Amazon adds managed NAT gateways to Virtual Private Cloud

Amazon's Virtual Private Cloud has long made it possible to partition a hunk of AWS with a private network of its own, complete with a VPN connection for secure access.

But setting up a VPN to access the Internet is drudgery, since connections to and from VPC have to be mapped with network address translation (NAT) using a manually created cluster of EC2 instances that serve as a gateway.

Earlier this week, Amazon did away with some of that headache by providing a new Managed NAT Gateway for AWS to automatically create NAT gateways for AWS VPNs without having to do anything more than click through a wizard.


Creating a NAT gateway for an Amzon Virtual Private Cloud can now be done in a semi-automated fashion, without having to spin up EC2 instances manually. It isn't free, though, and comes with a few limitations.

The gateways created can handle up to 10Gbps of "bursty" (not sustained) TCP, UDP, and ICMP traffic, and automatically scale and provide high availability. Newly created Virtual Private Cloud instances will also give the user an opportunity to create a NAT Gateway and automatically configure the gateway to match the VPC's routing tables. Traffic flowing through the VPN can be logged and observed by Amazon's CloudWatch service to generate activity graphs.

As with any new Amazon AWS technology, its cross-integration with the rest of Amazon is limited. It's only possible to associate one elastic IP address with a given NAT gateway; it can't be reassigned. While you can use network ACLs to control traffic to and from the subnet where the NAT gateway is, you can't associate a security group with the gateway itself.

Finally, since NAT Gateways are technically machines unto themselves, they aren't free. They cost 4.5 cents per gateway, per hour plus any data processing and transfer charges incurred.

IDG Insider


« Powerful VLC media player lands on Chromebooks


Cox must pay $25 million after failing to make pirating subscribers walk the plank, but the real loser could be you »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends


Is your organization fully GDPR compliant?