Welcome to Day 59 of the #100DaysOfDevOps Challenge! Today we will deep dive into AWS NAT Gateway.
A NAT Gateways, also known as the Network Address Translation, is used to connect the instances in a private subnet to the services outside your VPC. This gateway also ensures that the external services cannot initiate a connection with those instances. Amazon fully manages NAT Gateway services. The administrator does not need to put any effort into it.
Connectivity Types
There are two connectivity types in NAT Gateways.
- Public: It is the default connectivity type. Here instances in a private subnet can connect to the internet through the public NAT Gateway. To create the public NAT gateways in a public subnet, you must associate an elastic IP address with the NAT Gateway.
You can also use a public NAT Gateway to connect to other VPCs or your on-premises network. Here, you route traffic from the NAT Gateway to the transit or virtual public gateway.
- Private: Here, Instances in private subnets can connect to other VPCs or your on-premises network through a private NAT gateway.
Here, you can route traffic from the NAT gateway through transit or a virtual private gateway. An elastic IP address can not be associated with a private NAT gateway. However, you can attach an internet gateway to a VPC(Virtual Public Cloud) with a private NAT gateway. But the problem is that if you route traffic from the private NAT gateway to the internet gateway, the internet gateway drops the traffic.
Characteristics and Rules
The characteristics and rules that apply to the NAT gateways are shown below:
A NAT gateway supports the TCP, UDP, and ICMP protocols.
NAT gateways are supported for IPv4 and IPv6 traffic.
It supports 5 Gbps of bandwidth and automatically scales up to 45Gbps.
NAT gateways can process one million packets per second and automatically scales up to 4 million packets per second.
A NAT gateway can support up to 55000 simultaneous connections to each unique destination.
A NAT gateway can be associated with exactly one elastic IP address.
A private NAT gateway receives an available private IP address from the subnet.
A security group cannot be associated with a NAT gateway.
A NAT gateway receives a network interface that is automatically assigned a private IP address from the IP address range of the subnet.
You cannot access the NAT gateway through a ClassicLink connection associated with your VPC.
Create a NAT Gateways
To create a new NAT Gateway, click on NAT Gateway and then Create NAT Gateway.
Give the Gateway a name and select the public subnet that we created before allocating the elastic IP and finally clicking on the Create NAT Gateway button.
Now we must edit the public routing table to include the newly created NAT Gateway.
Now all the application server will have access to internet through NAT Gateway.