Skip to content

NAT Instances - Network Address Translation (outdated)

  • Allows instances in the [[private subnet]]s to connect to the internet
  • Must be launched in a [[public subnet]]
  • Must disable AWS EC2 flag: [[Source - Destination Check]]
  • Must have Elastic IP attached to it
  • Route Table must be configured to route traffic from [[private subnet]]s to NAT Instance

To do this, we are going to add a new AWS EC2 instance with a [[NAT template]].

Place it in the [[public subnet]]

And we are going to launch a private instance in the [[private subnet]].

Make sure to disable the [[Source - Destination Check]] for the [[NAT]].

Also would be recommended that the key pair is a different from the public ones.

Then edit the routes of the Private Instance and add the NAT Instance.

By doing this, the private instance will have an access to the internet, through the NAT instance.

NAT Instances - Comments

  • [[Amazon Linux AMI]] - preconfigured available
  • Not [[Highly Available]] / [[resilient]] setup out of the box
  • Would need to create Auto Scaling Group (ASG) in [[Multi AZ]] + resilient EC2 User Data script
  • Internet traffic bandwidth depends on AWS EC2 instance performance
  • Must manage security groups & rules
    • Inbound
      • Allow [[HTTP]] / [[HTTPS]] traffic coming from [[private subnet]]s
      • Allow [[SSH]] from your home network (access is provided though Internet Gateway & Route tables)
    • Outbound
      • Allow [[HTTP]] / [[HTTPS]] traffic to the internet