How to set up a NAT gateway in AWS?

Network address translation (NAT) gateway enables instances in a private subnet to connect to the internet and restrict the internet from establishing a connection with those instances.

As like NAT gateway, NAT instance could also be used to drive the traffic from private subnet to internet. However, one could prefer NAT gateway over NAT instance because of following advantages.

Bandwidth – The bandwidth of NAT gateway could scale up to 45 Gbps. For NAT instance, the bandwidth depends on the instance type.

Availability – The NAT gateway provides high availability and redundancy by implementing it across each availability zone. The availability of NAT instance has to be checked closely from application end and need to ensure that instance is always up and healthy. Additionally, custom script could be used to manage fail over between instances.

Maintenance – The NAT gateway is fully managed by AWS.

Performance – The software is better optimized to handle NAT gateway traffic. For NAT instance, the configuration needs to be done on Linux AMI.

Type and Size – NAT gateway is uniform and you don’t need to worry about the type and size. For NAT, choose the instance type and size based on your application workloads.

Lets follow the following steps to setup NAT gateway in your AWS VPC infrastructure.

To get more details on VPC configuration, refer Create and Configure your own VPC in AWS.

Create VPC

Create a non-default VPC with CIDR by singing-in to the AWS console (link)

Create Subnets

Here, we would now create two subnets in two different availability zones. Public Subnet with CIDR and Private Subnet with CIDR

Public Subnet

Private Subnet

Create Internet Gateway

Create an internet gateway and attach it to your VPC

Create Route Table

Create a custom Route Table like below and associate it with Public Subnet

Edit the Routes of your custom route table

Create a NAT gateway

Once you clicked on Create NAT Gateway, you further need to provide subnet and EIP information

  • Subnet – This is mandatory. You need to select the subnet where you want to create the NAT gateway. You need to note that NAT gateway always needs to be created in public subnet.
  • EIP – You need to allocate one EIP to your NAT gateway. You could directly create an EIP using option Create New EIP if you done have one.

Update your Route Table

Here, you need to associate your main route table with your private subnet. So that instance would be launched in private subnet could access internet through NAT gateway.

Subnet Association

Associate Private Subnet with Main Route Table

Edit Routes

Add NAT gateway rule in main route table

Now you’re all set with your network setup. We would launch instance in private subnet and would verify if the instance is able to access internet or not

Launch Instance in Public Subnet

Launch Instance in Private Subnet

Now, lets connect to EC2 (Bastion Host) present in public subnet first and then we would connect to EC2 present in Private subnet

Connect to EC2 in Public Subnet

Connect to EC2 in Private Subnet

Connect to Internet from EC2 in Private Subnet

As we observed, we are able to connect to internet from private subnet using NAT gateway.

Hope you like this post. Please comment below if you have any questions related to this blog. Also like or share your suggestions on any topics you want me to post.

Leave a Reply