diff --git a/main.tf b/main.tf
index 1470f13..292dda0 100644
--- a/main.tf
+++ b/main.tf
@@ -1,4 +1,4 @@
-### Module Main
+ ### Module Main
 
 provider "aws" {
   region = var.aws_region
@@ -85,24 +85,77 @@ resource "aws_key_pair" "deployer" {
   public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEW+kreEW6fiuB0CwyO1hg5QzWLG09fMiRDvgyyaWu/dGJMGcfHU9qYE2e0elSzneFhqJtrYVnZa3XTRRMip57bgWdW7wnwcbUz4P9obIIj7jKYKxS4aNJeV7lteer9Q4bLMJF20eAVDVUc9ZlQJcu3ecKz+zHeMYYqxAbVT6fMQid6FqajTvrNZ3Gue4uWw+bvZuiNTArn4ZSoAcRRdDOY03c3F55eNOiAI2p6aefBv8GKQw8+4IyYkGeblyyXNGqPJyD9WgydOM3WviKhffxYorzra1AnbHap8OIRgN2fJ2enqVzjkA9JlVGDtEwdkoPahqkeIYp9YBnBiCpFKUjuK0c5DxdXqPpAaG8dJfXgTnd7LQID7xy/8o3YosaLqs3bAM1cYXn6MmroOepLHYC9LuzDReEdD3ks+0M/RJURO96BVClZjIZfYzFY6ru1WIlEcQ62lDSKyr8oXVM7qmf7t9piozklcpGP6Mj+Bee//MjBf7blKnNWGElLDe/UDE= art@OPH80PO196"
 }
 
+# == preparating security_group
+
+resource "aws_security_group" "allow_ssh_to_nat" {
+  name        = "allow_ssh"
+  description = "Allow SSH inbound traffic"
+  vpc_id      = aws_vpc.main.id
+
+  ingress {
+    description = "SSH from 0.0.0.0/0"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "allow_ssh_to_nat"
+  }
+} 
+
+resource "aws_security_group" "allow_all_trafic_from_vpc" {
+  name        = "allow_all_trafic_from_vpc"
+  description = "Allow allow_all_trafic_from_vpc inbound traffic"
+  vpc_id      = aws_vpc.main.id
+
+  ingress {
+    description = "HTTP from VPC"
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.main.cidr_block]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "allow_all_trafic_from_vpc"
+  }
+} 
+
 # === Providing instance
 
-# resource "aws_instance" "nat_instance" {
-#   for_each = var.azs
+resource "aws_instance" "nat_instance" {
+  for_each = var.azs
 
-#   ami           = data.aws_ami.nat_ami.id
-#   instance_type = "t2.micro"
-#   source_dest_check = false # necessaire pour les NATs ou VPNs qui forward du trafic d'autres machines
-#   key_name = "${var.vpc_name}-deployer-key"
-#   security_groups = ["sg-009f0c0b8ad8a17c7"] # group allow ssh  ATTENTION : faire un appel via datasource pour éviter de overrite à chaque fois apply
+  ami           = data.aws_ami.nat_ami.id
+  instance_type = "t2.micro"
+  source_dest_check = false # necessaire pour les NATs ou VPNs qui forward du trafic d'autres machines
+  key_name = "${var.vpc_name}-deployer-key"
 
-#   # private_ip = cidrhost(cidrsubnet(var.vpc_cidr, 4, 15 - each.value), 3) # bonne pratiques cloud on laissera notre subnet attribuer l'ip
-#   subnet_id  = aws_subnet.public[each.key].id
+  # private_ip = cidrhost(cidrsubnet(var.vpc_cidr, 4, 15 - each.value), 3) # bonne pratiques cloud on laissera notre subnet attribuer l'ip
+  subnet_id  = aws_subnet.public[each.key].id
 
-#   tags = {
-#     Name = "${var.vpc_name}-amzn-ami-vpc-nat-${each.key}"
-#   }
-# }
+  vpc_security_group_ids = [aws_security_group.allow_ssh_to_nat.id, aws_security_group.allow_all_trafic_from_vpc.id]
+
+  tags = {
+    Name = "${var.vpc_name}-amzn-ami-vpc-nat-${each.key}"
+  }
+}
 
 resource "aws_eip" "nat_eip" {
   for_each = var.azs
@@ -113,12 +166,12 @@ resource "aws_eip" "nat_eip" {
   depends_on                = [aws_internet_gateway.gw]
 }
 
-# resource "aws_eip_association" "eip_assoc" {
-#   for_each = var.azs
+resource "aws_eip_association" "eip_assoc" {
+  for_each = var.azs
 
-#   instance_id   = aws_instance.nat_instance[each.key].id
-#   allocation_id = aws_eip.nat_eip[each.key].id
-# }
+  instance_id   = aws_instance.nat_instance[each.key].id
+  allocation_id = aws_eip.nat_eip[each.key].id
+}
 
 # == Routing our subnets
 
@@ -154,27 +207,27 @@ resource "aws_route_table" "private" {
   }
 }
 
-# resource "aws_route" "private_route_through_nat" {
-#   for_each = var.azs
+resource "aws_route" "private_route_through_nat" {
+  for_each = var.azs
 
-#   route_table_id            = aws_route_table.private[each.key].id
-#   destination_cidr_block    = "0.0.0.0/0"
-#   instance_id               = aws_instance.nat_instance[each.key].id
-# }
+  route_table_id            = aws_route_table.private[each.key].id
+  destination_cidr_block    = "0.0.0.0/0"
+  instance_id               = aws_instance.nat_instance[each.key].id
+}
 
 /* Reste à associer les 4 tables (3 priv et 1 pub) avec les 6 subnets (3 priv et 3 pub) */
 
-# resource "aws_route_table_association" "asso_pub_igw" {
-#   for_each = var.azs
+resource "aws_route_table_association" "asso_pub_igw" {
+  for_each = var.azs
 
-#   subnet_id      = aws_subnet.public[each.key].id
-#   route_table_id = aws_route_table.public.id
-# }
+  subnet_id      = aws_subnet.public[each.key].id
+  route_table_id = aws_route_table.public.id
+}
 
-# resource "aws_route_table_association" "association_private_nat" {
-#   for_each = var.azs
+resource "aws_route_table_association" "association_private_nat" {
+  for_each = var.azs
 
-#   subnet_id      = aws_subnet.private[each.key].id
-#   route_table_id = aws_route_table.private[each.key].id
-# }
+  subnet_id      = aws_subnet.private[each.key].id
+  route_table_id = aws_route_table.private[each.key].id
+}