Amazon adds managed NAT gateways to Virtual Private Cloud

Previously clunky and difficult to set up, NAT gateways for Amazon Virtual Private Clouds are now a breeze -- but they still have limits and aren't free

Amazon's Virtual Private Cloud has long made it possible to partition off a hunk of AWS with a private network of its own, complete with a VPN connection for secure access.

But setting up a VPN to access the Internet is drudgery, since connections to and from VPC have to be mapped with network address translation (NAT) using a manually created cluster of EC2 instances that serve as a gateway.

Earlier this week, Amazon did away with some of that headache by providing a new Managed NAT Gateway for AWS -- a way to automatically create NAT gateways for AWS VPNs without having to do anything more than click through a wizard.

vpc create nat pick eip 1 Amazon

Creating a NAT gateway for an Amzon Virtual Private Cloud can now be done in a semi-automated fashion, without having to spin up EC2 instances manually. It isn't free, though, and comes with a few limitations of its own.

The gateways created can  handle up to 10Gbps of "bursty" (meaning not sustained) TCP, UDP, and ICMP traffic, and automatically scale and provide high availability. Newly created Virtual Private Cloud instances will also give the user an opportunity to create a NAT Gateway and automatically configure the gateway to match the VPC's routing tables. Traffic flowing through the VPN can be logged and observed by Amazon's CloudWatch service to generate activity graphs.

As with any newly introduced Amazon AWS technology, its cross-integration with the rest of Amazon is limited. It's only possible to associate one elastic IP address with a given NAT gateway; it can't be reassigned. And while you can use network ACLs to control traffic to and from the subnet where the NAT gateway is, you can't associate a security group with the gateway itself.

Finally, since NAT Gateways are technically machines unto themselves, they aren't free. They cost $0.045 per gateway, per hour plus any data processing and transfer charges incurred.

Join the TechWorld newsletter!

Error: Please check your email address.


More about AWSGateway

Show Comments