{"id":689,"date":"2017-10-25T09:36:42","date_gmt":"2017-10-25T09:36:42","guid":{"rendered":"http:\/\/wiki.thomasandsofia.com\/?p=689"},"modified":"2017-10-26T23:20:54","modified_gmt":"2017-10-26T23:20:54","slug":"nat-instances-and-nat-gateways","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=689","title":{"rendered":"NAT Instances and NAT Gateways"},"content":{"rendered":"<p><a href=\"https:\/\/www.udemy.com\/aws-certified-solutions-architect-associate\/learn\/v4\/t\/lecture\/2801640?start=0\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/aws-certified-solutions-architect-associate\/learn\/v4\/t\/lecture\/2801640?start=0<\/a><\/p>\n<h2>NAT Instances<\/h2>\n<ol>\n<li>An EC2 instance that acts as a gateway.<\/li>\n<li>An Instance that is used to provide Internet traffic to EC2 instances in private subnets (non-Internet accessible).<\/li>\n<\/ol>\n<ul>\n<li>Create an EC2 instance from the Community AMIs after searching for &#8216;NAT&#8217;\n<ul>\n<li>Pick the most recent one.\n<ul>\n<li>The OS install is slightly smaller than what you would get using a standard AWS AMI.<\/li>\n<\/ul>\n<\/li>\n<li>Make sure you give it a &#8216;Name&#8217; Tag.\u00a0 This will help identify it when you edit your Main Route Table<\/li>\n<\/ul>\n<\/li>\n<li>Provision into your Public accessible Subnet<\/li>\n<li>Use your Public facing Security Group\n<ul>\n<li>Make sure you allow both HTTP and HTTPS traffic.<\/li>\n<\/ul>\n<\/li>\n<li>Once provisioned:\n<ul>\n<li>Actions &gt; Networking &gt; Change Source\/Dest. Check &gt; Disable<\/li>\n<li>This allows traffic to travel through the instance.<\/li>\n<\/ul>\n<\/li>\n<li>Edit the Main Route Table to send &#8216;unknown&#8217; traffic to the NAT Instance\n<ul>\n<li>Source: 0.0.0.0\/0<\/li>\n<li>Destination: NAT Instance<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>NAT Gateways<\/h2>\n<ul>\n<li>VPC &gt; NAT Gateways &gt; Create NAT Gateway\n<ul>\n<li>Deploy into the Public accessible Subnet<\/li>\n<li>Create New EIP (Elastic IP. Looks like you just get a DNS route. Kind of cool.)<\/li>\n<li>[Create a NAT Gateway]\n<ul>\n<li>Make note of your NAT Gateway ID if you have more than 1!<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Edit Route Table to use the NAT Gateway\n<ul>\n<li>Destination: 0.0.0.0\/0<\/li>\n<li>Target: Nat Gateway ID<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>NAT Gateway Advantages<\/h2>\n<p><a href=\"http:\/\/docs.aws.amazon.com\/AmazonVPC\/latest\/UserGuide\/vpc-nat-comparison.html\" target=\"_blank\" rel=\"noopener\">http:\/\/docs.aws.amazon.com\/AmazonVPC\/latest\/UserGuide\/vpc-nat-comparison.html<\/a><\/p>\n<ul>\n<li>No need to disable the Source\/Dest. Check<\/li>\n<li>No need for a Security Group<\/li>\n<li>NAT Instances become a Single Point of Failure<\/li>\n<li>Auto H\/A &#8211; No Single Point of Failure<\/li>\n<li>10Gbps Burst<\/li>\n<\/ul>\n<p>Bastion Hosts (Jump Boxes)<\/p>\n<ul>\n<li>Instances that have been hardened and provisioned for the purpose of providing administration to non-public facing instances are known as Bastions.<\/li>\n<\/ul>\n<h2>Exam Tips<\/h2>\n<ul>\n<li>Nat Instances\n<ul>\n<li>Must disable the Source\/Dest. check<\/li>\n<li>Must be deployed in the Public subnet<\/li>\n<li>Must be a route out of the Private subnet to the NAT Instance<\/li>\n<li>Traffic supported depends on the instance size.\u00a0 If bottlenecking, increase the Instance size.<\/li>\n<li>Can create HA using:\n<ul>\n<li>AutoScaling groups<\/li>\n<li>Multiple Public subnets in different AZs<\/li>\n<li>A script to automate failover<\/li>\n<\/ul>\n<\/li>\n<li>Are always behind a Security Group<\/li>\n<\/ul>\n<\/li>\n<li>NAT Gateways\n<ul>\n<li>Preferred by Enterprise<\/li>\n<li>Scale automatically up to 10Gbps<\/li>\n<li>No need to patch<\/li>\n<li>No associated Security Groups<\/li>\n<li>Require a public IP<\/li>\n<li>No Source\/Destination checks<\/li>\n<li>Must be a route out of the Private subnet to the NAT Gateway<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>https:\/\/www.udemy.com\/aws-certified-solutions-architect-associate\/learn\/v4\/t\/lecture\/2801640?start=0 NAT Instances An EC2 instance that acts as a gateway. An Instance that is used to provide Internet traffic to EC2 instances in private subnets (non-Internet accessible). Create an EC2 instance from the Community AMIs after searching for &#8216;NAT&#8217; Pick the most recent one. The OS install is slightly smaller than what you would ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=689\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18,21],"tags":[],"class_list":["post-689","post","type-post","status-publish","format-standard","hentry","category-amazon-web-services-aws","category-vpc"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/689","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=689"}],"version-history":[{"count":5,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/689\/revisions"}],"predecessor-version":[{"id":699,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/689\/revisions\/699"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=689"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=689"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=689"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}