Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Do I need a separate NAT gateway for each private subnet?

On AWS, let's say I have 3 private subnets in 3 different AZs and I want all of them to be able to access the internet through a NAT gateway. AWS guides suggest having separate NAT gateways and bastion hosts for each subnet (assuming they're needed of course). Needless to mention, everything is in the same VPC (and consequently the same region).

Is there going to be a performance penalty for sharing the same NAT gateway for all private subnets?

like image 231
lfk Avatar asked Jan 23 '19 22:01

lfk


Video Answer


1 Answers

The performance penalty for traffic going between AZs is minor (single-digit millisecond latency).

The real reason for using multiple NAT Gateways is for high-availability.

If there is a single NAT Gateway and that AZ should fail, then all private instances would lose Internet access. Having a NAT Gateway in each AZ ensures high availability.

If you are not too concerned about a potentially rare occurrence, you can save money by using only one NAT Gateway.

(A NAT Gateway is redundant within a single AZ.)

like image 108
John Rotenstein Avatar answered Oct 20 '22 03:10

John Rotenstein