Please enable JavaScript.
Coggle requires JavaScript to display documents.
NAT (Network Address Translation) (NAT Instance (Single EC2 Instance, can…
NAT
(Network Address Translation)
NAT is used for example to give access to the internet to your private subnet instances without exposing them to the internet
NAT Gateway
highly available Gateway
Create VPC- NAT Gateway
edit Route Table
Reminder on NAT-G
can not span AZ
one per AZ for HA
5Gps --> scales automatically up to 45 Gbps
Not associated with Security Group
auto assigned public IP
no need to disable source/dest check
Best Practice on NATG
One NAT G per AZ
make resources talk to their NATG (same AZ)
fully managed NAT service
uses Elastic IP (can not be detached)
must be in public Subnet
can not be used as Bastion
Used for internet traffic to private subnets
can not used for sshing into instance
NAT Instance
Single EC2 Instance
can be a bottleneck
disable source/destination checks
The instance act as a gateway then
AWS AMI
managed by you
translates traffic from a private ipv4 to a single public address ipv4 and the way back
can be used as Bastion (is fully manageable by you)
HA managed by you
scaleability managed by you
create NAT I for each AZ and make resources talk to their AZ based NATI
Elastic IP that can be detached
Bandwith of the instance (no autoscaling here compared to NATG)
can have Security Groups like any other EC2
To talk to a NAT
have to create a route from private to public subnet
private instances in a private subnet must have a route to the public subnet to the NAT Instance or the NAT Gateway
doesn´t allow traffic to private instances initiated from outside (the internet)
AWS states: use NATG over NATI because of managed HA and scaling