Can AWS NAT Gateways and Elastic Load Balancers Be Temporarily Paused?

Question

Hello,

I'm currently working with AWS services, specifically NAT Gateways and Elastic Load Balancers, and I have a query regarding their operation. I would like to know if there's a possibility to temporarily pause these services.

In certain scenarios, it might be necessary for us to suspend the services for a short period, either for maintenance, cost optimization, or other operational reasons. However, I couldn't find specific information in the AWS documentation about the feasibility of pausing these services temporarily.

Is there an option or a workaround to temporarily stop or pause the NAT Gateways and Elastic Load Balancers without completely deleting or dismantling them? If yes, could you please guide me on how to achieve this?

Accepted Answer

**AWS does not offer a built-in feature to "pause" or temporarily halt NAT Gateways or Elastic Load Balancers (ELBs).**

**For NAT Gateways:**
If you need to control outbound internet access, you can manually adjust the route tables associated with your private subnets. By modifying the routes, you gain control over whether traffic is routed through the NAT Gateway or another path. While this doesn't constitute a literal "pause," it effectively allows you to manage the flow of traffic.

**For Load Balancers:**
In the case of using the Network Load Balancer, you have the option to manually de-register instances from the ELB. This action prevents traffic from being directed to those instances. Again, this doesn't equate to a direct "pause," but it accomplishes a similar outcome.

One additional consideration is that, by default, users do not possess the necessary permissions to interact with NAT gateways. To address this, you can create an IAM role with an attached policy that grants users the required permissions to create, describe, and delete NAT gateways.

Answer

Short answer: No, you can't do that. You can (as you point out) delete them and recreate them but operationally that might be an issue. In both cases, for cost optimization - deletion and recreation is the only way to go.

For NAT Gateway: Why do you need to pause it? If you wanted traffic not to use the NAT Gateway you could remove the route(s) pointing to it.

For load balancers: Taking them out of service would mean denying access to clients using the service. Where would you send the traffic instead?

Answer

Simply stopping traffic going through NAT GWs or ELBs isn't going to "pause" the billing as both services are priced per hour and amount of data processed. If the hourly price for NAT GWs is a problem, you could build a Cloudformation (or Terraform) template that provisions your VPC, subnets, routing, NAT gateways etc. And then include paremeters and conditions to enable/disable NAT GWs. Similar could be done for you application layer and ELBs. With ELBs you would need to take care also DNS records (CNAME) as new ELB will have a different name than original as well as registering your targets. It is possible but will require some effort.

Here is a sample of Cloudformation template for single AZ VPC with option to enable/disable NAT gateway with stack parameter updates. If you are going to use this for production, I'd recommend expanding it to cover 2 or 3 AZs. https://github.com/kallu/aws-templates/blob/master/misc/nat.yaml

Here is a sample of Cloudformation template for single AZ VPC with option to enable/disable NAT gateway with stack parameter updates. If you are going to use this for production, I'd recommend expanding it to cover 2 or 3 AZs.
https://github.com/kallu/aws-templates/blob/master/misc/nat.yaml

Can AWS NAT Gateways and Elastic Load Balancers Be Temporarily Paused?

相關內容