AWS NAT gateway

Question

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html aws document says - Public – (Default) Instances in private subnets can connect to the internet through a public NAT gateway, but cannot receive unsolicited inbound connections from the internet.

if private instance does not receive inbound connection how do they communicate with internet, does it mean they can receive inbound request only through NAT gateway?

HTTP request is inbound, so is there any protocol which makes non inbound connection? what are the other types of connections possible if not inbound.

I am lost at the point --> internet connection is possible but not inbound.

You are ignoring the "unsolicited" part of the statement. – Mark B Oct 02 '21 at 14:46 — Mark B, Oct 02 '21 at 14:46

Gilad Sheffer · Answer 1 · 2021-10-02T10:41:27.900

0

A Nat gateway makes it possible for the instances inside the subnet to make a new connection to the internet, but not receiving new connection "from the internet".

To "expose" instances inside a private network to the internet, you may use some kind of Load Balancer (A service which has IP, and forwarding the networking to specific instances).

There are three kinds of load balancers:

Gateway Load Balancer - third layer of the OSI model (forwards all traffic to some instances)
Network Load Balancer - fourth layer of the OSI model (forward sspecific port traffic to some instances)
Application Load Balancer - seventh layer of the OSI model (forwards specific endpoint like /index to some instances)

edited Oct 02 '21 at 10:41

answered Oct 02 '21 at 10:35

Gilad Sheffer

91
4

"not receiving new connection" --> how commucnication happens, can you name few use cases how its used . – Loki Oct 02 '21 at 12:38
You can also just assign the instance a public ip. – dannyw Jun 09 '22 at 06:43

score 0 · Accepted Answer · answered Oct 02 '21 at 10:36

0

internet connection is possible but not inbound

This means that instances in a private subnet, behind NAT, can only access internet. For example, you can download software on them, or perform their update. But, you can't access them from the internet. For example, you can't ssh into them from the internet.

answered Oct 02 '21 at 10:36

Marcin

215,873
14
235
294

NAT full form says Network Address Translation it is confusing with respect to current use case. Resource within private subnet need internet gateway to connect to internet? NAT is required to translate the IP so it is required if some request coming from internet for some resource with public IP and it is translated to private IP in VPC? – Shailesh Jul 12 '23 at 07:24

AWS NAT gateway

2 Answers2