Is your request related to a problem? Please describe.

Their is now a network firewall module, but it does not integrate with this module, so even when using them both, you are left in a situation where you can not actually route traffic through the firewall in its normal manner.

Ive also created this here: terraform-aws-modules/terraform-aws-network-firewall#1

Since im not sure where it should live, since both modules are impacted

Describe the solution you'd like.

1. Should be able to create Firewall Subnets
2. Should be able to control/override routes for the module so once the firewall is deployed, you can update the routing tables to point to it.

How we currently handle this

 Disable public subnets, and nat gateways Create Public Subnets and NAT Gateway, and Internet Gateway Create the route table for the NAT gateways Create 2 Firewall Subnets and their route tables Deploy this ( actually your old beta version) module passing in the firewall subnets in the subnet mapping Create the routes for the IGW Create the routes for the firewall subnets Create all the route associations 

Additional context

I think the main issue is not being flexible enough in subnet creation, and not being able to override routes from the Firewall Module, since anytime the VPC module is re-ran, they would be removed/correct I believe.