How to Configure a NAT Gateway

A NAT Gateway is a resource that allows instances in a private subnet to communicate securely with the internet. This post covers how to setup a NAT Gateway.

The architecture essentially is like this:

That diagram gives you this checklist for a functioning NAT Gateway:

1. A VPC with both public and private subnets.

2. An Internet Gateway

3. A route table for your public subnet, directing internet-bound traffic to your Internet Gateway.

4. A NAT Gateway:
Create your NAT Gateway from your VPC console. Place it in your VPC’s public subnet. And give it an Elastic IP.

5. A route table for your private subnet, directing internet-bound traffic to your NAT Gateway.

And of course, you need to make sure your Security Groups and NACLs allow the traffic flows.

To test that your private subnet can connect to the internet, you can select a private instance and send a ping.

For a more resilient architecture, consider creating a NAT Gateway in each Availability Zone. This setup is not shown in the architecture diagram above. But, if you choose to have a NAT Gateway in every AZ, associate each private subnet to a NAT Gateway in the same AZ.

Leave a Comment