1.13. Network Address Translation (NAT) & NAT Gateway - PART1
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/28
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
29 Terms
What does NAT stand for?
Network Address Translation
What is the purpose of NAT in AWS?
To give private resources outgoing-only access to the internet or AWS public services like S3.
What are the two main types of NAT in AWS?
Static NAT (used by Internet Gateways) and NAT Gateway (for private subnet egress).
What is IP masquerading?
A form of NAT where many private IPs share one public IP to access the internet.
Is NAT used for inbound or outbound connections?
Outbound only – NAT does not support incoming connections from the public internet.
What are the two AWS options for NAT?
- NAT Gateway (managed), 2. NAT Instance (user-managed EC2)
Which AWS resource is used to perform static NAT?
Internet Gateway
What is the role of an Internet Gateway in NAT Gateway communication?
It translates the NAT Gateway’s internal IP to a public IPv4 address for actual internet routing.
What IP range type does a NAT Gateway typically serve?
A private CIDR range, e.g. 10.16.32.0/20
How does the NAT Gateway know where to send the return traffic?
It keeps a translation table that maps internal IPs and ports to its own public IP.
Why does a NAT Gateway need to be placed in a public subnet?
So it can receive a public IPv4 address and route through the Internet Gateway.
What type of IP address is assigned to a NAT Gateway?
An Elastic IP (static, public IPv4 address allocated to the account).
Is a NAT Gateway region-resilient?
❌ No, it is AZ-resilient only. For full region resilience, you must deploy one NAT GW per AZ.
Can a NAT Gateway be shared across AZs?
❌ No, each AZ must have its own NAT Gateway and route table pointing to it.
Is the NAT Gateway a managed AWS service?
✅ Yes – AWS manages scaling, patching, and high availability within the AZ.
What is the maximum bandwidth of a single NAT Gateway?
Up to 45 Gbps
Can multiple NAT Gateways be deployed in the same AZ?
✅ Yes – for horizontal scaling, e.g. load-balanced across subnets.
How are NAT Gateways billed?
- Hourly charge (e.g., $0.045/hr), and 2. Per GB data processing charge (e.g., $0.045/GB)
Can NAT Gateways be used for incoming traffic from the internet?
❌ No, NAT Gateways only allow outgoing connections from private instances.
What happens to the source IP of a packet when it passes through the NAT Gateway?
The source IP is replaced by the NAT Gateway’s IP (IP masquerading).
What happens when the response returns from the internet?
The Internet Gateway translates the destination back to the original private IP via the NAT table.
What AWS services may require NAT if accessed from private subnets?
S3, SNS, SQS, and other public AWS endpoints.
Why use NAT instead of giving instances a public IP?
For security, you may want private instances with no inbound access from the internet.
Why not host update servers inside the VPC instead of using NAT?
Doing so adds admin overhead – NAT is simpler and scalable.
What type of subnet should private instances reside in for NAT usage?
A private subnet with a route table pointing to a NAT Gateway, not an Internet Gateway.
What happens if you don't configure route tables correctly?
Private instances will not have egress to the internet.
What are Elastic IPs (EIPs)?
Static public IPv4 addresses allocated to your AWS account – used by NAT Gateways.
What’s the main architectural requirement before deploying a NAT Gateway?
A public subnet, internet gateway, and route table pointing to IGW for that subnet.
Can you reuse Elastic IPs across services?
Yes – until deallocated, EIPs are yours to assign across eligible services.