Certified Security - Specialty

Sign Up Free or Log In to participate!

NAT Gateway

I understand that the NAT gateway is used to send the request generated from an aws instance in a private subnet to the internet and get the response back to instance. Please suggest if there is any way to have a request originated from the internet to reach the instance in private subnet using NAT gateway?

1 Answers

Hi Chintan,

yes and no.

In the context of AWS a NAT gateway or NAT instance is explicitly for the purpose of allowing instances in a private subnet out to the Public / Internet (or some reletivelly less secure environment). [That is the No part ]

[This is the Yes part]

If you want to access a device in a private subnet from a Public environment you need to use the correct service to proxy the traffic.

  • The AWS service that you would use would be an ELB. There is specific design doco to have an ELB pass traffic to an instance farm in a Private subnet. This is what I would look to use if you have the need.

  • If you want to build your own you could build an application proxy on an EC2 instance to forward the traffic.

  • Or use a variation of the generic NAT technology to pass the traffic.

Note that "NAT" is not a proprietary AWS name or service. NATs have been in use for decades and not all are so specific in their function. You might way that the AWS NAT is a subset of the class ‘NAT’ – https://en.wikipedia.org/wiki/Network_address_translation

I hope that helps you



Chintan Vinod Parmar

Hi Rusty, Thank you for the quick reply and sharing the details. Thanks & Regards,

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?