AWS : NAT_Gateway

https://www.youtube.com/watch?v=_JumK1gOYW8

1. Make an NAT_Gateway . Allocate Elastic IP Address to it.
2. Place NAT Gateway in Public Subnet, i.e. this subnet should tied to a Route Table which points to Internet Gateway
3. Place All EC2 Instances in Private Subnet i.e Route Table should point to "NAT_Gateway" for 0.0.0.0/0  Destination

What it essentially does is that All AWS Resources wanting to have - INTERNET Access can point to "NAT_Gateway" device and NAT_Gateway in turn connects to internet.

NAT_Gateway has a static IP Address (Elastic IP Address) and it has special handling that It can allow Connected Devices having Private IP Address to connect to internet because it connects to internet on their behalf, This way we save on Public IP Address Space.

NAT_Gateway is charged Per hour and Per GB basis 

--------------------------------------------------------------------------------------------------------------------------

EC2 instances need to have Public IP Address and Subnet must be connected to Route Table with a Internet Gateway

This Internet Gateway also allows Anyone to reach to EC2 Instances - EC2 is Accessible to World

Problem
What if We don't want EC2 Instances not to be accessible and yet to be able to Access Internet when it wants to ? Private Instances Want to connect to Internet without going through Internet Gateway.

Solution is "NAT Gateway"
NAT Gateway needs Static/Elastic IP Address - A special IP Address which never changes 
"NAT Gateway" - Masks Pvt IP Address and writes its own IP Address and connects to outside world via Internet Gateway
"NAT Gateway" is placed in Public Subnet having a Route Table which routes to Internet Gateway
EC2 Instances having Private IP Addresses in Private Subnet are connected to Route Table which routes to "NAT Gateway"

Allocating an Elastic IP address

https://acloud.guru/forums/aws-certified-developer-associate/discussion/-KWNvUYgAm9vU6e-7E_4/one-subnet-one-availability-zone-but-i-can-create-two-subnet-within-one-availabi#:~:text=The%20definition%20%221%20subnet%20%3D%201,and%20can't%20span%20zones.&text=One%20Subnet%20can%20span%20only,by%20default%20inside%20one%20VPC.

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html

https://www.computerhope.com/jargon/i/ip.htm

An Elastic IP address is a static, public IPv4 address designed for dynamic cloud computing. You can associate an Elastic IP address with any instance or network interface in any VPC in your account. With an Elastic IP address, you can mask the failure of an instance by rapidly remapping the address to another instance in your VPC.

https://ip-ranges.amazonaws.com/ip-ranges.json
https://toonk.io/aws-and-their-billions-in-ipv4-addresses/index.html

Starting from the introduction of VPC (Virtual Private Cloud), we have the ability to specify whether an EC2 instance should have a public IP address or not.

In some three-tier architectures, none of EC2 instances have public IP addresses and only public ELBs (Elastic Load Balancers) have them. The ELBs are used to accept traffic from the internet.

AWS has a giant pool of public IP addresses. The IP ranges are published here : https://ip-ranges.amazonaws.com/ip-ranges.json.

When an IP address is disassociated from an EC2 instance (for example when the instance is terminated), the IP address is returned back to the pool and may not be reused. Because of the nature of cloud computing where instances come and go, the risk for AWS to run out of IP address in the pool is somewhat reduced.

You can also claim a public IP address from Amazon’s pool into your account and associate it with your EC2 instance instead of relying on AWS to randomly assign it every time. It is called Elastic IP Address. It gives you the ability to assign “static” IP address to your instance. The default limit is 5 IP addresses per region (can be increased to some extent by contacting AWS support).

Elastic IP Address in your account that is not associated to any EC2 instance will incur cost. That is to discourage people from hoarding a large number of unused IP addresses in the account.