Menu
blog.headdesk.me
blog.headdesk.me

Sharing AWS NAT Gateway with multiple VPCs

Posted on 2021/05/202021/07/25

NAT gateway is a gateway device and performs NAT for outbound traffic. Every private subnet needs a NAT gateway to access the internet. In most cases, it is a good idea to have 2 or more NAT gateways in a VPC, diverse across AZs. That gives the maximum redundancy. In some cases, keeping cost to the minimal may be a priority. If you already have multiple VPCs connected through Transit Gateway, we can leverage that and share one NAT gateway with other VPCs.

Let’s dive right in. The follow diagram illustrates how we can share a NAT gateway with multiple VPCs connected by Transit Gateway.

In this example, a dedicated Egress VPC is created for handling outbound traffic. Resources in project VPCs will utilize the NAT gateway in Egress VPC to access the Internet.

Once the VPCs are connected with Transit Gateway and a NAT gateway is deployed in EgressVPC, route tables need to be updated. On EgressVPC, create static routes for the private subnets, route the CIDR for Project VPCs to transit gateway.

On the transit gateway route table, add a default route and send packets to the EgressVPC attachment.

For inbound traffic, an Internet Gateway is still needed for each VPC. IGW are provided at no additional cost, just the traffic is on the meter.

For more information on AWS NAT gateway, please visit AWS documentation. Also, AWS has recently introduced Private NAT Gateway and removes the need to have an Internet Gateway in the VPC.

facebookShare on Facebook
TwitterTweet

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Full text search

Recent Posts

  • Terraform and segregated permissions
  • LVM Compression and Deduplication
  • Edit gpg encrypted file with vim
  • Lelit Elizabeth PL92T Pressure Tuning
  • jq transformation
  • aws (8)
  • coffee (1)
  • headfi (1)
  • linux (6)
  • others (58)
  • security (2)
  • tech (36)
  • wordpress (2)

apache aws awscli azure backup clearlinux cloud coffee docker DOCP ec2 EL8 epyc espresso featured gpg jenkins kernel lelit linux lvm meltdown memory MFA mikrotik php python rdp Redhat RHEL roasting rpm Ryzen site-to-site snapshot spectre tech terraform tuning ubuntu ubuntu upgrade vim vpn wordpress xdotool

©2023 blog.headdesk.me | Powered by SuperbThemes & WordPress