NAT Gateway cannot use security groups… so what do you use to secure it? Routing tables and NACLs?
The NAT Gateway is an AWS managed service which you don’t need to secure – ie AWS ensure the servers it uses are secured. You do need to ensure that you use it in a secure manner though and this means using routing tables to pick which subnets get a route to the internet via the NAT Gateway.
Hope this helps