Nat-gateway

Shourya YadavShourya Yadav
3 min read

Good Morning everyone,

Just wanted to share a little hands-on experience I had setting up a NAT Gateway in AWS β€” it’s super helpful when you need your private EC2 instances to reach the internet (like for updates or pulling packages) without giving them a public IP or making them vulnerable.

🧭 Table of Contents

  • πŸ” What is a NAT Gateway?

  • 🧠 Why Use It?

  • πŸ› οΈ What I Set Up in AWS

  • πŸ“‘ Route Table Configuration

  • βœ… How I Verified It’s Working

  • πŸ” Why This Setup Matters

πŸ” What is a NAT Gateway?

A NAT (Network Address Translation) Gateway is a managed AWS service that allows instances in a private subnet to initiate outbound connections to the internet, while still preventing any inbound internet traffic from reaching them directly.

Think of it like a smart exit door for your private resources. They can get out (make requests), but no one from outside can get in through it.

🧠 Why Use It?

In real-world architectures, we often place sensitive resources (like databases, app servers, or internal APIs) in private subnets β€” away from public exposure. But sometimes, these resources still need to reach the internet:

  • For software updates

  • Pulling packages

  • Connecting to external APIs (like Stripe, GitHub, etc.)

A NAT Gateway solves this by giving them that access without compromising security.

πŸ› οΈ What I Set Up Using AWS Console

Here's what I built step-by-step:

βœ… Created a Custom VPC

  • CIDR Block: 10.0.0.0/16

βœ… Added Two Subnets

  • Public Subnet β†’ 10.0.1.0/24

  • Private Subnet β†’ 10.0.2.0/24

βœ… Attached an Internet Gateway

  • Connected it to the custom VPC

  • This allows the public subnet to access the internet directly

βœ… Launched a NAT Gateway

  • Deployed it in the public subnet

  • Allocated and attached an Elastic IP

βœ… Updated Route Tables

  • Public Subnet β†’ Route to Internet Gateway (IGW)

  • Private Subnet β†’ Route all 0.0.0.0/0 traffic through the NAT Gateway

βœ… Verifying It’s Working

To make sure everything was set up right:

  1. I launched one EC2 instance in the public subnet and gave it a public IP

  2. I launched another EC2 instance in the private subnet it has no public IP

  3. Then I SSH into the public instance

  4. From there, I SSH into the private instance

  5. Finally, I ran:

     ping google.com
    

πŸ” Why NAT Gateway Matters

This setup is more than just cool β€” it’s a security best practice:

βœ… Keeps your sensitive workloads isolated in private subnets
βœ… Ensures they can still reach the outside world when needed
βœ… Avoids assigning public IPs to critical infrastructure
βœ… Aligns with cloud architecture principles and compliance standards

In production, this is an essential building block β€” especially if you're deploying microservices, backend APIs, or databases that shouldn’t be directly exposed.

πŸ“˜ Summary

Setting up a NAT Gateway may sound complex at first, but once you grasp the network flow and properly configure the route tables, it becomes second nature. It’s a must-have for any secure, modern VPC setup on AWS.

Until next time, for all that jazz
β€” Shourya

0
Subscribe to my newsletter

Read articles from Shourya Yadav directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Shourya Yadav
Shourya Yadav