Open in app

Sign in

Write

Sign in

AWS: NAT-GATEWAY

Avishek Roy
teckdevops
Published in
5 min readJun 9, 2019
NAT Gateway

A Story to explain a link between a VPC, an instance in private subnet and the Nat Gateway

Introduction

Hi there!

In the last couple of blogs, we have learned to set up a VPC, public and private subnets and restriction around instances created under a custom VPC.

Specifically, on the very last blog, we have tried to access a private subnet instance via a public subnet instance i.e. a bastion host. But what if our private subnet instance also requires connectivity to the internet to download and installation of packages, upgrade software or patches!

Do note the connectivity to the internet have to be the only outflow and no inflow i.e. private instance isn’t supposed to be accessible from the outer world but should have an outbound route to the internet.

To achieve the above-discussed scenario/case, AWS provides a solution in terms of the NAT Gateway.

So, over this article, we will be going to spin up a machine into a private subnet of a custom VPC and then create & attach a NAT Gateway to that instance and finally test our setup via installing MySQL.

CAUTION : NAT Gateway comes up with a slight costing so, it might possible to get a minimal billing amount if you follow this blog to setup a NAT Gateway.

Prerequisite

  • AWS Console Access i.e. a valid account on AWS Portal.
  • A valid user with permission of creation and deletion of VPC, EC2 instances.
  • Pre Setup of VPC, Subnet, and Softwares as per Blog1 & Blog2.

Setup So far...

IF all the prerequisite is closed, THEN the current set up will be having below components and look like as follows.

→ A custom VPC having a public and private subnet.

→ An IGW attached to a public subnet i.e. to provide a route to the internet.

→ A web server created in public subnet & a DB server created in a private subnet.

→ Access to DB server via the web server.

☑️ Please make sure to refer each snapshot and have a similar sort of setup to avoid any issues when we go forward to set up our NAT Gateway.

Instances → A web server & a DB server

Instances

VPC → Custom VPC

MyCustomVPC

Subnets → a private & a public

Subnets

Route Table → a private & a public

Public route table(having an IGW attached to it)

public route

Private route table

private route table

Access to DB Server(via web server)

Private Instance — SSH

NAT GATEWAY

It’s time for action as our setup is ready & assuming that all the prerequisites are now achieved.

Post-logging into the DB Server(private instance), try to run ‘yum update -y’ and same should get timed out, Why? 🙄

yum update

The above request got timed out as there is no route for the private subnet instances i.e. DB Server to talk to the internet i.e. no outbound connection.

To enable the same we need to add a NAT Gateway into our public subnet and into the private subnet have to add a route to that NAT Gateway.

So, let’s do it…

A. Create NAT Gateway

Jump to VPC dashboard and go to NAT Gateway link and Create a NAT Gateway. Please note it will take some time to bring up a NAT Gateway.

VPC → Nat Gateways

A NAT Gateway to be created in a public subnet, and attach an Elastic IP to same as per below snippet.

Choose Public Subnet
EIP
NAT Gateway — Created

Before, going to route tables i.e. to add newly created NAT, make sure it was created and ready to be used.

Pending State

NAT — Pending State

Available State

NAT — Available State

Now, as soon as NAT Gateway is available, the same can be attached to route tables. Go to the private route table and modify routes to add a NAT Gateway.

Routes
NAT Gateway
Route successfully modified

Before

Private Route Table

After

And we are done, yes that’s simple. Now try to re-login onto the DB server and retry to run ‘yum update -y’, it should be a success this time. 🙂

yum update
success

MySQL Installation

As we have outbound connectivity we can now install any of the packages so, let’s quickly install MySql.

Visit MySQL Official Page to download concerned packages.

download(wget)

wget

Install

install

Check

Check

And Done! ✌️

Caution: Please clean up (terminate the instances, delete NAT Gateway , Release EIP and delete the CustomVPC) the whole setup if not required so, as to avoid any AWS cost/charges.

Conclusion

We have seen the use of NAT Gateway that it provides an out traffic for the private subnet machines/instances as same is essential for downloading of packages, installing patches, software upgrades, etc.

Another plus point of using NAT Gateway is that it’s quite simple to add or remove it i.e. via removal/addition of a route to NAT Gateway from the route table that is based on our requirements.

Thanks, for visit and Happy Reading, Cheers!

— A blog by teckdevOps

AWS
Nat Gateway
Vpc
Cloud
Private Cloud

--

--

Avishek Roy
teckdevops

Written by Avishek Roy

17 Followers
Editor for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams