0
0
AwsConceptBeginner · 4 min read

What is NAT Gateway in AWS: Simple Explanation and Use Cases

A NAT Gateway in AWS is a service that allows private cloud resources to access the internet securely without exposing them directly. It acts like a middleman that translates private IP addresses to public ones, enabling outbound internet traffic while blocking inbound connections.
⚙️

How It Works

Imagine you live in a house with no direct door to the outside world, but you want to send letters or packages. You use a trusted friend who has a door to the outside to send and receive your mail. In AWS, private resources inside a Virtual Private Cloud (VPC) are like that house without a door. They cannot access the internet directly because they have private IP addresses.

The NAT Gateway acts as that trusted friend. It sits in a public subnet with a public IP address and forwards requests from private resources to the internet. When the internet responds, the NAT Gateway sends the response back to the private resources. This way, private resources can download updates or access external services without exposing themselves to incoming internet traffic.

💻

Example

This example shows how to create a NAT Gateway using AWS CloudFormation, which is a way to define AWS resources with code. The NAT Gateway is created in a public subnet with an Elastic IP address attached.

yaml
Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
  PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.1.0/24
      MapPublicIpOnLaunch: true
  MyEIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc
  MyNatGateway:
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !GetAtt MyEIP.AllocationId
      SubnetId: !Ref PublicSubnet
Output
Stack created with a VPC, a public subnet, an Elastic IP, and a NAT Gateway ready to route internet traffic for private subnets.
🎯

When to Use

Use a NAT Gateway when you have resources in private subnets that need to access the internet for updates, patches, or external APIs but should not be reachable from the internet. For example:

  • Database servers downloading security patches
  • Application servers calling external web services
  • Batch processing jobs uploading results to cloud storage

It helps keep your network secure by preventing direct inbound internet traffic to sensitive resources.

Key Points

  • NAT Gateway enables outbound internet access for private subnet resources.
  • It uses a public IP to translate private IP addresses.
  • It blocks inbound internet traffic to private resources.
  • It is fully managed by AWS and scales automatically.
  • It incurs hourly and data processing charges.

Key Takeaways

A NAT Gateway allows private AWS resources to access the internet securely without exposing them.
It translates private IP addresses to a public IP for outbound traffic only.
Use NAT Gateway to keep sensitive resources safe while enabling internet access.
AWS manages NAT Gateway scaling and availability automatically.
NAT Gateway is a cost-effective and secure way to provide internet access to private subnets.

Related by keyword

What is AWS API Gateway: Overview and Use CasesAPI GatewayWhat is DynamoDB in AWS: Simple Explanation and Use CasesDynamoDB AWSWhat is Assume Role in AWS: Simple Explanation and ExampleIAMWhat is IAM in AWS: Simple Explanation and ExampleIAMWhat is Trust Policy in AWS: Simple Explanation and ExampleIAM

Up next

REST API vs HTTP API in AWS API Gateway: Key Differences and UsageWhat is Stage in API Gateway: Definition and UsageHow to Configure Security Group for AWS RDS InstancesHow to Connect to AWS RDS: Simple Steps for Beginners

More in VPC

Gateway Endpoint vs Interface Endpoint in AWS: Key Differences and UsageHow to Configure Route Table in AWS: Step-by-Step GuideHow to Configure VPC Flow Logs in AWS: Step-by-Step GuideHow to Connect AWS VPC to On-Premise Network Securely