Here are some other tips to help optimize costs that did not fit neatly into the other lessons.

Internet from a private subnet without NAT

Normally, if we want our resources in a private subnet to access the internet, we would use a NAT gateway. NAT gateways incur charges based both per hour and per GB processed through. This is recommended if we have many resources that need to access the internet from a private subnet. However, let’s say we only have one or two Linux servers that we want to be able to download updates. A clever way around having to run a NAT gateway is to use an IPv6 egress-only gateway.

If we assign an IPv6 address to our instance and our target is resolvable via IPv6, and we create an IPv6 egress-only gateway in our public subnet with a default IPv6 route pointing to that gateway from our private subnet, we should be able to reach our target. Now, because this is an egress-only gateway, it only works for trying to get out to the internet. We cannot access our resources from the internet in the VPC. Additionally, IPv6 support is still patchy across the internet in general, so this might not work in all cases.

Get hands-on with 1200+ tech skills courses.