You can use the Amazon VPC console to create and manage your NAT gateways.
Control the use of NAT gatewaysBy default, users do not have permission to work with NAT gateways. You can create an IAM role with a policy attached that grants users permissions to create, describe, and delete NAT gateways. For more information, see Identity and access management for Amazon VPC.
Create a NAT gatewayUse the following procedure to create a NAT gateway.
Related quotasYou won't be able to create a public NAT gateway if you've exhausted the number of EIPs allocated to your account. For more information on EIP quotas and how to adjust them, see Elastic IP addresses.
You can assign up to 8 private IPv4 addresses to your private NAT gateway. This limit is not adjustable.
You are limited to associating 2 Elastic IP addresses to your public NAT gateway by default. You can increase this limit by requesting a quota adjustment. For more information, see Elastic IP addresses.
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose NAT gateways.
Choose Create NAT gateway.
(Optional) Specify a name for the NAT gateway. This creates a tag where the key is Name and the value is the name that you specify.
Select the subnet in which to create the NAT gateway.
For Connectivity type, leave the default Public selection to create a public NAT gateway or choose Private to create a private NAT gateway. For more information about the difference between a public and private NAT gateway, see NAT gateways.
If you chose Public, do the following; otherwise, skip to step 8:
Choose an Elastic IP allocation ID to assign an EIP to the NAT gateway or choose Allocate Elastic IP to automatically allocate an EIP for the public NAT gateway. You are limited to associating 2 Elastic IP addresses to your public NAT gateway by default. You can increase this limit by requesting a quota adjustment. For more information, see Elastic IP addresses.
ImportantWhen you assign an EIP to a public NAT gateway, the network border group of the EIP must match the network border group of the Availability Zone (AZ) that you're launching the public NAT gateway into. If it's not the same, the NAT gateway will fail to launch. You can see the network border group for the subnet's AZ by viewing the details of the subnet. Similarly, you can view the network border group of an EIP by viewing the details of the EIP address. For more information about network border groups and EIPs, see 1. Allocate an Elastic IP address.
(Optional) Choose Additional settings and, under Private IP address - optional, enter a private IPv4 address for the NAT gateway. If you don't enter an address, AWS will automatically assign a private IPv4 address to your NAT gateway at random from the subnet that your NAT gateway is in.
Skip to step 11.
If you chose Private, for Additional settings, Private IPv4 address assigning method, choose one of the following:
Auto-assign: AWS chooses the primary private IPv4 address for the NAT gateway. For Number of auto-assigned private IPv4 addresses, you can optionally specify the number of secondary private IPv4 addresses for the NAT gateway. AWS chooses these IP addresses at random from the subnet for your NAT gateway.
Custom: For Primary private IPv4 address, choose the primary private IPv4 address for the NAT gateway. For Secondary private IPv4 addresses, you can optionally specify up to 7 secondary private IPv4 addresses for the NAT gateway.
If you chose Custom in Step 8, skip this step. If you chose Auto-assign, under Number of auto-assigned private IP addresses, choose the number of secondary IPv4 addresses that you want AWS assign to this private NAT gateway. You can choose up to 7 IPv4 addresses.
NoteSecondary IPv4 addresses are optional and should be assigned or allocated when your workloads that use a NAT gateway exceed 55,000 concurrent connections to a single destination (the same destination IP, destination port, and protocol). Secondary IPv4 addresses increase the number of available ports, and therefore they increase the limit on the number of concurrent connections that your workloads can establish using a NAT gateway.
If you chose Auto-assign in Step 9, skip this step. If you chose Custom, do the following:
Under Primary private IPv4 address, enter a private IPv4 address.
Under Secondary private IPv4 address, enter up to 7 secondary private IPv4 addresses.
(Optional) To add a tag to the NAT gateway, choose Add new tag and enter the key name and value. You can add up to 50 tags.
Choose Create a NAT gateway.
The initial status of the NAT gateway is Pending. After the status changes to Available, the NAT gateway is ready for you to use. Be sure to update your route tables as needed. For examples, see NAT gateway use cases.
If the status of the NAT gateway changes to Failed, there was an error during creation. For more information, see NAT gateway creation fails.
Each IPv4 address can support up to 55,000 simultaneous connections to each unique destination. A unique destination is identified by a unique combination of destination IP address, the destination port, and protocol (TCP/UDP/ICMP). You can increase this limit by associating up to 8 IPv4 addresses to your NAT gateways (1 primary IPv4 address and 7 secondary IPv4 addresses). You are limited to associating 2 Elastic IP addresses to your public NAT gateway by default. You can increase this limit by requesting a quota adjustment. For more information, see Elastic IP addresses.
You can use the NAT gateway CloudWatch metrics ErrorPortAllocation and PacketsDropCount to determine if your NAT gateway is generating port allocation errors or dropping packets. To resolve this issue, add secondary IPv4 addresses to your NAT gateway.
ConsiderationsYou can add secondary private IPv4 addresses when you create a private NAT gateway or after you create the NAT gateway using the procedure in this section. You can add secondary EIP addresses to public NAT gateways only after you create the NAT gateway by using the procedure in this section.
Your NAT gateway can have up to 8 IPv4 addresses associated with it (1 primary IPv4 address and 7 secondary IPv4 addresses). You can assign up to 8 private IPv4 addresses to your private NAT gateway. You are limited to associating 2 Elastic IP addresses to your public NAT gateway by default. You can increase this limit by requesting a quota adjustment. For more information, see Elastic IP addresses.
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose NAT gateways.
Select the NAT gateway whose secondary IPv4 address associations you want to edit.
Choose Actions, and then choose Edit secondary IP address associations.
If you are editing the secondary IPv4 address associations of a private NAT gateway, under Action, choose Assign new IPv4 addresses or Unassign existing IPv4 addresses. If you are editing the secondary IPv4 address associations of a public NAT gateway, under Action, choose Associate new IPv4 addresses or Disassociate existing IPv4 addresses.
Do one of the following:
If you chose to assign or associate new IPv4 addresses, do the following:
This step is required. You must select a private IPv4 address. Choose the Private IPv4 address assigning method:
Auto-assign: AWS automatically chooses a primary private IPv4 address and you choose if you want AWS to assign up to 7 secondary private IPv4 addresses to assign to the NAT gateway. AWS automatically chooses and assigns them for you at random from the subnet that your NAT gateway is in.
Custom: Choose the primary private IPv4 address and up to 7 secondary private IPv4 addresses to assign to the NAT gateway.
Under Elastic IP allocation ID, choose an EIP to add as a secondary IPv4 address. This step is required. You must select an EIP along with a private IPv4 address. If you chose Custom for the Private IP address assigning method, you also must enter a private IPv4 address for each EIP that you add.
ImportantWhen you assign a secondary EIP to a public NAT gateway, the network border group of the EIP must match the network border group of the Availability Zone (AZ) that the public NAT gateway is in. If it's not the same, the EIP will fail to assign. You can see the network border group for the subnet's AZ by viewing the details of the subnet. Similarly, you can view the network border group of an EIP by viewing the details of the EIP address. For more information about network border groups and EIPs, see 1. Allocate an Elastic IP address.
Your NAT gateway can have up to 8 IP addresses associated with it. If this is a public NAT gateway, there is a default quota limit for EIPs per Region. For more information, see Elastic IP addresses.
If you chose to unassign or disassociate new IPv4 addresses, complete the following:
Under Existing secondary IP address to unassign, select the secondary IP addresses that you want to unassign.
(optional) Under Connection drain duration, enter the maximum amount of time to wait (in seconds) before forcibly releasing the IP addresses if connections are still in progress. If you don't enter a value, the default value is 350 seconds.
Choose Save changes.
If the status of the NAT gateway changes to Failed, there was an error during creation. For more information, see NAT gateway creation fails.
You can tag your NAT gateway to help you identify it or categorize it according to your organization's needs. For information about working with tags, see Tagging your Amazon EC2 resources in the Amazon EC2 User Guide.
Cost allocation tags are supported for NAT gateways. Therefore, you can also use tags to organize your AWS bill and reflect your own cost structure. For more information, see Using cost allocation tags in the AWS Billing User Guide. For more information about setting up a cost allocation report with tags, see Monthly cost allocation report in About AWS Account Billing.
To tag a NAT gatewayOpen the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose NAT gateways.
Select the NAT gateway that you want to tag and choose Actions. Then choose Manage tags.
Choose Add new tag, and define a Key and Value for the tag. You can add up to 50 tags.
Choose Save.
If you no longer need a NAT gateway, you can delete it. After you delete a NAT gateway, its entry remains visible in the Amazon VPC console for about an hour, after which it's automatically removed. You can't remove this entry yourself.
Deleting a NAT gateway disassociates its Elastic IP address, but does not release the address from your account. If you delete a NAT gateway, the NAT gateway routes remain in a blackhole status until you delete or update the routes.
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose NAT gateways.
Select the radio button for the NAT gateway, and then choose Actions, Delete NAT gateway.
When prompted for confirmation, enter delete and then choose Delete.
If you no longer need the Elastic IP address that was associated with a public NAT gateway, we recommend that you release it. For more information, see 5. Release an Elastic IP address.
You can perform the tasks described on this page using the command line.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4