An AWS NAT Gateway is a managed service that allows instances in a private subnet to connect to the Internet while keeping them secure. The NAT Gateway acts as an intermediary for outbound traffic, providing a controlled and secure way for private instances to access the internet without exposing their private IP addresses.
NAT, or Network Address Translation, is a method used to modify network address information in packet headers while in transit. It is commonly employed to allow multiple devices in a private network to share a single public IP address for internet communication.
AWS employs a NAT Gateway to enable instances in a private subnet to connect to the internet for software updates or other external services, while still maintaining a level of security.
AWS private subnets are used to enhance security by isolating resources from direct exposure to the internet. In a private subnet, instances have no public IP addresses, making them less susceptible to unauthorized access. This setup is particularly useful for hosting databases or backend services that don't require direct internet access but still need to communicate with resources in other subnets or the internet through controlled gateways like NAT.
The following diagram from the AWS with Terraform: The Essential Guide tutorial shows a NAT Gateway providing Internet connectivity to the VPC private subnets.
NAT Gateways are attached to each Subnet and provide a target for traffic destined for public IP addresses or the internet. They enable resources within a private subnet, with no Public IP, to initiate outbound connections to the Internet.
For the NAT Gateway to route traffic, it has to be used as a routing destination for a Subnet.
Create a NAT gateway in each Availability Zone to ensure zone-independent architecture.
See tutorials using an Internet Gateway:
IT Wonder Lab tutorials are based on the diverse experience of Javier Ruiz, who founded and bootstrapped a SaaS company in the energy sector. His company, later acquired by a NASDAQ traded company, managed over €2 billion per year of electricity for prominent energy producers across Europe and America. Javier has over 25 years of experience in building and managing IT companies, developing cloud infrastructure, leading cross-functional teams, and transitioning his own company from on-premises, consulting, and custom software development to a successful SaaS model that scaled globally.