amazon-web-servicesamazon-elbaws-nat-gateway

What is the difference between using a load balancer and a NAT Gateway on AWS?


I am starting in the cloud world, so I am studying for the AWS Solutions Architect Associate certification, where I had the following question about the Networking 1 module.

What is the difference between implementing an Elastic Load Balancing and a NAT Gateway for a subnet that has several EC2 instances running my application?

To explain where my doubt comes from, I will give an example. Let's suppose that within a region I have created a VPC that has 2 subnets (one public and one private). Within the private subnet I have multiple EC2 instances running a web application. Since it is a web application, it is required that the EC2 instances have connectivity to the internet and since they are in a private subnet, I would have to implement a NAT Gateway, since it is the component that allows the resources of a private subnet to send information to the internet through it.

Now, is it possible to implement an Elastic Load Balancing that directly balances the internet traffic to the EC2 instances in the private subnet or is it not possible? The load balancer does not perform NAT as does for example an Internet Gateway? Or do I necessarily need both a load balancer and a NAT Gateway for my private subnet resources?

These questions came to me to try to understand how both a load balancer and a NAT Gateway work in AWS.

Thanks in advance.


Solution

  • Elastic Load Balancers distribute incoming traffic (inbound) across multiple targets (like EC2s), while NAT Gateways allow EC2 instances to connect to services outside your VPC, so we are talking about outbound traffic (outbound).

    Load Balancers can handle incoming traffic back out to the internet. A request coming through the ELB will be forwarded to the EC2 and the EC2 response will be routed back through the ELB and forwarded to the client.

    is it possible to implement an Elastic Load Balancing that directly balances the internet traffic to the EC2 instances in the private subnet or is it not possible?

    Yes, you can use Application Load Balancer to balance traffic to EC2 instances in a private subnet. The EC2 instance in a private subnet can route the outbound traffic through the route table to ALB’s public IP address. See this source for details.

    However, the traffic originating from EC2 cannot pass through the ELB. Instead, if your EC2 is in a public subnet the traffic is sent out to the Internet directly from the EC2 public IP address. The need for NAT Gateway arises when one or more EC2 need to connect to the internet (or to other VPCs or to on-premise network) from a private subnet. See this answer for details.