Open In App

Amazon Web Services – Introduction to NAT Gateways

Improve
Improve
Like Article
Like
Save
Share
Report

To access the Internet, one public IP address is needed, but we can use a private IP address in our private network. The idea of NAT is to allow multiple devices to access the Internet through a single public address. To achieve this, the translation of a private IP address to a public IP address is required. Network Address Translation (NAT) is a process in which one or more local IP address is translated into one or more Global IP address and vice versa in order to provide Internet access to the local hosts. Also, it does the translation of port numbers i.e. masks the port number of the host with another port number, in the packet that will be routed to the destination. It then makes the corresponding entries of IP address and port number in the NAT table. NAT generally operates on a router or firewall. 

AWS NAT Gateways

Amazon Web Services (AWS) NAT Gateway – stands for Network Address Translation. It is a managed AWS service that is scaled based on your usage. NAT Gateway will help you to access the internet which instances are configured in the private subnet but without proper routing, no one can access that instance from outside.

Types Of AWS NAT Gateways

  1. Public: NAT Gateway that resides in a public subnet. You can access the internet from the instance which is residing in the private subnet but others cant access this instance which is in the private subnet through the internet without proper routing to the subnets.
  2. Private: Private NAT Gateways are mostly used for communication between VPCs or between VPCs and Transit Gateway. You can’t access Elastic IP with the private NAT Gateway.

The main use case of NAT Gateway is to allow you to have Internet access in private subnets of your Virtual Private Cloud. This way your instances still can’t be accessed from the Internet but the instances themselves can access the Internet. So you have Internet access without having a risk of being hacked through publicly accessible instances.

Benefits Of AWS NAT Gateway

NAT Gateways provide several benefits for users of Amazon Web Services (AWS). Some of the key benefits include:

  1. Improved security: NAT Gateways enable instances in private subnets to access the Internet while preventing Internet-based access to those instances. This helps to improve security by reducing the attack surface of your VPC.
  2. Simplified network architecture: NAT Gateways allow you to simplify your network architecture by eliminating the need for a bastion host or VPN connection to access instances in private subnets.
  3. Automatic scaling: NAT Gateways are automatically scaled based on your usage, so you don’t have to worry about managing the service yourself.
  4. High availability: NAT Gateways are designed for high availability, with multiple redundant gateways in each Availability Zone to ensure that traffic continues to flow even if one gateway goes offline.
  5. Cost-effective: NAT Gateways are cost-effective, with pay-as-you-go pricing and no upfront costs. They also offer a lower-cost alternative to using (Vitual Private Network) VPN connection or a bastion host to access private instances.

Pricing Of AWS NAT Gateway

The NAT Gateway will be charged on an hourly basis and the amount of data processed and also some of the things NAT Gateway will be set.

  1. Data Transfer: AWS NAT Gateway will be charged based on the amount of data is transferring out of the private subnet to the internet with the help of NAT Gateway.
  2. NAT Gateway Endpoints: AWS NAT Gateway will be charged based on the no.of endpoints available even if they are in use are not it will be charged.

To reduce the pricing of the AWS NAT Gateway make sure the resources which you need to transfer the data are going to be available in the same network and availability zone.

AWS NAT Gateway Basics

AWS NAT Gateway will be a service provided by AWS that will help you access the internet of the instance which is configured in the private subnet and also it will restrict the inbound traffic without proper routing.

  1. Outbound Internet Access: The instance which is present in the VPC of a private subnet can’t access the internet directly it will request the NAT Gateway then the NAT Gateway will route the traffic to the internet.
  2. Supported protocols: NAT Gateway will support the following protocols TCP, UDP, and ICMP.
  3. Improved Security: NAT Gateway will restrict access from the outbound direct to the private instance in the private subnet.
  4. Integrated with Route Table: You can integrate the NAT Gateway with the routing table which will allow the traffic to the private subnet. So the traffic which is coming from the outbound will directly comes to the NAT Gateway.
  5. Bandwidth: NAT Gateway will support the bandwidth of 5Gbps bandwidth and it can automatically scale to 100Gbps.
  6. Automated Failover: If the NAT Gateway in Availability Zone fails, it will route the traffic to another NAT Gateway that is available in another healthy NAT Gateway.

AWS NAT Gateway Use Cases

  1. Internet Access To Private Instance: The major use case of the NAT gateway is to provide outbound access to the internet from the private instance which is in the VPC of the Private subnet.
  2. Secured Connections: The software which is presented in the private subnets will require updates and sometimes it requires software patches For that you need to connect with external repositories depending u on the requirement then you need to have internet access the connects with the repositories will be secured with the NAT Gateway.
  3. Integration Is Simple: The SaaS(Software as a Service) is used so many companies and the application is going to reside on the public internet with the help of NAT Gateway communicating with this application is very easy.
  4. Hybrid Cloud Deployments: You can connect your on-premises servers to the cloud for data transfer with secured connections which is an outbound connection.

Routing Of NAT Gateway

Destination

Target

10.0.0.0/16

local

10.64.78.0/16

local

192.158.0.0/16

nat-gateway-id

The above table represents that the traffic which is coming from the 10.0.0.0/16, 10.64.78.0/16 this two services will be kept with in the same network it will route internally and the traffic if coming from the 192.158.0.0/16 will sent it to directly to the NAT Gateway from there it will be routed to the required actual destination. To know more about subnet routing refer to the Amazon VPC – Working with VPCs and Subnets.

Control The Use Of NAT Gateways

The NAT Gateway can’t be accessed directly for that you need to create an IAM role and attach it to the users to which you want to have the access

Work With NAT Gateways

Follow the below steps to create a Nat Gateway using the AWS console:

  • Open the AWS console and type “Nat Gateway” in the search bar. And select it (from the Features submenu).

  • Then hit “Create NAT gateway”.  You should see the following screen:

  • Fill out the name and tags as you wish.
  • Choose the subnet you want your NAT Gateway to live in. Make sure it has an Internet access to make our NAT Gateway Public.
  • Then hit “Allocate Elastic IP” if you don’t have any. Elastic IP – is a static IP that your NAT Gateway will always have. You can be sure that it stays the same.
  • Click the “Create NAT gateway” orange button.

NAT Gateway will allow the outbound traffic to the internet of the instance which is having in the private subnet to know more how to configure private NAT refer to the How to Set up a NAT Gateway For a Private Subnet in Amazon VPC?.

Delete The AWS NAT Gateway

After completion of your practice on the NAT Gateway you have to delete it other wise the billing will not stop after deleting the NAT Gateway the Elastic IP address will remain the same it will be released from the NAT Gateway but not from your account. You need to delete the Elastic IP also once the completion of your work is over.

Difference Between AWS NAT Gateway And AWS Internet Gateway

Both are the two different service offered by Amazon Web service with similar purpose Internet gateway will allow the instance in particular VPC to talk with the internet if there are in the public subnet and if you want to connect to the internet with the instance which is available in the private subnet then you will use the NAT Gateway refer to the Difference Between Internet Gateway and NAT Gateway.

AWS NAT Gateways – FAQ’s

1. What Is The Difference Between NAT Gateway And API Gateway?

API Gate way is for inbound communication and NAT Gateway for the outbound communications.

2. What Is The Difference Between Elastic Load Balancer And NAT Gateway?

Elastic Load Balancer will diftrubute the load across the different instances and NAT Gate way will help private instance to connect to internet.



Last Updated : 11 Sep, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads