When I configure a NAT Gateway, I will have to select a subnet, hence to my understanding, one NAT Gateway for one Subnet which falls under one Availability Zones.
Then I saw the below statement
If you have resources in multiple Availability Zones and they share one NAT gateway, in the event that the NAT gateway's Availability Zone is down, resources in the other Availability Zones lose internet access, To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone.
If I have multiple EC2 in different subnets, how do they share a single NAT Gateway? Did I understand wrongly? Below is the screenshot I see when I try to create a NAT Gateway
A NAT Gateway connects to a specific Subnet, and a Subnet is in a specific Availability Zone.
Amazon EC2 instances in private subnets can use a NAT Gateway as follows:
0.0.0.0/0
) to the NAT GatewayDepending upon your appetite for risk, you might configure things differently.
Case 1: One public subnet, one private subnet in same AZ
Case 2: Two public subnets, two private subnets, one NAT Gateway
Public-Subnet-A
)Private-Subnet-A
, Private-Subnet-B
)However, if there is a failure with Availability Zone A (rare, but can happen), then the NAT Gateway is not reachable from Private-Subnet-B
. Thus, the system may be impacted even though it is running across two AZs.
Case 3: Two public subnets, two private subnets, two NAT Gateways
Public-Subnet-A
, Public-Subnet-B
)Private-Subnet-A
, Private-Subnet-B
)Private-Subnet-A
points to the NAT Gateway in Public-Subnet-A
Private-Subnet-B
points to the NAT Gateway in Public-Subnet-B
If one of the AZs were to fail, then the EC2 instances in the other private subnet will still be able to communicate with the Internet because they have their own NAT Gateway in the same AZ.