0

Let's say I have VPC, Demo_VPC with subnet 10.0.0.0/16; I also create two subnets each providing public and private access. But public subnet is straightforward to communicate with internet, whereas private I like to use NAT instance. As it is defined in aws documentation NAT instance will serve the purpose to keep private subnet hidden from internet still use internet via NAT instance.

I am stuck to understand the point. If the webserver is in a public subnet, the NAT instance is also in a public subnet in the same availability zone. Other instances are in a private subnet but they are in different availability zones. How will I make this private subnet to direct traffic toward NAT instance in different availability zone but are in same VPC?

I am new to aws trying to understand networking part of it.

RamenChef
  • 5,557
  • 11
  • 31
  • 43
emad ahmed
  • 1
  • 1

1 Answers1

0

An article on this topic is available at: How do I create a VPC NAT instance and configure my VPC route tables to use the new NAT instance?

Basically, you will need two Route Tables:

  • Public Route Table: Directs internet traffic to the Internet Gateway
  • Private Route Table: Directs internet traffic to the NAT instance

Here is an example of a Private Route Table:

Private Route Table

Notice that the 0.0.0.0/0 destination points to the Elastic Network Interface (eni-xxxx) of the NAT EC2 instance (i-xxxx).

While an Amazon EC2 instance can be used as a NAT Instance for small networks and test environments, it is recommend to use a NAT Gateway for production environments. This is a fully-managed NAT that automatically scales, but you should use one in each AZ to ensure high availability.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • In a nutshell, you don't need to worry about inter AZ traffic routing. Since the subnets are in different AZ but still in same VPC, their routing is managed by AWS as long as you configure Security Groups, NACL, and route tables correctly. – Arpit Agarwal Aug 03 '22 at 17:18