How it works...

The parameters required for this recipe are as follows:

  • A public subnet ID
  • A private subnet route table ID

The public subnet ID is needed to host the NAT gateway, as it must have Internet access. The private subnet route table will be updated with a route to the NAT gateway.

Using the AWS NAT gateway service means that AWS takes care of hosting and securing the service for you. The service will be hosted redundantly in a single AZ.

You can use the recipe multiple times to deploy NAT gateways in each of your private subnets. Just make sure the public subnet and the private subnet are in the same AZ.

To cater for the unlikely event of an AZ outage (unlikely, but possible) you should deploy a NAT gateway per subnet. This means if one NAT gateway goes offline, instances in the other AZ can continue to access the Internet as normal. You are deploying your application in multiple AZs, aren't you?

This recipe will only work if you have created your own private subnets, as the default subnets in a new AWS account are all public. Instances in a public subnet have direct access to the Internet (via an IGW), so they do not need a NAT gateway.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset