NAT Instances & NAT Gateways Flashcards
Where do you get the NAT AMI?
From the community AMI store (marketplace)
Does the NAT exist within your public or private subnet?
Public
What must you disable for a NAT instance to function?
Source and destination checks
Must you disable source and destination checks on a NAT gateway?
No, only the NAT instance.
From where do you disable the source and destination checks for the NAT instance?
Actions -> Change Source/Dest. Check -> Yes, Disable
What must be modified in the route table for a NAT instance to have internet access?
Add a destination of 0.0.0.0/0. Add a target of the newly created NAT instance.
What is the difference between NAT Gateway and Egress only Internet Gateway?
NAT Gateway is for IPv4
Egress Only Internet Gateway is specialized for IPv6
When you create a NAT Gateway, do you associate your public or private subnet?
Public
After you create a NAT Gateway, you attempt to create new route tables, but you can’t. What is the likely problem?
NAT Gateways can take up to 15 minutes to provision. Wait 15 minutes and try again.
Similar to NAT Instances, what must be added to a route table for the Gateway to have internet access?
The route table must include a destination of 0.0.0.0/0, and a target or the newly created NAT Gateway
True or False: NAT Gateways do not span subnets?
True. You must create a NAT Gateway in each subnet where it’s needed.
In terms of availability and scalability, what benefits does a NAT Gateway have over a NAT Instance?
- Gateways auto scale to meet demand. NAT Instances must be managed with auto scaling groups.
True or false: There must be a route out of the private subnet for NATs to work?
True
True or false: For a NAT instance, the amount of traffic it can handle depends on the instance size?
True. Keep an eye on the network traffic when using a NAT instance.
Do NAT instances sit behind a security group?
Yes
