AWS Classroom Series – 29/Oct/2019

NAT Gateways

  • Private subnets dont have a route to IGW. which means no internet.
  • What if i need internet to Private subnet.
  • In traditional network we have NAT Servers.
  • AWS offers NAT with the following options
    • NAT Instance:

      • EC2 machine which user creates with NAT AMI
      • Create a Static Public IP (Elastic IP) and associate with EC2 machine
      • If EC2 machine crashes, users responsiblity to correct it.
    • NAT Gateways:

      • Managed by AWS, user needs to just specify he needs NAT Gateway
      • Elastic IP is automatically created or you can also use existing Elastic IPs
      • AWS does the scaling/management etc because user gets SLA on NAT Gateway

Creating NAT Gateway

  • Assumptions are you already have a vpc with 4 subnets. Two are private and Two are public.
  • Create a NAT Gateway in Public subnet
  • Add a route to Private Route Table which whenever the destination is (Anywhere) forwards the packet to NAT Gateway.
  • After doing this check, once cross check private subnets NACL and EC2 machines security group
  • This setup should enable internet access to private subnets connected to a router.

Egress only Internet Gateway.

  • All the subnets in the VPC will be private with internet connections

CLI to create NAT Gateway

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner