On AWS, let's say I have 3 private subnets in 3 different AZs and I want all of them to be able to access the internet through a NAT gateway. AWS guides suggest having separate NAT gateways and bastion hosts for each subnet (assuming they're needed of course). Needless to mention, everything is in the same VPC (and consequently the same region).
Is there going to be a performance penalty for sharing the same NAT gateway for all private subnets?
The performance penalty for traffic going between AZs is minor (single-digit millisecond latency).
The real reason for using multiple NAT Gateways is for high-availability.
If there is a single NAT Gateway and that AZ should fail, then all private instances would lose Internet access. Having a NAT Gateway in each AZ ensures high availability.
If you are not too concerned about a potentially rare occurrence, you can save money by using only one NAT Gateway.
(A NAT Gateway is redundant within a single AZ.)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With