Menu
When I configure a NAT Gateway, I will have to select a subnet, hence to my understanding, one NAT Gateway for one Subnet which falls under one Availability Zones.
Then I saw the below statement
If you have resources in multiple Availability Zones and they share one NAT gateway, in the event that the NAT gateway's Availability Zone is down, resources in the other Availability Zones lose internet access, To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone.
If I have multiple EC2 in different subnets, how do they share a single NAT Gateway? Did I understand wrongly? Below is the screenshot I see when I try to create a NAT Gateway
789
The NAT Gateway enables outgoing Internet connectivity for a private subnet. It is important to note that you need to create a NAT Gateway for every Availability Zone that you have created private subnets to achieve high availability.
AZ belongs only to one region. AZ has more than one data center. AZ can have more than one subnets. However, there is a soft limit of 200 subnets per AZ.
You can't share a NAT Gateway among multiple VPCs. To access a resource in another VPC without crossing over the Internet and back requires VPC peering or another type of VPC-to-VPC VPN, and these arrangements do not allow transit traffic, for very good reasons.
Each VPC can have only one Internet Gateway. Each Internet Gateway can be attached to only one VPC. If there is no Internet Gateway attached to a VPC, then the VPC will not have any connectivity with the Internet.
A NAT Gateway connects to a specific Subnet, and a Subnet is in a specific Availability Zone.
Amazon EC2 instances in private subnets can use a NAT Gateway as follows:
0.0.0.0/0) to the NAT GatewayDepending upon your appetite for risk, you might configure things differently.
Case 1: One public subnet, one private subnet in same AZ
Case 2: Two public subnets, two private subnets, one NAT Gateway
Public-Subnet-A)Private-Subnet-A, Private-Subnet-B)However, if there is a failure with Availability Zone A (rare, but can happen), then the NAT Gateway is not reachable from Private-Subnet-B. Thus, the system may be impacted even though it is running across two AZs.
Case 3: Two public subnets, two private subnets, two NAT Gateways
Public-Subnet-A, Public-Subnet-B)Private-Subnet-A, Private-Subnet-B)Private-Subnet-A points to the NAT Gateway in Public-Subnet-A
Private-Subnet-B points to the NAT Gateway in Public-Subnet-B
If one of the AZs were to fail, then the EC2 instances in the other private subnet will still be able to communicate with the Internet because they have their own NAT Gateway in the same AZ.
69
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
