Thursday, April 8, 2021

AWS : NAT_Gateway

https://www.youtube.com/watch?v=_JumK1gOYW8

  1. Make an NAT_Gateway . Allocate Elastic IP Address to it.
  2. Place NAT Gateway in Public Subnet, i.e. this subnet should tied to a Route Table which points to Internet Gateway
  3. Place All EC2 Instances in Private Subnet i.e Route Table should point to "NAT_Gateway" for 0.0.0.0/0  Destination

What it essentially does is that All AWS Resources wanting to have - INTERNET Access can point to "NAT_Gateway" device and NAT_Gateway in turn connects to internet.
NAT_Gateway has a static IP Address (Elastic IP Address) and it has special handling that It can allow Connected Devices having Private IP Address to connect to internet because it connects to internet on their behalf, This way we save on Public IP Address Space.

NAT_Gateway is charged Per hour and Per GB basis 

--------------------------------------------------------------------------------------------------------------------------

EC2 instances need to have Public IP Address and Subnet must be connected to Route Table with a Internet Gateway

This Internet Gateway also allows Anyone to reach to EC2 Instances - EC2 is Accessible to World

Problem
What if We don't want EC2 Instances not to be accessible and yet to be able to Access Internet when it wants to ? Private Instances Want to connect to Internet without going through Internet Gateway.

Solution is "NAT Gateway"
NAT Gateway needs Static/Elastic IP Address - A special IP Address which never changes 
"NAT Gateway" - Masks Pvt IP Address and writes its own IP Address and connects to outside world via Internet Gateway
"NAT Gateway" is placed in Public Subnet having a Route Table which routes to Internet Gateway
EC2 Instances having Private IP Addresses in Private Subnet are connected to Route Table which routes to "NAT Gateway"



No comments:

Post a Comment

Azure - Pipeline - Add Approver for Stage

https://learn.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass