Using NAT Gateways in AWS

Zeeshan Baig
Jun 21, 2018 · 4 min read

In AWS you can design your own network using VPC (Virtual Private Cloud). You can assign your own IP address ranges and split your network into Public and Private Subnets. In simple words, Public Subnet is like Green Zone where traffic from the internet is allowed while Private Subnet is DMZ where no direct internet access is allowed.


So what if we need to install/update/upgrade software, utilities or OS on EC2 Instances running in a private subnet? one option is to manually FTP to the box and install it but sometimes is not feasible.

For scenarios like these AWS provides us NAT Gateways (previously NAT Instances which are going to obsolete soon).

Let’s see how to setup NAT Gateways in your VPC


To configure NAT gateway follow these steps

  1. Make sure you have Internet Gateway route defined in Routing Table
  2. Get the Public Subnet ID where your NAT gateway would be deployed
  3. Create NAT Gateway
  4. Test the Internet connectivity

Diagram courtesy of AWS Documentation

In my example, I have two EC2 Instances running one (web-tier) in the Public subnet and other (app-server) in the Private subnet as shown in the slide

Note: In my example, I am trying to install a git on my EC2 instances in private subnet. The command will fail due to no internet connectivity.

Verify Routing Table for Internet Gateway Route

Verify in your public subnet you have internet gateway route defined as shown in the slide

Create NAT Gateway

  1. Go to VPC > NAT Gateways and click Create NAT Gateways
  2. Select Public subnet where your NAT Gateway is going to deploy
  3. Select existing EIP or click Create Allocate Elastic IP (this will create a new EIP and assign to NAT)
  4. Wait for NAT Gateway Status to become available

Define NAT Gateway Routing in Private Subnet

  1. Make sure NAT Gateway is up and running
  2. Click on Routing Table and select private subnet where you want to enable internet access
  3. Create Edit and enter in the source and select your NAT from the list
  4. Click Save

Verify EC2 Instances

  1. Once these steps are done you can connect to your instance running in the private subnet and install updates

Clean up

To clean up what we just did in this post, follow these steps

  1. Delete the NAT gateway
  2. Delete the NAT routing in private subnet routing table
  3. Release the Elastic IP (yes you have to do it manually).

Hope you like this post, please leave a comment, like or clap or share your suggestions on any topics you like us to post.


About DataNext

DataNext Solutions is US based system integrator, specialized in Cloud, Big Data, DevOps technologies. As a registered AWS partner, our services comprise of any Cloud Migration, Cost optimization, Integration, Security and Managed Services. Click here and Book Free assessment call with our experts today or visit our website for more info.

Originally published at on June 21, 2018.

Zeeshan Baig

Written by

Cloud, Big Data, DevOps Expert, Musician & CEO of DataNext Solutions, helping people every day with the latest tech. Connect @LinkedIn