- Allow resources (for example EC2 instances) in VPC to connect to the internet.
- It scales horizontally and is highly available and redundant.
- Create separate from a VPC.
- One IGW can connect with one VPC and vice versa.
- Internet Gateway their own do not allow internet access. You must edit the route table for subnets.
- It is an EC2 instance in public subnets which is primarily used to connect to EC2 instances in private subnets.
- The security group of bastion hosts must allow inbound rule from the internet on port 22 for CIDR of your company.
- The security group of private EC2 instances needs to allow the Security Group to be used for the bastion host or private IP of the bastion host.
- NAT = Network Address Translation
- Allows EC2 instances in private subnets to connect to the internet.
- Must be launched in the public subnet
- Must disable EC2 settings: Source/ destination check.
- Must have elastic IP attached to it.
- Route table must be configured to route traffic from private subnets to
- It supports port forwarding
- We can use NAT instances as Bastion host
- NAT instances come from pre-configured Amazone Linux AMI it reach to the end of standard support on December 31.2020
- Not highly available/resilient. You need to create an ASG in multi AZ + resilient user-data script
- Internet traffic bandwidth depends on EC2 instance type.
- You must manage Security Group and rules.
- Inbound: Allow HTTP/HTTPS traffic coming from Private Subnets. Allow SSH from your home network (access is provided through internet gateway)
- Outbound: Allow HTTP/HTTPS traffic to the internet.
- Stop Source/Destination check
- AWS managed NAT, higher bandwidth, high availability, no administration.
- You have to pay per hour for usage and bandwidth.
- NAT GW is created in a specific Availability Zone, and uses an elastic IP.
- Cannot be used by EC2 instance in the same subnet (only from other subnet)
- Requires an internet gateway the network flow like this: private subnet => Nat gateway => internet gateway
- 5Gbs of bandwidth with automatically scale up to 100Gbs
- NAT Gateway is resilient within a single AZ. You must create multiple NAT Gateways in multiple AZs for fault tolerance.
?Mobile Application Developer, Let's connect?
5 个月Very excellent
??Java Software Engineer | Oracle Certified Professional
5 个月Insightful