Network Address Translation (NATs) Instances and NAT Gateways
- instance launched into private subnet in VPC could communicate with Internet through the IGW, by default.
- Instances within private subnets need direct access to Internet from VPC to
- apply security updates
- download patches
- or update application software.
- AWS offers Network Address Translation or NAT Instances and gateways to allow instances in private subnets to access Internet.
- Use a NAT gateway instead of a NAT instance
- NAT Gateway provides better availability and higher bandwidth, and requires less administrative effort than instances.
Network Address Translation Instance
- It is an Amazon Linux AMI designed to accept traffic from instances within a private subnet
- After which, it translate the source IP address to the public IP address of NAT instance
- And forwards traffic to IGW
- NAT instance maintains state of the forwarded traffic to return response traffic from Internet to instance in private subnet.
Tasks to allow instances in a private subnet to access Internet resources through the IGW using NAT, are
- Create – It required to create a security group for the NAT with outbound rules that specify the needed Internet resources by port, protocol, and IP address.
- Launch – Next launch an Amazon Linux NAT AMI as an instance in a public subnet and associate it with the NAT security group.
- Disable –Then disable the Source/Destination Check attribute of the NAT.
- Configure –Then, configure route table associated with a private subnet to direct Internet-bound traffic to NAT instance.
- Allocate – Lastly allocate an EIP and associate it with NAT Instance
Network Address Translation Gateway
- An Amazon managed resource
- To operate just like a NAT instance
- but is simpler to manage and highly available within an Availability Zone
- To allow instances within a private subnet to access Internet resources through the IGW via a NAT gateway, following must be done –
- Configure – It is required to configure the route table associated with the private subnet to direct Internet-bound traffic to the NAT gateway Example – nat-1a2b3c4d.
- Allocate – It is required to allocate and EIP and associate it with the NAT Gateway.
Are you a AWS Solution Architect?Take a Quiz