NAT Instances and NAT Gateways Flashcards
What does NAT stand for?
Network Address Translation
What is the purpose of NAT in VPCs?
NAT allows a private subnet to forward traffic to the internet, while still preventing the internet from initiating connection with the private subnet
When creating a NAT Instance, do you need to disable Source/Destination checks on the Instance?
Yes
Can NAT Instances be in private subnets?
No.
They are used by private subnets but they exist in public subnets, so there must be a route of the private subnet to the NAT instance in order for it to work.
Suppose a NAT Instance is bottlenecking from traffic. What can you do?
Increase the instance size.
The amount of traffic a NAT instance can support depends on the instance size.
How might you ensure high availability using NAT Instances?
- Use Auto-Scaling Groups
- Have Multiple Subnets in different AZs
- Have a script to automate failover
(Possible but a pain in the butt)
Can NAT Gateways surive the failure of an underlying EC2 instance?
Yes, they are implemented with redundancy in each AZ
Given the choice between using NAT Instances or NAT Gateways, which should you choose?
NAT Gateways
Who manages software patches for NAT Instances?
You do
Who manages software patches for NAT Gateways?
AWS Does
Can NAT Instances be associated with Security Groups?
Yes
Can NAT Gateways be associated with security groups?
No
Are NAT Gateways automatically assigned public IP addresses?
Yes
When creating a NAT Gateway, do you need to disable Source/Destination checks on the Instance?
No
Suppose you have resources in multiple AZs, all sharing one NAT Gateway, and the AZ containing the NAT Gateway goes down. What happens to the resources in the other AZs?
The resources in the other AZs will lose internet access
This is why it is important to have an AZ-independent architecture
