NAT Instance | Notion

NAT = Network Address Translation It lets private EC2 instances (who have no public IP) talk to the Internet.

Think of it like this:

Your private EC2 is like a person in a back room with no phone. The NAT Instance is the receptionist at the front desk who makes calls on their behalf.

Setup Requirements (must know for exam)

Requirement	Why?
Must be in Public Subnet	Needs internet access itself
Must disable Source/Destination Check	By default EC2 only accepts traffic meant for it — we need to turn this off so it can forward others' traffic
Must have Elastic IP (EIP)	Needs a fixed public IP
Route Table must point private subnet → NAT	So private EC2s know where to send traffic

How Traffic Flows (Simple)

Private EC2 (10.0.0.20)
        ↓  wants to reach Server (50.60.4.10)
NAT Instance  ← changes source IP to its own EIP (12.34.56.78)
        ↓
Internet Server (50.60.4.10)
        ↓  reply comes back to NAT
NAT Instance  ← forwards reply back to private EC2

Key Comments / Limitations

Availability

NOT highly available by default
To make it HA → create an Auto Scaling Group (ASG) across multi-AZ

Performance

Speed depends on the EC2 instance type you pick (bigger = faster)

Management

You manage Security Groups manually (more work than NAT Gateway)