What is the AWS NAT Gateway?

Clash Royale CLAN TAG#URR8PPP

up vote
1
down vote

favorite

I'm not sure what caused it, maybe Elastic Beanstalk, but at some point AWS created me a "NAT Gateway" which costs more than my EC2 server instances themselves.

What does it do, why does it cost so much, and why do I need it for things like EC2?

It seems like I can I do without it, just delete it, and things still work while saving a ton?

networking amazon-web-services nat

share|improve this question

edited 16 mins ago

asked 7 hours ago

kayla

1113

add a comment | 

up vote
1
down vote

favorite

I'm not sure what caused it, maybe Elastic Beanstalk, but at some point AWS created me a "NAT Gateway" which costs more than my EC2 server instances themselves.

What does it do, why does it cost so much, and why do I need it for things like EC2?

It seems like I can I do without it, just delete it, and things still work while saving a ton?

networking amazon-web-services nat

share|improve this question

edited 16 mins ago

asked 7 hours ago

kayla

1113

add a comment | 

up vote
1
down vote

favorite

up vote
1
down vote

favorite

I'm not sure what caused it, maybe Elastic Beanstalk, but at some point AWS created me a "NAT Gateway" which costs more than my EC2 server instances themselves.

What does it do, why does it cost so much, and why do I need it for things like EC2?

It seems like I can I do without it, just delete it, and things still work while saving a ton?

networking amazon-web-services nat

share|improve this question

edited 16 mins ago

asked 7 hours ago

kayla

1113

I'm not sure what caused it, maybe Elastic Beanstalk, but at some point AWS created me a "NAT Gateway" which costs more than my EC2 server instances themselves.

What does it do, why does it cost so much, and why do I need it for things like EC2?

It seems like I can I do without it, just delete it, and things still work while saving a ton?

networking amazon-web-services nat

networking amazon-web-services nat

share|improve this question

edited 16 mins ago

asked 7 hours ago

kayla

1113

share|improve this question

edited 16 mins ago

asked 7 hours ago

kayla

1113

share|improve this question

share|improve this question

edited 16 mins ago

edited 16 mins ago

edited 16 mins ago

asked 7 hours ago

kayla

1113

asked 7 hours ago

kayla

1113

asked 7 hours ago

kayla

1113

1113

add a comment | 

add a comment | 

2 Answers
2

active

oldest

votes

up vote
2
down vote

AWS say

You can use a network address translation (NAT) gateway to enable
instances in a private subnet to connect to the internet or other AWS
services, but prevent the internet from initiating a connection with
those instances. For more information about NAT, see NAT.

In short, it's an internet proxy that lets you initiate outgoing connections, but prevents anyone initiating connections to you. It's for security.

AWS don't tend to create resources without you asking for them. The VPC Wizard will sometimes create one of these when you create your VPC.

share|improve this answer

answered 7 hours ago

Tim

15.9k31845

add a comment | 

up vote
1
down vote

In short - NAT Gateway provides public internet access to EC2 instances without public IP address.

Whether or not you can remove the NAT Gateway depends on your VPC and EC2 configuration.

• If your EC2 instance is in a subnet with IGW (Internet Gateway) and has public or elastic IP attached then you don't need NAT gateway.




• If your EC2 instance is in a subnet without IGW you do need NAT gateway.

If you want to remove the NAT gateway make sure your EC2 instance has a public IP attached to it an it's in a subnet with IGW.

Also note that adding a public IP to your instance puts it directly on the public internet - double check the instance Security Group (i.e. firewall) to ensure it's locked down as much as possible.

share|improve this answer

answered 2 hours ago

MLu

1,6761222

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f933250%2fwhat-is-the-aws-nat-gateway%23new-answer', 'question_page');

);

Post as a guest

Name Email

2 Answers
2

active

oldest

votes

2 Answers
2

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
2
down vote

AWS say

You can use a network address translation (NAT) gateway to enable
instances in a private subnet to connect to the internet or other AWS
services, but prevent the internet from initiating a connection with
those instances. For more information about NAT, see NAT.

In short, it's an internet proxy that lets you initiate outgoing connections, but prevents anyone initiating connections to you. It's for security.

AWS don't tend to create resources without you asking for them. The VPC Wizard will sometimes create one of these when you create your VPC.

share|improve this answer

answered 7 hours ago

Tim

15.9k31845

add a comment | 

up vote
2
down vote

AWS say

You can use a network address translation (NAT) gateway to enable
instances in a private subnet to connect to the internet or other AWS
services, but prevent the internet from initiating a connection with
those instances. For more information about NAT, see NAT.

In short, it's an internet proxy that lets you initiate outgoing connections, but prevents anyone initiating connections to you. It's for security.

AWS don't tend to create resources without you asking for them. The VPC Wizard will sometimes create one of these when you create your VPC.

share|improve this answer

answered 7 hours ago

Tim

15.9k31845

add a comment | 

up vote
2
down vote

up vote
2
down vote

AWS say

You can use a network address translation (NAT) gateway to enable
instances in a private subnet to connect to the internet or other AWS
services, but prevent the internet from initiating a connection with
those instances. For more information about NAT, see NAT.

In short, it's an internet proxy that lets you initiate outgoing connections, but prevents anyone initiating connections to you. It's for security.

AWS don't tend to create resources without you asking for them. The VPC Wizard will sometimes create one of these when you create your VPC.

share|improve this answer

answered 7 hours ago

Tim

15.9k31845

AWS say

You can use a network address translation (NAT) gateway to enable
instances in a private subnet to connect to the internet or other AWS
services, but prevent the internet from initiating a connection with
those instances. For more information about NAT, see NAT.

In short, it's an internet proxy that lets you initiate outgoing connections, but prevents anyone initiating connections to you. It's for security.

AWS don't tend to create resources without you asking for them. The VPC Wizard will sometimes create one of these when you create your VPC.

share|improve this answer

answered 7 hours ago

Tim

15.9k31845

share|improve this answer

share|improve this answer

answered 7 hours ago

Tim

15.9k31845

answered 7 hours ago

Tim

15.9k31845

answered 7 hours ago

Tim

15.9k31845

15.9k31845

add a comment | 

add a comment | 

up vote
1
down vote

In short - NAT Gateway provides public internet access to EC2 instances without public IP address.

Whether or not you can remove the NAT Gateway depends on your VPC and EC2 configuration.

• If your EC2 instance is in a subnet with IGW (Internet Gateway) and has public or elastic IP attached then you don't need NAT gateway.




• If your EC2 instance is in a subnet without IGW you do need NAT gateway.

If you want to remove the NAT gateway make sure your EC2 instance has a public IP attached to it an it's in a subnet with IGW.

Also note that adding a public IP to your instance puts it directly on the public internet - double check the instance Security Group (i.e. firewall) to ensure it's locked down as much as possible.

share|improve this answer

answered 2 hours ago

MLu

1,6761222

add a comment | 

up vote
1
down vote

In short - NAT Gateway provides public internet access to EC2 instances without public IP address.

Whether or not you can remove the NAT Gateway depends on your VPC and EC2 configuration.

• If your EC2 instance is in a subnet with IGW (Internet Gateway) and has public or elastic IP attached then you don't need NAT gateway.




• If your EC2 instance is in a subnet without IGW you do need NAT gateway.

If you want to remove the NAT gateway make sure your EC2 instance has a public IP attached to it an it's in a subnet with IGW.

Also note that adding a public IP to your instance puts it directly on the public internet - double check the instance Security Group (i.e. firewall) to ensure it's locked down as much as possible.

share|improve this answer

answered 2 hours ago

MLu

1,6761222

add a comment | 

up vote
1
down vote

up vote
1
down vote

In short - NAT Gateway provides public internet access to EC2 instances without public IP address.

Whether or not you can remove the NAT Gateway depends on your VPC and EC2 configuration.

• If your EC2 instance is in a subnet with IGW (Internet Gateway) and has public or elastic IP attached then you don't need NAT gateway.




• If your EC2 instance is in a subnet without IGW you do need NAT gateway.

If you want to remove the NAT gateway make sure your EC2 instance has a public IP attached to it an it's in a subnet with IGW.

Also note that adding a public IP to your instance puts it directly on the public internet - double check the instance Security Group (i.e. firewall) to ensure it's locked down as much as possible.

share|improve this answer

answered 2 hours ago

MLu

1,6761222

In short - NAT Gateway provides public internet access to EC2 instances without public IP address.

Whether or not you can remove the NAT Gateway depends on your VPC and EC2 configuration.

• If your EC2 instance is in a subnet with IGW (Internet Gateway) and has public or elastic IP attached then you don't need NAT gateway.




• If your EC2 instance is in a subnet without IGW you do need NAT gateway.

If you want to remove the NAT gateway make sure your EC2 instance has a public IP attached to it an it's in a subnet with IGW.

Also note that adding a public IP to your instance puts it directly on the public internet - double check the instance Security Group (i.e. firewall) to ensure it's locked down as much as possible.

share|improve this answer

answered 2 hours ago

MLu

1,6761222

share|improve this answer

share|improve this answer

answered 2 hours ago

MLu

1,6761222

answered 2 hours ago

MLu

1,6761222

answered 2 hours ago

MLu

1,6761222

1,6761222

add a comment | 

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f933250%2fwhat-is-the-aws-nat-gateway%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email