By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Can I route a Bastion Host through a NAT gateway?

0

Historically bound to the IP addresses I had on my NAT instances (for firewall rules on distant servers). Decided to move to NAT gateways, and I can no longer show my outbound IP address as the NAT instance since the NAT gateway now has the IPs distant servers are looking for.

Is there a way to route my outbound traffic from my bastion server through the new NAT gateways so my Internet-facing IP doesn't change?

asked a year ago572 views
1 Answer
1

I think the additional subtext to your question is "but still allow access to the bastion host using its public IP address". The short answer is no - hosts either use NAT Gateway purely for outbound communication which means they can't be reached on a public/Elastic IP from the internet; or they use a public/Elastic IP for communications in both directions. This has to do with the placement of the host on a subnet that routes directly to an Internet Gateway or to a NAT Gateway.

If you are using Linux (and therefore SSH) you might consider using EC2 Instance Connect - this allows the EC2 instance to use NAT Gateway but still gives you the ability to SSH into it.

profile pictureAWS
EXPERT
answered a year ago
profile pictureAWS
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions