What is AWS NAT Gateway and How To Create AWS NAT Gateway??-DecodingDevOps

What is AWS NAT Gateway

NAT Gateway is used for “Network Address Translation”. For the secured application, you want your EC2 instance to be in a private subnet. But connect it to the internet (for security patches, updates, etc.) but you don’t want the internet to initiate the connection. That’s where the AWS NAT gateway comes into the picture. in the following steps i will explain what is aws nat gateway and how to create aws nat gateway step by step.

Few Points to Note while Creating AWS Nat Gateway:

  • You will be charged for creating & using NAT gateway
  • You will be charged for the data transfer from EC2
  • It doesn’t allow IP6 traffic
  • Each NAT gateway is implemented with redundancy
  • Quota limit for NAT gateway is 5

How To Create AWS NAT Gateway

  1. Select the public subnet where your gateway can reside.
  2. Must specify ELASTIC IP to associate with NAT gateway
  3. After creating NAT gateway update the routes in the private subnet

The following diagram illustrates the architecture of the NAT gateway.

Create aws nat gateway

Creating A AWS NAT Gateway:

  1. To Create a AWS NAT gateway you need a Elastic IP address that is currently not associated with Network Interface.
  2. Open VPC Console.  https://console.aws.amazon.com/vpc/
  3. In the navigation pane, select NAT Gateway -> Create NAT gateway
    • Choose the subnet in which you want to create NAT gateway.

    how to create aws nat gateway

      • Choose the Elastic IP
      • Choose Create NAT gateway

    aws nat gateway tutorial

  4. NAT gateway is creating. The status will be pending. Wait for some time till its ready to use and the status changes to Ready.

how to create aws nat gateway

Update the Route Tables:

  1. Open VPC Console.
  2. In the navigation pane, select Route Tables
  3. Select the route table associated with the private subnet
    • Choose Routes (In the bottom window) ->  Edit

aws nat gateway tutorial step by step

    • Choose Add Another Rule ,
      1. Destination -> 0.0.0.0/0
      2. Target -> ID of the NAT instance

Choose Save

nat gateway aws rout table

Testing Internet Gateway:

After creating the internet gateway you can connect any instance from that private subnet to connect to the internet.

Note: You can not initialize the connection from the internet.

Cleaning Up:

You can delete NAT gateway from the vpc console -> NAT gateway.

But the entry will remain in the console for about an hour.

  1. In the navigation pane, select NAT Gateway
  2. Select a NAT Gateway -> Actions -> Delete a NAT Gateway

delete aws nat gateway

Rules & Limitations:

  1. Supports 5 Gbps of bandwidth, automatically scale to 45 Gbps
    1. If requires more, you can split resources into multiple subnets
  2. Associate NAT gateway with only one Elastic IP
  3. Can not disassociate IP once its created
  4. Supports: 
    1. Protocol: TCP, UDP, ICMP.
    2. Connection: 55,000 simultaneous connections
  5. Can not Associate Security Group with NAT gateway
  6. You can use NACL to control traffic from the subnet
  7. Can not be accessed by ClassicLink connection