What is a NAT device?
A NAT(Network Address Translation) devices enable you to connect your virtual machines (EC2) in a private subnet to connect to the internet or other AWS services. For example, you can install or update software using a NAT device to your server that sits in the private subnet, which has no internet access directly.
NAT Device forwards traffic from your private subnet to the internet or other AWS services. When traffic is directed to the internet, the source IP address is replaced with the NAT device’s address, and similarly when the response traffic returns, the NAT device translates the address back to those instance’s private IP address.
You can use either your own NAT device in an EC2 instance (i.e. NAT Instance) or a managed NAT device offered by AWS, called as NAT gateway.
Important Points about NAT Instance Configuration
- When creating a NAT instance, Disable Source/Destination Check on the Instance.
- NAT instances must be created in a public subnet.
- There must be a route out of the private subnet to the NAT instance.
- The amount of NAT instances traffic load depends on the instance size. If you are bottlenecking, increase the instance size.
- You can create high availability using Auto scaling Group, multiple subnets in different AZs, and a script to automate failover.
- It needs a Security Group association.
Important Points about NAT Gateway Configuration
- AWS recommends the NAT gateway because it is a managed service that provides better bandwidth and availability compared to NAT instances.
- It is Preferred by the enterprise.
- It Starts at 5Gbps and scale currently to 45Gbps.
- Not associated with the security group.
- Automatically assigned a public IP address.
- In order to work it route tables must be updated.
- No need to disable Source/Destination Checks.