1. AWS (Amazon Web Services)

Enabling NAT Gateway for Private Subnets in AWS

Written by Posted on Less than 0 min read
0

In Amazon Web Services (AWS), instances within a private subnet cannot access the internet directly. However, a NAT (Network Address Translation) Gateway allows these instances to securely send outbound traffic (e.g., downloading updates, accessing APIs) while remaining inaccessible from external sources.

This guide will walk you through the step-by-step process of setting up a NAT Gateway to enable internet access for private subnets in AWS.

Prerequisites

Before proceeding, ensure that you have:

 ✅ A VPC (Virtual Private Cloud)
 ✅ At least one public subnet (associated with an Internet Gateway)
✅ At least one private subnet (which requires internet access via NAT)

Step 1: Identify Your VPC & Subnets

Before proceeding, ensure you have:

  • A VPC (Virtual Private Cloud).
  • At least one public subnet (connected to an Internet Gateway).
  • At least one private subnet (which needs internet access via NAT).

How to Check Your Subnets?

  1. Go to AWS ConsoleVPC DashboardSubnets.
  2. Identify:
    • Public Subnet: Within route table, should have 0.0.0.0/0 pointing to an Internet Gateway (IGW).
    • Private Subnet: Within route table, should have 0.0.0.0/0 pointing to a NAT Gateway (if already set up).

Step 2: Create an Internet Gateway

A NAT Gateway must be in a public subnet, which requires an Internet Gateway (IGW).

  1. Go to VPC DashboardInternet Gateways.
  2. Click Create Internet Gateway.
  3. Name it (e.g., MyVPC-IGW) and click Create.
  4. Attach it to your VPC:
    • Select the new Internet Gateway.
    • Click ActionsAttach to VPC → Select your VPCAttach.

Step 3: Create a NAT Gateway

Now, we’ll create a NAT Gateway in a public subnet.

  1. Go to VPC DashboardNAT Gateways.
  2. Click Create NAT Gateway.
  3. Select a public subnet.
  4. Click Allocate Elastic IPCreate NAT Gateway.

Step 4: Update the Route Table for Private Subnet

  1. Go to VPC DashboardRoute Tables.
  2. Select the Route Table associated with your private subnet.

Click Edit RoutesAdd Route:

Destination: 0.0.0.0/0

Target: nat-xxxxxxxx (Select the NAT Gateway)

  1. Click Save Changes.


    Final private subnet and route table and nat gateway looklike below all within VPC

Step 5: Test Connectivity

  1. Launch an EC2 instance in the private subnet.
  2. Connect via SSH using a Bastion Host or Session Manager.
    ping 8.8.8.8
    curl -I http://google.com
  3. If successful, your NAT Gateway is working!

Troubleshooting Tips

  • Ping not working? Ensure Security Group allows outbound ICMP.
  • Still no internet? Check that the NAT Gateway is in a public subnet with an Elastic IP.
  • Check VPC Flow Logs to debug connectivity issues.

Conclusion

By following these steps, you’ve successfully enabled internet access for private subnets using a NAT Gateway in AWS. This setup ensures security while allowing outbound connections for necessary updates and external API access.

🚀 Now your AWS environment is properly configured!

Member since
Result-driven IT Professional with over 8 Years of experience in Software Development, Cloud Computing, DevOps, and IT Infrastructure Management. Proficient in designing scalable architectures on AWS (EC2, RDS, S3, IAM, Lambda, Route 53, CloudFormation), Azure (AD, M365, Virtual Machines), and Cloudflare (WAF, Zero Trust). Skilled in automating CI/CD pipelines using Jenkins, GitHub Actions, and Bitbucket Pipelines, and managing infrastructure with Kubernetes, Terraform, and Ansible. Proven achievements include reducing AWS operational costs by 40%, scaling high-traffic WordPress systems, implementing Zero-Trust security, and upgrading ERP systems. Experienced in performance optimization, database tuning, disaster recovery planning, network security audits, and IT project leadership.
Do you like RavikantDk's articles? Follow on social!

Related articles

  1. AWS (Amazon Web Services)

Setting Up AWS CloudWatch Alarm for EC2 CPU Usage with Email Alerts

Introduction Monitoring EC2 instances is crucial for ensuring optimal performance and preventing issues like underutilization or overloading. AWS CloudWatch allows users to track metrics and set up alarms to trigger notifications based on predefined conditions. In this guide, we’ll walk through setting up a CloudWatch alarm to send email alerts when an EC2 instance’s CPU […]
Written by
  1. AWS (Amazon Web Services)
  2. DNS
  3. Networking

Understanding AWS Load Balancer Routing with Cloudflare and Different Clients

When deploying web applications on AWS using multiple Network Load Balancers (NLBs), understanding how traffic is routed across different clients—such as browsers (Chrome, Edge, Firefox, Safari) and mobile apps (React Native-based)—is essential. This article explores how routing works when using Cloudflare DNS with and without the proxy feature enabled. 1. Overview of Routing Mechanisms When […]
Written by
Next
No Comments
Leave a comment Cancel
Comments to: Enabling NAT Gateway for Private Subnets in AWS

Your email address will not be published. Required fields are marked *

Attach images - Only PNG, JPG, JPEG and GIF are supported.

Login

Welcome to ITUptodate
Brief and amiable onboarding is the first thing a new user sees in the theme.
Read Smart, Save Time
Pick all the topics you are interested in to fill your homepage with stories you'll love.

Join ITUptodate