Nat Gateway

nat-gateway nat-gateway

In this diagram, the internet gateway is attached to the entire VPC and we can make some subnets public and some private. Then everything in the VPC has the ability to make requests over the private network to anything else in the VPC, but the public subnets are the only subnets with the ability to make requests over the public internet.

When we add a NAT gateway, we have to add it to a single public subnet in a single availability zone. Then we can have instances on private subnets use the NAT gateway to make requests over the public internet.

Unlike internet gateways, which apply to the entire VPC, NAT gateways must reside within a subnet and within a single availability zone. The use of a single NAT gateway would result in a single point of failure.

For more information about NAT gateways, see NAT gateway basics. https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html#nat-gateway-basics

Nat Instances

Since a NAT gateway is a managed service by AWS, it's probably the simplest and most robust solution to NAT in a VPC. However, you can easily set up your own NAT EC2 instance on a public subnet to achieve the same effect.

There are a few options for setting up a NAT instance, but a popular choice is the fck-nat project. This NAT instance can be deployed to a t4g.nano, making it extremely cheap.

Hourly rates:

  • Managed NAT Gateway hourly: $0.045
  • t4g.nano hourly: $0.0042

And it can double as a bastion host for your VPC. For smaller infrastructure, it's a good option to consider.

Cloud Course
Cloud Course
$89.70
$299.00 Lifetime
  • 81+ learning resources
  • 57 lessons and tutorials
  • 15 hands-on deployments
  • 9 quizzes
  • 29 videos (4h 17m 38s)
  • More content coming soon
  • Unlimited lifetime access to all course content
  • Deployment assessment CLI tool
  • Exclusive Discord access
Original Price:$299.00
Discount:-$209.30
Total:$89.70