NAT Gateways
- Private subnets dont have a route to IGW. which means no internet.
- What if i need internet to Private subnet.
- In traditional network we have NAT Servers.
- AWS offers NAT with the following options
-
NAT Instance:
- EC2 machine which user creates with NAT AMI
- Create a Static Public IP (Elastic IP) and associate with EC2 machine
- If EC2 machine crashes, users responsiblity to correct it.
-
NAT Gateways:
- Managed by AWS, user needs to just specify he needs NAT Gateway
- Elastic IP is automatically created or you can also use existing Elastic IPs
- AWS does the scaling/management etc because user gets SLA on NAT Gateway
-
Creating NAT Gateway
- Assumptions are you already have a vpc with 4 subnets. Two are private and Two are public.
- Create a NAT Gateway in Public subnet
- Add a route to Private Route Table which whenever the destination is 0.0.0.0/0 (Anywhere) forwards the packet to NAT Gateway.
- After doing this check, once cross check private subnets NACL and EC2 machines security group
- This setup should enable internet access to private subnets connected to a router.
Egress only Internet Gateway.
- All the subnets in the VPC will be private with internet connections
