Using NAT Gateways in AWS

Zeeshan Baig
Jun 21, 2018 · 4 min read
Image for post
Image for post

In AWS you can design your own network using (Virtual Private Cloud). You can assign your own IP address ranges and split your network into and . In simple words, is like where traffic from the internet is allowed while is where no direct internet access is allowed.


So what if we need to install/update/upgrade software, utilities or OS on EC2 Instances running in a private subnet? one option is to manually FTP to the box and install it but sometimes is not feasible.

For scenarios like these AWS provides us (previously NAT Instances which are going to obsolete soon).

Let’s see how to setup NAT Gateways in your VPC


To configure follow these steps

  1. Make sure you have route defined in
  2. Get the Public Subnet ID where your would be deployed
  3. Create
  4. Test the Internet connectivity

Diagram courtesy of AWS Documentation

Image for post
Image for post

In my example, I am trying to on my EC2 instances in private subnet. The command will fail due to no internet connectivity.

Image for post
Image for post

Verify Routing Table for Internet Gateway Route

Verify in your you have route defined as shown in the slide

Image for post
Image for post

Create NAT Gateway

  1. Go to > and click
  2. Select where your is going to deploy
  3. Select existing or click (this will create a new EIP and assign to NAT)
  4. Wait for NAT Gateway to become available
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post

Define NAT Gateway Routing in Private Subnet

  1. Make sure is up and running
  2. Click on and select where you want to enable internet access
  3. Create Edit and enter in the source and select your from the list
  4. Click Save
Image for post
Image for post

Verify EC2 Instances

  1. Once these steps are done you can connect to your instance running in the private subnet and install updates
Image for post
Image for post

Clean up

To clean up what we just did in this post, follow these steps

  1. Delete the
  2. Delete the in private subnet routing table
  3. (yes you have to do it manually).

Hope you like this post, please leave a comment, like or clap or share your suggestions on any topics you like us to post.


About DataNext

is US based system integrator, specialized in Cloud, Big Data, DevOps technologies. As a registered , our services comprise of any , , , and . Click here and Book Free assessment call with our experts today or visit our website for more info.

Originally published at on June 21, 2018.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store