NAT Gateway (NGW)

A NAT Gateway (Network Address Translation Gateway) allows instances in a private subnet to access the internet outbound, while preventing inbound traffic from the internet.

1. How it works

  1. Private Subnet Setup:
    • Instances in the private subnet do not have public IP addresses.
    • They rely on the NAT Gateway to access the internet.
  2. Route Table Configuration:
    • The route table of the private subnet must include a route for 0.0.0.0/0 that points to the NAT Gateway.
    • This route ensures that any outgoing traffic from the instances will be directed to the NAT Gateway.
  3. Outbound Traffic Flow:
    • Outbound traffic goes to the NAT Gateway.
    • The NAT Gateway replaces the private IP of the instance with the Elastic IP (EIP) assigned to the NAT Gateway, making it appear as if the request is coming from the NAT Gateway.
  4. Internet Access:
    • The NAT Gateway forwards the traffic to the internet gateway

alt text

2. NAT Gateway vs. NAT Instance

A NAT Instance is an EC2 instance configured to perform the same functions as a NAT Gateway. Both allow outbound internet traffic from private subnets while blocking inbound traffic.

  1. NAT Gateway: An AWS-managed service that is scalable, fault-tolerant, and requires minimal setup with no manual management.
  2. NAT Instance: A self-managed EC2 instance that requires manual configuration, scaling, and maintenance, including ensuring high availability.

3. Common NAT Gateway Use Cases

Suitable for scenarios where instances in private subnets need outbound access to the internet, such as:

  1. Logging and Monitoring: Need to send logs or monitoring data to external services.
  2. Database Backups: Require backing up to external services or Amazon S3 buckets in different regions.
  3. Software Updates and Patching: Need to download security patches or software updates from external sources.

4. List of Gateways in AWS