Skip to main content

NAT gateway for ec2 instances [Resolved]

I have a public subnet with ec2 instnaces. The route table has IGW (Internet Gateway) as default.

I tested adding a public IP address to my instance ( as reported by curl and when I ssh to that ec2 it returns this IP address, which I expected.

1) My question is since NAT is only for outbound traffic, how they communicate when it sends request or quote to other sites?

2) If I switch IGW (internet gateway) to NAT for public subnet will it mask all outbound traffic to NAT IP address and still able to communicate with other sites?

Question Credit: T Kim
Question Reference
Asked October 10, 2018
Posted Under: Network
1 Answers

Generally you will have 2 kinds of subnets in a VPC:

  1. Public subnet

    • has IGW and optionally NAT
    • there points to the IGW
    • hosts (EC2 instances) must have public IP or elastic IP attached as they go directly to the internet and can be contacted from the internet on this public/elastic IP.
  2. Private subnet

    • has no IGW or NAT, without further configuration hosts don't have internet access
    • the points to the NAT in the public subnet above
    • hosts only have private IP and all outbound access is "masked" to the NAT gateway IP.
    • hosts can't be contacted from outside.

Hope that explains it :)

credit: MLu
Answered October 10, 2018
Your Answer