Can I route a Bastion Host through a NAT gateway?

0

Historically bound to the IP addresses I had on my NAT instances (for firewall rules on distant servers). Decided to move to NAT gateways, and I can no longer show my outbound IP address as the NAT instance since the NAT gateway now has the IPs distant servers are looking for.

Is there a way to route my outbound traffic from my bastion server through the new NAT gateways so my Internet-facing IP doesn't change?

preguntada hace 10 meses377 visualizaciones
1 Respuesta
1

I think the additional subtext to your question is "but still allow access to the bastion host using its public IP address". The short answer is no - hosts either use NAT Gateway purely for outbound communication which means they can't be reached on a public/Elastic IP from the internet; or they use a public/Elastic IP for communications in both directions. This has to do with the placement of the host on a subnet that routes directly to an Internet Gateway or to a NAT Gateway.

If you are using Linux (and therefore SSH) you might consider using EC2 Instance Connect - this allows the EC2 instance to use NAT Gateway but still gives you the ability to SSH into it.

profile pictureAWS
EXPERTO
respondido hace 10 meses
profile pictureAWS
EXPERTO
revisado hace 10 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas