Can I route a Bastion Host through a NAT gateway?

0

Historically bound to the IP addresses I had on my NAT instances (for firewall rules on distant servers). Decided to move to NAT gateways, and I can no longer show my outbound IP address as the NAT instance since the NAT gateway now has the IPs distant servers are looking for.

Is there a way to route my outbound traffic from my bastion server through the new NAT gateways so my Internet-facing IP doesn't change?

已提问 2 年前608 查看次数
1 回答
1

I think the additional subtext to your question is "but still allow access to the bastion host using its public IP address". The short answer is no - hosts either use NAT Gateway purely for outbound communication which means they can't be reached on a public/Elastic IP from the internet; or they use a public/Elastic IP for communications in both directions. This has to do with the placement of the host on a subnet that routes directly to an Internet Gateway or to a NAT Gateway.

If you are using Linux (and therefore SSH) you might consider using EC2 Instance Connect - this allows the EC2 instance to use NAT Gateway but still gives you the ability to SSH into it.

profile pictureAWS
专家
已回答 2 年前
profile pictureAWS
专家
已审核 2 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则