Can I route a Bastion Host through a NAT gateway?

0

Historically bound to the IP addresses I had on my NAT instances (for firewall rules on distant servers). Decided to move to NAT gateways, and I can no longer show my outbound IP address as the NAT instance since the NAT gateway now has the IPs distant servers are looking for.

Is there a way to route my outbound traffic from my bastion server through the new NAT gateways so my Internet-facing IP doesn't change?

preguntada hace 2 años608 visualizaciones
1 Respuesta
1

I think the additional subtext to your question is "but still allow access to the bastion host using its public IP address". The short answer is no - hosts either use NAT Gateway purely for outbound communication which means they can't be reached on a public/Elastic IP from the internet; or they use a public/Elastic IP for communications in both directions. This has to do with the placement of the host on a subnet that routes directly to an Internet Gateway or to a NAT Gateway.

If you are using Linux (and therefore SSH) you might consider using EC2 Instance Connect - this allows the EC2 instance to use NAT Gateway but still gives you the ability to SSH into it.

profile pictureAWS
EXPERTO
respondido hace 2 años
profile pictureAWS
EXPERTO
revisado hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas