1

I would like to do this system:

enter image description here

But I would also like to access the internet from the private servers, for example, for web crawling or third-party REST API access.

How do I plugin the NAT gateway into this configuration? Do I need one? Where does it connect to?

Lance
  • 75,200
  • 93
  • 289
  • 503
  • A NAT Gateway is used to provide Internet access to resources that reside in a private subnet. They are unassociated with Global Accelerator. From what I can read, return traffic does not see to go via the Global Accelerator, but I'm not 100% sure. – John Rotenstein Aug 04 '20 at 03:55

1 Answers1

1

I did what I could with my GIMP skills:

enter image description here

You could have two route tables:

  1. For public subnet: enter image description here

  2. For private subnets (two subnets can use same route table):

enter image description here

Marcin
  • 215,873
  • 14
  • 235
  • 294
  • Where does the "Route table to NAT" go, is that in a private subnet, or just attached to the VPC or something? So basically we have to have a private and public subnet? Is that box around the Global Accelerator ENI and instance a private subnet or what is that? – Lance Aug 04 '20 at 03:38
  • 1
    @LancePollard Each subnet can be associated with a route table. By default there is one, main route table. In your case you can create two route tables. One for public subnet, and the other for use by private subnets. General info about this is [here](https://docs.aws.amazon.com/vpc/latest/userguide/how-it-works.html). So route table for public subnet would have a route to the IGW (internet gateway), and the second table for NAT. – Marcin Aug 04 '20 at 03:41
  • @LancePollard Thanks. Would be better, if had little more time :-) – Marcin Aug 04 '20 at 03:41
  • So in the end with Global Accelerator, you need public and private subnets it sounds like :) (for doing all these features). – Lance Aug 04 '20 at 03:46
  • @LancePollard I added examples of the route tables. If you require internet connection, then yes, you need a public subnet and nat. But there are applications that don't require that, so they can be fully isolated from the internet. – Marcin Aug 04 '20 at 03:48