NAT stands for Network Address Translation.
If you want your EC2 instance in a private subnet can access the internet, this can be achieved only when it can communicate to the internet. However, we do not want to make a subnet public as we want to maintain the degree of control. To overcome the problem, we need to create either NAT Gateways or NAT Instances.
In real time, NAT Gateways are highly used than NAT instances as NAT instances are an individual EC2 instances, and NAT Gateways are highly available across multiple availability zones, and they are not on a single EC2 instance.
Let's first start with NAT instance and how to create them.
Sign in to the AWS Management Console.
Click on the EC2 service.
Launch an instance.
Move to the community AMI appearing on the left side of the console.
Type the nat in a search box, and then it will show all the NAT instances. Select the first NAT instance.
Choose an Instance type and then click on the Next.
Now, configure the instance details. Leave all the details as default except that keep the VPC as custom VPC, i.e., javatpointVPC which we already created in a previous topic and choose the public subnet.
Click the Review and Launch button. On clicking on the Review and Launch button, a dialog box appears.
Click on the Launch button to create an instance.
In this way, a NAT instance is created. NAT Gateway is preferable over NAT instance as NAT Gateway does not require security group and it is highly available across multiple availability zones.
How to create NAT Gateway
Click on the NAT Gateway appearing on the left side of the console.
Click on the Create NAT Gateway button
Fill the details to create a NAT Gateway.
Important points related to NAT instance:
When creating a NAT instance, you need to disable source/destination check on the instance.
NAT instances must be available in a public subnet.
There must be some route from private subnet to NAT instance, in order to work for this.
The amount of traffic that NAT instances can support depends upon the instance size.
You can create high availability using Autoscaling groups, multiple subnets in different AZ's.
NAT instance is configured with the security group.
Important points related to NAT Gateways:
It is redundant inside the availability zone.
It is preferred by an enterprise.
It starts at 5Gbps and scales up to 45 Gbps.
It is not configured with the security groups.
In NAT Gateways, there is no need to disable the source/destination checks.