NAT Gateway basics - AWS015

Posted on Fri 17 May 2019 in quiz

Alt Text

NAT Gateway is used to provide indirect internet access for EC2 instances. The concept is fairly simple, but it is often misunderstood and deployed incorrectly because of its name.

This quiz is conceptual, and does not provide terraform file for you to try. But it is easy enough that you should be able to spot the misconfiguration by just looking at the above diagram.


[Server] VPC > VPC

vpc-server

[Server] VPC > Subnets

vpc-subnet-server

[Server] VPC > NAT Gateway

vpc-natgw-server

[Server] VPC > Network ACL

vpc-nacl-server

[Server] EC2 > Instances

ec2-instance-server

[Server] EC2 > Security Group

ec2-sg-server


Answer
NAT Gateway should be in public subnet rather than private subnet. In order to provide the internet access to the EC2 instances, NAT gateway needs to be procured in the subnet which has internet gateway attached.

In this case, in order to configure NAT Gateway you need to follow below steps:
    Create another subnet in the same VPC.
    Attach Internet Gateway to the subnet's route table.
    Procure NAT Gateway in the subnet which you created in above steps.
    Change the private subnets route table entry. - Target of the destination "0.0.0.0/0" to the NAT Gateway you just created.

So the diagram at the top of this page is not correct. And it should be deployed like below:
answer-natgw-diagram
answer-subnet_public

answer-subnet_private

answer-natgw

aws