Nat-gateway

Good Morning everyone,
Just wanted to share a little hands-on experience I had setting up a NAT Gateway in AWS β itβs super helpful when you need your private EC2 instances to reach the internet (like for updates or pulling packages) without giving them a public IP or making them vulnerable.
π§ Table of Contents
π What is a NAT Gateway?
π§ Why Use It?
π οΈ What I Set Up in AWS
π‘ Route Table Configuration
β How I Verified Itβs Working
π Why This Setup Matters
π What is a NAT Gateway?
A NAT (Network Address Translation) Gateway is a managed AWS service that allows instances in a private subnet to initiate outbound connections to the internet, while still preventing any inbound internet traffic from reaching them directly.
Think of it like a smart exit door for your private resources. They can get out (make requests), but no one from outside can get in through it.
π§ Why Use It?
In real-world architectures, we often place sensitive resources (like databases, app servers, or internal APIs) in private subnets β away from public exposure. But sometimes, these resources still need to reach the internet:
For software updates
Pulling packages
Connecting to external APIs (like Stripe, GitHub, etc.)
A NAT Gateway solves this by giving them that access without compromising security.
π οΈ What I Set Up Using AWS Console
Here's what I built step-by-step:
β Created a Custom VPC
- CIDR Block:
10.0.0.0/16
β Added Two Subnets
Public Subnet β
10.0.1.0/24
Private Subnet β
10.0.2.0/24
β Attached an Internet Gateway
Connected it to the custom VPC
This allows the public subnet to access the internet directly
β Launched a NAT Gateway
Deployed it in the public subnet
Allocated and attached an Elastic IP
β Updated Route Tables
Public Subnet β Route to Internet Gateway (IGW)
Private Subnet β Route all 0.0.0.0/0 traffic through the NAT Gateway
β Verifying Itβs Working
To make sure everything was set up right:
I launched one EC2 instance in the public subnet and gave it a public IP
I launched another EC2 instance in the private subnet it has no public IP
Then I SSH into the public instance
From there, I SSH into the private instance
Finally, I ran:
ping google.com
π Why NAT Gateway Matters
This setup is more than just cool β itβs a security best practice:
β
Keeps your sensitive workloads isolated in private subnets
β
Ensures they can still reach the outside world when needed
β
Avoids assigning public IPs to critical infrastructure
β
Aligns with cloud architecture principles and compliance standards
In production, this is an essential building block β especially if you're deploying microservices, backend APIs, or databases that shouldnβt be directly exposed.
π Summary
Setting up a NAT Gateway may sound complex at first, but once you grasp the network flow and properly configure the route tables, it becomes second nature. Itβs a must-have for any secure, modern VPC setup on AWS.
Until next time, for all that jazz
β Shourya
Subscribe to my newsletter
Read articles from Shourya Yadav directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
