Simple ROUTEs for a SINGLE NAT Instance

  1. Configuration – ELB in front of NAT instance.
  2. NAT instance in it’s own security group (NAT_SG); ELB in it’s own Security Group (ELB_SG)
  3. Inbound Rules – HTTP/S with a source of ELB_SG
  4. Outbound Rules – HTTP/S with a Destination of 0.0.0.0/0 (all)

 

Multi AZ Deployments  -and NATS

  • Each AZ needs it’s own NAT instance. This allows the NAT to retain the session for returning traffic – and route it back to the same instance that sent the traffic out.
  • NAT instances go straight to the IgW – not through the ALB / ELB or any firewall.

General_Architecture_for_HA_NAT_WebApp

For cloud migration projects or cloud consulting on AWS, GCP or Azure, contact Cloud Migration Architect

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.