Certified Security - Specialty

Sign Up Free or Log In to participate!

What is the NAT Gateway work logic in this example?

For the NAT Gateway example in this section, how can the traffic from the private subnet goes to the public subnet ? And, the route in the default route table (target to the newly created NAT Gateway), is it referring the traffic from the Internet going to the NAT gateway (if there is no any more specific route in the route table) ? A little confused about the setup

1 Answers

The public subnet needs to permit the traffic in via NACL to allow the traffic to reach the NATGW. Since Security Groups don’t apply to NATGWs they don’t come into play. In general, the NATGW will source nat/proxy the traffic it receives before going to the internet which makes it the destination for the return traffic from the internet. Functionally it will pass its external elastic IP to the internet gateway. The Internet gateway uses the elastic IP as the one to one NAT onto the internet. This nat/proxy pattern allows the return traffic to get back to the correct instances that make up the NATGW and eventually the EC2 instance. Let me know if this isn’t clear or what you were asking.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?