amazon-web-servicesamazon-ec2amazon-vpcnat

AWS -VPC- What make EC2 as NAT instance


I am trying to understand what is the difference between NAT EC2 instance and a regular EC2 instance. I created two EC2 instances a) NAT Instance from community AMIs and disabled the source/dest check b) Created a regular EC2 instance t2.micro and disabled the source/dest check. When i use option b in my main route table it doesn't provide the internet connectivity to my ec2 instance in private subnet. Note: I can SSH the regular EC2 instnace mentioned in option b and also access the index.html file through internet.

Can somebody pls explain what makes a regular EC2 instance a NAT Instance?


Solution

  • This User Data script is traditionally used to configure an Amazon EC2 instance as a NAT server:

    #!/bin/sh
    echo 1 > /proc/sys/net/ipv4/ip_forward
    echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
    /sbin/iptables -t nat -A POSTROUTING -o eth0 -s 0.0.0.0/0 -j MASQUERADE
    /sbin/iptables-save > /etc/sysconfig/iptables
    mkdir -p /etc/sysctl.d/
    cat <<EOF > /etc/sysctl.d/nat.conf
    net.ipv4.ip_forward = 1
    net.ipv4.conf.eth0.send_redirects = 0
    EOF
    

    These days, it is recommended to use a fully-managed NAT Gateway instead of a NAT instance. (For dev/test it might be cheaper to use a NAT instance, but the NAT Gateway is better for a production environment.)