Network address translation (NAT) gateway enables instances in a private subnet to connect to the internet and restrict the internet from establishing a connection with those instances.
As like NAT gateway, NAT instance could also be used to drive the traffic from private subnet to internet. However, one could prefer NAT gateway over NAT instance because of following advantages.
Bandwidth – The bandwidth of NAT gateway could scale up to 45 Gbps. For NAT instance, the bandwidth depends on the instance type.
Availability – The NAT gateway provides high availability and redundancy by implementing it across each availability zone. The availability of NAT instance has to be checked closely from application end and need to ensure that instance is always up and healthy. Additionally, custom script could be used to manage fail over between instances.
Maintenance – The NAT gateway is fully managed by AWS.
Performance – The software is better optimized to handle NAT gateway traffic. For NAT instance, the configuration needs to be done on Linux AMI.
Type and Size – NAT gateway is uniform and you don’t need to worry about the type and size. For NAT, choose the instance type and size based on your application workloads.
Lets follow the following steps to setup NAT gateway in your AWS VPC infrastructure.
To get more details on VPC configuration, refer Create and Configure your own VPC in AWS.
Create VPC
Create a non-default VPC with CIDR 192.168.0.0/24 by singing-in to the AWS console (link)
Create Subnets
Here, we would now create two subnets in two different availability zones. Public Subnet with CIDR 192.168.0.0/25 and Private Subnet with CIDR 192.168.0.128/25.
Public Subnet
Private Subnet
Create Internet Gateway
Create an internet gateway and attach it to your VPC
Create Route Table
Create a custom Route Table like below and associate it with Public Subnet
Edit the Routes of your custom route table
Create a NAT gateway
Once you clicked on Create NAT Gateway, you further need to provide subnet and EIP information
- Subnet – This is mandatory. You need to select the subnet where you want to create the NAT gateway. You need to note that NAT gateway always needs to be created in public subnet.
- EIP – You need to allocate one EIP to your NAT gateway. You could directly create an EIP using option Create New EIP if you done have one.
Update your Route Table
Here, you need to associate your main route table with your private subnet. So that instance would be launched in private subnet could access internet through NAT gateway.
Subnet Association
Associate Private Subnet with Main Route Table
Edit Routes
Add NAT gateway rule in main route table
Now you’re all set with your network setup. We would launch instance in private subnet and would verify if the instance is able to access internet or not
Launch Instance in Public Subnet
Launch Instance in Private Subnet
Now, lets connect to EC2 (Bastion Host) present in public subnet first and then we would connect to EC2 present in Private subnet
Connect to EC2 in Public Subnet
Connect to EC2 in Private Subnet
Connect to Internet from EC2 in Private Subnet
As we observed, we are able to connect to internet from private subnet using NAT gateway.
Hope you like this post. Please comment below if you have any questions related to this blog. Also like or share your suggestions on any topics you want me to post.