In the previous article, we have created and used the Internet Gateways to route traffic to and from the Internet for AWS public subnets. However, Internet gateways are not going to help you to route Internet traffic for the private subnet based instances. Here, we will learn about the AWS NAT Gateways that help you to accomplish this.
- Also read: Managing AWS Internet Gateways
NAT gateways are only required when you want to provide the Internet access to your EC2 instances that are located inside the private subnets. There are two options to use with NAT gateways: Your own EC2 instance acting as NAT gateway or AWS NAT Gateway as a service.
Difference between NAT instances and NAT Gateways
There are various differences between NAT instances and NAT gateways. Both have its own pros. and cons. We highly recommend to have a look at the following article and get familiarized with the NAT instances vs NAT gateways.
A NAT instance should be used for the Dev, QA and testing infrastructures where you can stop, start, scale, and manage it as per your own requirements. However, for the enterprise production servers, it is recommended to use NAT gateways. Because NAT gateways are managed by AWS and auto scalable as per the need and do not require any manual interactions. Here, we will focus on the NAT Gateway (platform as a service).
A NAT gateway takes the traffic of all private instances, change their private IP addresses with its public IP address and then forwards it to the Internet gateway. While creating a NAT gateway, keep in mind that you select the public subnet that has route entry for the Internet gateway, else the traffic will not be routed to the Internet.
Please visit the following link to know more about the AWS NAT Gateways.
To create and configure a NAT gateway, you need to follow the following steps:
- Select the NAT Gateways option in the left pane and then click Create NAT Gateway.
- On the next page, you need to provide following two settings:
- Subnet: Select the public subnet of your VPC to which your NAT gateway will belong.
- Elastic IP: Generate a new EIP that will be attached to NAT Gateway.
- Click Create NAT Gateway option to proceed. After few minutes, the NAT Gateway will be created.
- On the Next page, click Close to finish the task.
Once you created the NAT gateway, next you need to update the routing tables of your private instances so they can send the traffic to the NAT gateway.