What is NAT Gateway?<\/h2>\n
This is an appliance which is used to connect instances in your private subnet to the internet. So rather than exposing the private instances in the private subnet directly via the Internet gateway, all the traffic can be routed via the NAT gateway.<\/p>\n
Now one can also use the NAT instance to drive traffic from private instances. But using the NAT gateway over NAT instances has the following advantages:<\/em><\/p>\n 1) High availability –<\/strong> NAT gateways in each Availability Zone are implemented with redundancy. Hence it can always be ensured that it will be up and running. With the NAT instance, you have the additional maintenance overhead to ensuring the NAT instance is always up and running.<\/p>\n 2) Bandwidth –<\/strong> By default, the NAT gateway supports bursts of up to 10 Gbps. For NAT Instances, this will depend on the Instance type of the Instance.<\/p>\n 3) Maintenance –<\/strong> All of the maintenance of the NAT gateway is performed by AWS. In comparison, if you had a NAT instance, you would need to perform all the maintenance<\/p>\n Some of the reasons why you would want to use a NAT instance are in situations where you would want<\/p>\n 1) The NAT instance to also be a Bastion Host<\/p>\n 2) For the NAT instance to also provide port forwarding<\/p>\n [divider \/]<\/p>\n [divider \/]<\/p>\n Step 1) Firstly let\u2019s ensure we have a custom VPC defined for this exercise. If you don\u2019t have one, go ahead and create a custom VPC.<\/p>\n \u00a0\u00a0\u00a0\u00a0 \u00a0 \u00a0 \u00a0 In our example, we have created a Custom VPC which has a CIDR block of 10.0.0.0\/16<\/p>\n Step 2) Next let\u2019s ensure we have defined 2 subnets in this VPC. One will be a public subnet and the other will be a private subnet.<\/p>\n So below is the snapshot of the private subnet<\/p>\n And below is the definition of the public subnet<\/p>\n Step 3) We will also ensure that we define a custom route table a shown below and attach it to the Public Subnet<\/p>\n And below will be the Main route table which will be attached to the VPC and Private subnet<\/p>\n Step 4) Next let\u2019s go ahead and define 2 EC2 Instances. One in the private subnet and the other in the public subnet.<\/p>\n We will use the AMI type of Ubuntu and the Instance Type of t2.micro.<\/p>\n Here are both of the servers in the up and running state<\/p>\n For the Private server, ensure the Security Group allows for incoming requests from the public server and the NAT gateway.<\/p>\n Here we mention the private IP of the public server for Internal SSH and the private IP of the NAT gateway for Internet access.<\/p>\n Step 5) Next we need to create the NAT gateway<\/p>\n Go ahead to the VPC section and create the NAT gateway.<\/p>\n In the definition, just choose the Subnet which is the public subnet. If you don\u2019t have an Elastic IP, you can create a new one via this screen.<\/p>\n Initially, the NAT gateway will be in the pending state as it is being provisioned.<\/p>\n Once the NAT gateway has been provisioned it will be in the available state.<\/p>\n Step 6) Now we need to modify the Route tables so that the Route in the main route table has a route via the NAT gateway.<\/p>\n Step 7) Now let\u2019s connect to the server in the public subnet. Ensure the pem key file is copied to the server so that we can connect to the private server from the public server.<\/p>\n Also, ensure the right permissions are given to the key pair.<\/p>\n Now go ahead and connect to the private server from the public server via the following command<\/p>\n ssh -i “awsireland.pem” ubuntu@10.0.2.19<\/p>\n Step 8) To confirm that the private server can connect to the internet, update the packages on the private server<\/p>\n![\"AWS](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/Get-40-OFF-on-Spark-Certification-3.jpg\")
<\/a><\/p>\nImplementation of NAT Gateway<\/b><\/h4>\n
![\"NAT](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/NAT_GATEWAY1.png\")
<\/a><\/p>\n![\"Private](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/NAT_GATEWAY2.png\")
<\/a><\/p>\n![\"Public](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/NAT_Gateway3.png\")
<\/a><\/p>\n![\"Public](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/nat_gateway4.png\")
<\/a><\/p>\n![\"Private](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/NAT_gateway5.png\")
<\/a><\/p>\n![\"NAT](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/NAT_GATEWAY6.png\")
<\/a><\/p>\n![\"NAT](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/NAT_GATEWAY7.png\")
<\/a><\/p>\n![\"VPC](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/NAT_GATEWAY8.png\")
<\/a><\/p>\n![\"Create](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/NAT_GATEWAY9.png\")
<\/a><\/p>\n![\"NAT](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/nat_gateway11.png\")
<\/a><\/p>\n![\"NAT](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/NAT_GATWAY10.png\")
<\/a><\/p>\n![\"NAT](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/nat_gateway12.png\")
<\/a><\/p>\n![\"NAT](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/NAT_Gateway13.png\")
<\/a><\/p>\n
![\"NAT](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/nat_gateway14.png\")
<\/a><\/p>\n![\"AWS](\"https:\/\/www.whizlabs.com\/wp-content\/uploads\/2017\/12\/Get-40-OFF-on-Spark-Certification-2.jpg\")
<\/a><\/p>\n