AWS — Difference between Internet Gateway and NAT Gateway

Comparison: Internet gateway (IGW) vs NAT gateway (NGW) in AWS.

Awesome Cloud — AWS Internet gateway (igw) and NAT gateway (ngw)

TL;DR:

Internet Gateway (IGW) allows instances with public IPs to access the internet.
NAT Gateway (NGW) allows instances with no public IPs to access the internet.

Internet Gateway

• Internet Gateway (IGW) is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.
• Internet Gateway enables resources (like EC2 instances) in public subnets to connect to the internet. Similarly, resources on the internet can initiate a connection to resources in your subnet using the public.
• If a VPC does not have an Internet Gateway, then the resources in the VPC cannot be accessed from the Internet (unless the traffic flows via a Corporate Network and VPN/Direct Connect).
• Internet Gateway supports IPv4 and IPv6 traffic.
• Internet Gateway does not cause availability risks or bandwidth constraints on your network traffic.
• In order to make subnet public, add a route to your subnet’s route table that directs internet-bound traffic to the internet gateway.
• You can associate exactly one Internet Gateway with a VPC.
• Internet Gateway is not Availability Zone specific.
• There’s no additional charge for having an internet gateway in your account.

NAT Gateway

• NAT Gateway (NGW) is a managed Network Address Translation (NAT) service.
• NAT Gateway does something similar to Internet Gateway (IGW), but it only works one way: Instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.
• NAT gateways are supported for IPv4 or IPv6 traffic.
• NAT gateway supports the following protocols: TCP, UDP, and ICMP.
• Each NAT gateway is created in a specific Availability Zone and implemented with redundancy in that zone.
• If you have resources in multiple Availability Zones and they share one NAT gateway, and if the NAT gateway’s Availability Zone is down, resources in the other Availability Zones lose internet access.
• To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone.
• You can associate exactly one Elastic IP address with a public NAT gateway.
• You are charged for each hour that your NAT gateway is available and each Gigabyte of data that it processes.

NAT gateway replaces the source IP address of the instances with the IP address of the NAT gateway.

View more from Awesome Cloud

• Difference between SQS and SNS
• Difference between Application load balancer and Network load balancer
• Difference between Amazon Aurora and Amazon RDS
• Difference between Security Groups and NACL
• Difference between Secrets Manager and Parameter Store
• Difference between EKS and ECS

Happy Clouding!!!