NAT stands for Network Address Translation.
If you want your EC2 instance in a private subnet can access the internet, this can be achieved only when it can communicate to the internet. However, we do not want to make a subnet public as we want to maintain the degree of control. To overcome the problem, we need to create either NAT Gateways or NAT Instances.
In real time, NAT Gateways are highly used than NAT instances as NAT instances are an individual EC2 instances, and NAT Gateways are highly available across multiple availability zones, and they are not on a single EC2 instance.
NAT Gateways
Let's first start with NAT instance and how to create them.
Sign in to the AWS Management Console.
Click on the EC2 service.
NAT Gateways
Launch an instance.
NAT Gateways
Move to the community AMI appearing on the left side of the console.
NAT Gateways
Type the nat in a search box, and then it will show all the NAT instances. Select the first NAT instance.
NAT Gateways
Choose an Instance type and then click on the Next.
NAT Gateways
Now, configure the instance details. Leave all the details as default except that keep the VPC as custom VPC, i.e., javatpointVPC which we already created in a previous topic and choose the public subnet.
NAT Gateways
Add tags.
NAT Gateways
Click the Review and Launch button. On clicking on the Review and Launch button, a dialog box appears.
NAT Gateways
Click on the Launch button to create an instance.
In this way, a NAT instance is created. NAT Gateway is preferable over NAT instance as NAT Gateway does not require security group and it is highly available across multiple availability zones.
How to create NAT Gateway
Click on the NAT Gateway appearing on the left side of the console.
NAT Gateways
Click on the Create NAT Gateway button
NAT Gateways
Fill the details to create a NAT Gateway.
NAT Gateways
Important points related to NAT instance:
When creating a NAT instance, you need to disable source/destination check on the instance.
NAT instances must be available in a public subnet.
There must be some route from private subnet to NAT instance, in order to work for this.
The amount of traffic that NAT instances can support depends upon the instance size.
You can create high availability using Autoscaling groups, multiple subnets in different AZ's.
NAT instance is configured with the security group.
Important points related to NAT Gateways:
It is redundant inside the availability zone.
It is preferred by an enterprise.
It starts at 5Gbps and scales up to 45 Gbps.
It is not configured with the security groups.
In NAT Gateways, there is no need to disable the source/destination checks.