


 Short description
------------------



A [network address translation (NAT) gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) allows EC2 instances to establish outbound connections to resources on internet without allowing inbound connections to the EC2 instance. It's not possible to use the private IP addresses assigned to instances in a private VPC subnet over the internet. Instead, you must use NAT to map the private IP addresses to a public address for requests. Then, you must map the public IP address back to the private IP addresses for responses.



 Resolution
-----------



1. [Create a public VPC subnet](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html#Add_IGW_Create_Subnet) to host your NAT gateway.
2. [Create and attach an internet gateway](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html#Add_IGW_Attach_Gateway) to your VPC.
3. [Create a custom route table](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html#Add_IGW_Routing) for your public subnet with a route to the internet gateway.
4. Verify that the network access control list (ACL) for your public VPC subnet allows inbound traffic from the private VPC subnet. For more information, see [Work with network ACLs](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#nacl-tasks).
5. [Create a public NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) then [create](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#using-instance-addressing-eips-allocating) and [associate](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#using-instance-addressing-eips-associating) your new or existing Elastic IP address.
6. [Update the route table of your private VPC subnet](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-scenarios.html#public-nat-gateway-routing) to point internet traffic to your NAT gateway.
7. [Test your NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-scenarios.html#public-nat-gateway-testing) by pinging the internet from an instance in your private VPC subnet.





---




 Related information
--------------------



[Monitor NAT gateways with Amazon CloudWatch](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway-cloudwatch.html)







I have Amazon Elastic Compute Cloud (Amazon EC2) instances in a private subnet of my Amazon Virtual Private Cloud (Amazon VPC). How can I configure these instances to communicate securely with the internet?

Set up NAT gateway for private subnet in Amazon VPC

How do I set up a NAT gateway for a private subnet in Amazon VPC?

Networking & Content Delivery

How to figure out whether NAT Gateway processing charge is due to internet bound traffic or within AWS?

How do I set up an AWS Network Firewall with a NAT gateway?

How do I delete a NAT Gateway in Amazon VPC?

How do I migrate from a NAT instance to a NAT gateway?

Why can't my EC2 instances access the internet using a NAT gateway?

Placing a Bastion in a Private Isolated Subnet

Can Private NAT Gateway be configured as a target for the Network Load Balancer?

EC2 instance in private subnet shows IPv4 address of NAT instance

Vpc endpoint costs vs NAT gateway

Why does NAT GW get two IP address EIP and Private IP Address

How do I set up a NAT gateway for a private subnet in Amazon VPC?

Short description

Resolution

Related information

Related videos

Relevant content