In this AWS VPC Tutorial, we will learn how to create an Elastic IP address, a NAT Gateway, and accessing the internet from private subnet using the NAT gateway.
This is the third in the 3-series tutorial, the first tutorial introduced the key concepts and tutorial problem and the second tutorial looked at creating VPC, subnets, and internet gateway.
Why a NAT Gateway?
Before we explain why we need a NAT Gateway, here’s a network diagram of what we are trying to accomplish.
The two private networks need to talk to the internet for things like updating the operating system or installing software. Since the instances in the private network do not have a public IP, they need a NAT (Network Address Translation) Gateway that can convert the private IP to public IP for routing traffic to the internet and back. AWS provides two kinds of NAT resources – NAT instances and NAT gateways. The gateways are completely managed by AWS and so they are preferred over NAT instances.
What are Elastic IP addresses
We will build a NAT gateway, however, the gateway needs an IP address. AWS provides Elastic IP addresses, that you can create on demand. These IP addresses can be attached to instances and resources and detached when not required.
Steps to create AWS Elastic IP Address
Click on Elastic IPs in the VPC console of AWS.
If you haven’t created an IP address before you should see an empty table. Click on ‘Allocate New Address’ to add a new IP address. AWS will start creating the IP address for you.
Create two Elastic IPs for the two Gateways in each AZ.
Steps to create the NAT gateway
Once the IP address is created, click on NAT Gateway to open up the NAT gateway homepage. Click on ‘Create NAT Gateway’ to create a new NAT Gateway. In The field that says ‘Elastic IP Allocation ID’ select the new IP that you just created and then hit ‘Create NAT Gateway’. This will create the NAT Gateway.
Create a Route Table for NAT
The next step is to create the route table that will direct all traffic in the private subnet through the NAT Gateway. Click on the ‘Route Table’ section and click on ‘Create Route Table’. In the Routes section, add a route that maps all traffic (0.0.0.0/0) to the NAT gateway that we just created.
.
The Route table would need to be created for both the NAT Gateways.
Recap of the AWS VPC Tutorial
Our first VPC setup is done. To recap, we created a VPC with four subnets. Two of the subnets were made public by attaching an internet gateway to it and the other two subnets were private. However, the private subnets were allowed to connect to the internet using a NAT gateway. The instances in the public subnet will have public IP addresses. We can configure the subnet to assign a public IP address to all instances that are created in the subnet, OR, during instance creation we can specify the instance to have an auto-assigned public IP.
This completes our AWS VPC Tutorial.