AWS VPC NAT Gateway
VPC NAT Gateway is a Network Address Translation (NAT) service that allows your instances in a private subnet to connect to services outside your VPC but does not allow external services to initiate a connection with those instances.
Each NAT gateway is created in a specific Availability Zone and implemented with redundancy in that zone. There is a quota of 5 NGW the number of NAT gateways that you can create in each Availability Zone.
NAT Gateway should always be assoicated with an Elastic IP and to be launched in a Public Subnet of your VPC.
The NAT gateway replaces the source IPv4 address of the instances with the private IP address of the NAT gateway. When sending response traffic to the instances, the NAT device translates the addresses back to the original source IPv4 addresses.
NAT Gateway entry in Route Table - In the private route table you need to make an entry for the NGW so that traffic generated from private instances can be routed via this route to the internet.
Monitor NAT Gateway using Amazon Cloudwatch - Monitor your NAT gateway using CloudWatch, which collects information from your NAT gateway and creates readable, near real-time metrics. You can use this information to monitor and troubleshoot your NAT gateway. NAT gateway metric data is provided at 1-minute intervals, and statistics are recorded for a period of 15 months.
NAT instances - Create your own network address translation AMI and run it on an EC2 instance as NAT instance in a public subnet in your VPC to enable instances in the private subnet to initiate outbound IPv4 traffic to the internet or other AWS services but prevent the instances from receiving inbound traffic initiated by someone on the internet.
NAT Gateway v/s NAT Instance
NAT Gateway (NGW) is highly available. NAT instance needs a script to manage failover between instances.
NGW can scale up to 45 Gbps whereas NAT instance depends on the bandwidth of the instance type.
NGW should have an Elastic IP address, NAT instance can have either Public IP or Elastic IP address.
NGW does not act as Bastion host where NAT instance does.
Read more differences here https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html
Pricing - When you provision a NAT gateway, you are charged for each hour that your NAT gateway is available and each Gigabyte of data that it processes.
Conclusion
Always make the best use of NAT Gateway to secure your private instance. Delete NGW when not required to save the unnecessary cost. Elastic IP are always needed for NGW. NGW is always recommended over NAT instance.
— — — — — — — — — — — — — — — — — — — — — — — — — -
Thank you for your time here reading our blog.
Read our other AWS blogs @ https://yogendrahj.medium.com/
Don’t Quit. Suffer now and live the rest of your life as a CHAMPION!!!
Happy to hear your feedback, suggestions, requests on any topics in our coming blogs.
LEARN and BE CURIOUS!!!!!
Happy Learning,
Yogendra