgraded from 2.4.2
+  version = "3.0.1"  # Upgraded from 2.4.2 (via 3.0.0)
 ```
 
 **Impact:**
-- Access to all new features in dynamic-subnets v3.0.0
+- Access to all new features in dynamic-subnets v3.0.x
+- v3.0.1 fixes critical bug in NAT routing when `max_nats < num_azs`
 - Support for AWS Provider v6.x
 - Enhanced subnet configuration capabilities
 
@@ -159,7 +162,7 @@ variable "nat_gateway_public_subnet_names" {
 ```hcl
 module "subnets" {
   source  = "cloudposse/dynamic-subnets/aws"
-  version = "3.0.0"
+  version = "3.0.1"
 
   # ... existing variables ...
 
@@ -672,7 +675,7 @@ The module will fail at apply time with a clear error message if invalid names a
 
 ### ✅ Completed
 
-1. ✅ Module upgraded to dynamic-subnets v3.0.0
+1. ✅ Module upgraded to dynamic-subnets v3.0.1 (from v2.4.2 via v3.0.0)
 2. ✅ All 6 new variables added and documented
 3. ✅ AWS Provider version updated to v5.0+ ⚠️ **BREAKING CHANGE** (drops v4.x support)
 4. ✅ Go and test dependencies updated to latest versions (Go 1.25, Terratest 0.52.0)
@@ -684,13 +687,14 @@ The module will fail at apply time with a clear error message if invalid names a
 10. ✅ Comprehensive PRD documentation created with breaking change clearly documented
 11. ✅ Added Terraform validation blocks for NAT placement variables (plan-time validation)
 12. ✅ Added `check` block for mutual exclusivity validation (catches errors before resource creation)
-13. ✅ Added 14 new outputs to expose all dynamic-subnets v3.0.0 capabilities
-14. ✅ Added comprehensive test coverage for v3.0.0 features:
+13. ✅ Added 14 new outputs to expose all dynamic-subnets v3.0.x capabilities
+14. ✅ Added comprehensive test coverage for v3.0.x features:
     - TestNATPlacementByIndex - validates index-based NAT placement
     - TestNATPlacementByName - validates name-based NAT placement
     - TestSeparateSubnetCounts - validates separate public/private subnet counts
     - TestValidationMutualExclusivity - validates mutual exclusivity check
 15. ✅ Created test stack configurations for all new test cases
+16. ✅ v3.0.1 patch applied - fixes critical NAT routing bug when `max_nats < num_azs`
 
 ### Future Enhancements
 
@@ -791,3 +795,4 @@ atmos terraform apply vpc -s <stack>
 |---------|------------|-----------------|-----------------------------------------------------------------------------------|
 | 1.0     | 2025-11-02 | CloudPosse Team | Initial PRD - upgraded to dynamic-subnets v3.0.0, added 6 new variables, updated test infrastructure |
 | 1.1     | 2025-11-02 | CloudPosse Team | Added comprehensive test improvements section, updated README.yaml with usage examples, documented test code enhancements and future test recommendations |
+| 1.2     | 2025-11-03 | CloudPosse Team | Updated to dynamic-subnets v3.0.1 - patch release fixing critical NAT routing bug when max_nats < num_azs |

docs/prd/upgrade-to-dynamic-subnets-v3.md

@@ -153,7 +153,7 @@ module "vpc_endpoints" {
 
 module "subnets" {
   source  = "cloudposse/dynamic-subnets/aws"
-  version = "3.0.0"
+  version = "3.0.1"
 
   availability_zones              = local.availability_zones
   availability_zone_ids           = local.availability_zone_ids