Let’s assume we want to use our EC2 instance to connect to the public internet to download a software package. One approach is to launch the EC2 instance in the public subnet while allowing access to the public internet via the internet gateway. However, what if we want our private instance to have outgoing-only internet access and download the software package but not be reachable via the public internet?

To achieve this, we can use NAT (Network Address Translation) devices. A NAT device allows private resources to connect to the public internet, VPCs, or on-prem networks while not forwarding any incoming requests to private resources.

A NAT gateway replaces the source IP address of the requester, such as an EC2 instance, with its own IP address when communicating with the public internet or other private networks. It is NAT Elastic IP for public networks and NAT private IP for private networks. As a result, all requests are routed through the NAT IP address as the source. When the NAT receives a response, it translates the address back to the original source IP in order to route traffic to the correct source.

Get hands-on with 1200+ tech skills courses.