NAT Gateway, also known as Network Address Translation Gateway, is used to enable instances present in a private subnet to help connect to the internet or AWS services. In addition to this, the gateway makes sure that the internet doesn’t initiate a connection with the instances. NAT Gateway service is a fully managed service by Amazon, that doesn’t require any efforts from the administrator.
They don’t support IPV4 traffic. In the case of IPV4 traffic, an egress-only internet gateway needs to be used (which is another service).
A NAT gateway in a device forwards the traffic from instances present in the private subnet to the internet/AWS services, and sends back the response from the server back to the instance. When the traffic moves to the internet, an IPV4 address gets replaced with the NAT’s device address. Once the response is obtained, it has to be sent to the instance, and in this case, the NAT device translates the address back to the IPV4 and it is given to the IPV4 address.
There are two kinds of NAT devices which AWS offers- A NAT gateway and a NAT instance. AWS recommends the usage of NAT gateways since it helps provide high availability and a better bandwidth in comparison to NAT instance.
Charges are incurred based on the creation and the usage of a NAT gateway in the user’s account, on an hourly usage as well as the pre-processing charges. EC2 also charges the user when data is transferred.
A NAT gateway creation requires specifying the public subnet wherein the NAT gateway has to be housed at. An elastic IP address has to be associated with a NAT gateway when it is created, and this address can’t be changed once it has been associated with the gateway. The route table which is associated with one or more of the user’s private subnet has to be updated so that the internet-bound traffic points to the NAT gateway. This makes sure that instances present in the private subnets are able to connect to the internet and communicate with it.
Every NAT gateway has to be created in a specific region or Availability Zone. It has to be implemented with redundancy in that zone. There is a limit on the number of NAT gateways which can be created in a specific Availability Zone depending on the tier the user is current in.
If the resources required by the application are present in multiple Availability Zones, and they are sharing the same NAT gateway, the entire dependency is on the Availability Zone of the NAT gateway. If the AZ fails or loses access to internet, the other resources which are dependent on this AZ also lose connection.
If the user wishes to create a NAT gateway which is AZ independent, one NAT gateway has to be created in every AZ and it has to be configured so that it routes the resources to the same NAT gateway that requires it.
A NAT gateway which is no longer needed can be deleted. The elastic IP address associated with the NAT gateway gets dissociated, without releasing the address from the user’s account.
We understood the importance of NAT Gateway and how it can be used to connect to the internet.