VPC NAT Flashcards
What is NAT?
NAT, or Network Address Translation, is a method used in networking to modify network address information in IP packet headers, while in transit across a traffic routing device, to map a public IP address to a private IP address and vice versa.
What is a NAT Gateway in AWS?
A NAT Gateway is a managed network address translation service provided by AWS to allow instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.
How does NAT work?
NAT works by translating the private IP addresses of devices on a local network to a public IP address before the data is sent over the internet. The NAT device then translates responses back from the public IP address to the corresponding private IP address for the device within the local network.
Why use a NAT Gateway?
A NAT Gateway is used to enable instances in a private subnet to access resources on the internet, while maintaining the private subnet’s security posture by not allowing incoming connections from the internet.
What is the difference between a NAT Gateway and a NAT instance?
A NAT Gateway is a fully managed service provided by AWS that is highly available, scalable, and not required to be patched or managed by the user. A NAT instance, however, is a self-managed EC2 instance configured to perform NAT. It requires manual setup, maintenance, and scaling.
How do you set up a NAT Gateway in AWS?
To set up a NAT Gateway in AWS, create the NAT Gateway in a public subnet, specify an Elastic IP address to associate with the NAT Gateway, and then update the route tables associated with one or more private subnets to point internet-bound traffic to the NAT Gateway.
What are the costs associated with a NAT Gateway?
The costs of using a NAT Gateway in AWS include an hourly charge for the NAT Gateway itself, data processing charges for each gigabyte processed by the NAT Gateway, and a charge for the Elastic IP address if the NAT Gateway is not actively being used.
Can a NAT Gateway send traffic to VPC peering connections, VPN connections, or AWS Direct Connect?
Yes, a NAT Gateway can send traffic to VPC peering connections, AWS VPN connections, and AWS Direct Connect connections, allowing instances in private subnets to communicate with resources in these networks.
What are the benefits of using a NAT Gateway?
Benefits of using a NAT Gateway include simplicity and ease of management as a fully managed service, high availability and redundancy within the Availability Zone, and the ability to scale automatically up to 45 Gbps of bandwidth.
How do you monitor NAT Gateway usage?
You can monitor NAT Gateway usage by using Amazon CloudWatch to collect and track metrics such as ByteOutToDestination, ByteInFromSource, ActiveConnectionCount, and PacketDropCount among others, which provide insights into the operation and performance of your NAT Gateway.
