Simple Notification Service (SNS)
Kinesis + MQ
Databases & Analytics
NAT Instances
  • NAT Gateways are more recommended.
  • You can use a NAT instance in a public subnet in your VPC to do the following:
    • Enable instances in the private subnet to initiate outbound IPv4 traffic to the internet.
    • Prevent the instances from receiving inbound traffic initiated by someone on the internet.

Disabling source/destination checks

  • The instance must be the source or destination of any traffic it sends or receives unless you disable it.
  • However, a NAT instance must be able to send and receive traffic when the source or destination is not itself, so you must disable source/destination checks.

NAT instance basics

  • Main route table is associated with the private subnet and sends the traffic from the instances in the private subnet to the NAT instance in the public subnet.
  • NAT instance then sends the traffic to the internet gateway for the VPC.
  • Traffic is attributed to the Elastic IP address of the NAT instance.
  • NAT instance specifies a high port number for the response; if a response comes back, the NAT instance sends it to an instance in the private subnet based on the port number for the response.
  • Private subnet traffic is routed to the NAT instance, which then communicates with the internet.
  • So, the NAT instance must have internet access.
  • It must be in a public subnet (a subnet that has a route table with a route to the internet gateway).
  • It must have a public IP address or an Elastic IP address.