Network Address Translation (NAT) Gateway
What it is?
A managed service that enables instances in a private subnet to connect to the internet but prevents the internet from initiating a connection with those instances.
Imagine a one-way mirror at a security checkpoint within your gated community. People inside can look and go out, but those outside can't see or enter directly through it.
Why is it needed?
- Simply allowing direct two-way internet access to private resources would expose them to unnecessary risks.
- So, NAT Gateway allows outbound traffic (e.g., for updates, APIs) while maintaining the private nature of the subnet.
NAT Gateways are generally used in conjunction with private and public subnets. Instances in a private subnet that need to access the internet can have their traffic routed through a NAT Gateway residing in a public subnet.