Before you begin: Set up a VPC architecture with one or more subnets. For more information, see Creating a VPC Platform.
Launch an instance in a subnet of your VPC using the official NAT instance OMI (named NAT instance). For more information, see Creating / Launching Instances.
You can add a Name tag to this instance to indicate that this is a NAT instance. For more information, see Adding or Removing Tags.
You can choose any instance type.
Enable this instance to directly connect to the Internet using an Internet gateway and an External IP address (EIP). For more information, see Tutorial: Setting Up a Direct Connection Between Instances in a VPC and the Internet.
This EIP is the public IP address used by the NAT instance to connect to the Internet through the Internet gateway on behalf of your other instances. For more information, see About Internet Gateways
- To enable NAT instance for the NAT instance, set its
false. For more information, see Modifying an Instance Attribute.
- In the security group of the NAT instance, add rules to the security group of your NAT instance allowing inbound flows of your choice coming from the security groups of the instances you want to connect to the Internet to allow flows coming from these instances to reach the NAT instance. For more information, see Adding Rules to a Security Group.
- To allow and route flows from these instances to the Internet through the NAT instance:
- Add a rule in their security groups allowing outbound flows to the Internet (0.0.0.0/0 CIDR block or a smaller range of IP addresses)
Create a route in the route tables of their subnets with 0.0.0.0/0 (or a smaller range of IP addresses) as destination and the ID of the NAT instance as target. For more information, see Creating a Route.