Global IP address by NAT　Gateway

Your understanding is correct, but let me provide some additional details and clarification.

When an EC2 instance in a private subnet accesses the internet through a NAT gateway, the global IP address seen from the internet is indeed determined by the NAT gateway. Specifically, it's the Elastic IP (EIP) address associated with the NAT gateway that will be seen as the source IP address from the internet's perspective.

Here's how it works:

1. The EC2 instance in the private subnet sends a request to access the internet.
2. This request is routed to the NAT gateway in a public subnet (as defined in the private subnet's route table).
3. The NAT gateway then translates the private IP address of the EC2 instance to its own Elastic IP address.
4. The request is then sent out to the internet through the Internet Gateway (IGW) using this Elastic IP as the source address.

This process allows instances in private subnets to access the internet securely while keeping them inaccessible to unsolicited inbound traffic from the internet. The NAT gateway only accepts response traffic from the destinations that were accessed and drops any unsolicited inbound connections.

It's worth noting that a NAT gateway can support up to 55,000 simultaneous connections to each unique destination. If you need more connections, you can associate up to 8 IPv4 addresses to your NAT gateway (1 primary and 7 secondary).

Remember, the NAT gateway must be placed in a public subnet with a route to an Internet Gateway for this setup to work correctly. The private subnet where your EC2 instances reside should have a route to the NAT gateway for internet-bound traffic.
Sources
NAT gateway connection in Local Zones - AWS Local Zones
NAT gateway basics - Amazon Virtual Private Cloud