AWS(Amazon Web Service) offers a service NAT Gateway which is used to allow the outbound connection to the instance which is available in the private subnet of VPC(Virtual Private Cloud). The inbound access will be restricted to the private instance that is coming from the internet and any other resources. Sometimes you need to update the packages which is available in the private instance then you need to connect to the internet and specific repositories to download the packages then you need to connect to the internet it can be achieved with the help of NAT Gateway.

AWS NAT gateways

NAT(Network Address Translation) gateway in AWS(Amazon Web Services) inside a private subnet in VPC(Virtual Private Cloud). We will see step-by-step procedures to set up a NAT gateway. NAT gateway is a service by AWS(Amazon Web Services) that provides outbound access to private networks in VPC. It prevents inbound access to the private subnets. NAT also allows connectivity between different private networks present within the VPC. So let’s set up our NAT gateway. To know more about NAT gateway (Network Address Translation) refer to Amazon Web Services – Introduction to NAT Gateways

• NAT Gateway: NAT gateway is a service that allows private subnets in VPC to connect to outside networks and services preventing outside access.
• VPC(Virtual Private Cloud): Virtual Private Cloud is an isolated cloud environment hosted within the public cloud.
• Inbound Traffic: Inbound traffic is the Traffic generated outside networks towards internal services.
• Outbound Traffic: Outbound traffic is the Traffic generated in inside networks accessing outside services.

CREATE AWS NAT GATEWAY

Steps To Setup NAT Gateway for a Private Subnet in Amazon VPC 

To set up the custom VPC refer to the Amazon VPC – Working with VPCs and Subnets.

Scenario 1: Steps To Setup Public NAT Gateway In AWS 

The public NAT Gateway is the one that has public IP associated with it. A Public NAT gateway must be allocated in a public subnet. Internet access is available with public NAT Gateway. Public NAT Gateway can be connected to a private subnet which allows the private subnet to access the internet restricting outside networks from accessing resources in a private network.

Step 1:  From Services open Networking And Content Delivery > VPC

 

Step 2: On the VPC page open Subnets. In subnets click on create subnet to create a public and private subnet. fill in the following details on creating a subnet page. The difference between the private and public subnet is public subnet will have at least one route to the internet. route for the internet will default for all subnets. For the private subnet, we will create another routing table without an internet route.

After specifying the below options click on Create a Subnet (You can also specify tags if you want). Follow the same steps for the Public subnet.

 

Step 3: After creating subnets let’s create our public NAT gateway. For creating a NAT gateway first, select NAT gateways from the sidebar. On the NAT gateway page select Create NAT gateway.

 

Step 4: On creating the NAT gateway page. We have to select Public as the connectivity type. Public NAT should have an elastic IP for internet access hence we have to allocate existing elastic IP or allocate new elastic IP. Specify details as below then click Create (Again Tags are optional).

 

Step 5: After successful creation, the NAT gateway state will be pending. Once the state changes to available we can associate it with the private subnet.

Step 6: Now let’s create a routing table that will route traffic from our private subnet to the internet through public NAT gateway. Select route tables from the sidebar. On the route tables page select Create route table and specify the below options. Then click on Create (Tags are Optional).

Step 7: Once the table is ready under table details under routes select edit routes.

Step 8: Specify all traffic other than local forward to the public NAT gateway. i.e forward 0.0.0.0/0 to the NAT gateway. under destination type 0.0.0.0/0 and select target as NAT gateway and select your public NAT gateway name. Click on save changes.

Step 9:  After saving changes select route tables and click on actions then edit subnet associations. Now select your private subnet from the list excluding all other subnets. Then click save associations.

Step 10: Once you save the associations the routing table will forward all traffic other than local to the public NAT gateway deployed in a public subnet. Through public NAT gateway resources in private subnets can access the internet. You can view the resource map under the VPC details page. 

Difference Between AWS NAT Gateway and AWS IGW

Both are the two different service offered by Amazon Web service with similar purpose Internet gateway will allow the instance in particular VPC to talk with the internet if there are in the public subnet and if you want to connect to the internet with the instance which is available in the private subnet then you will use the NAT Gateway refer to the Difference Between Internet Gateway and NAT Gateway.

Setting Up a NAT Gateway For a Private Subnet – FAQ’s

1. Can You Put A NAT Gateway In A Private Subnet?

No NAT Gateway should be palaced in the public subnet only.

2. What Is A Private NAT Gateway?

Private NAT Gateways are mostly used for communication between VPCs or between VPCs and Transit Gateway. You can’t access Elastic IP with the private NAT Gateway.