AWS VPC - What is the difference between Internet Gateway & NAT

Question

What is an Internet Gateway? What is a NAT Instance? What services do they offer?

After reading AWS VPC documentation, I observed that they both map private IP addresses to internet route-able addresses for the outgoing requests and then they route the incoming responses of the internet to the requester on the subnet.

So what are the differences between them? What scenarios do I use a NAT Instance instead of (or beside) an Internet Gateway? Are they essentially EC2 instances running some network applications or are they special hardware like a router?

Instead of simply pointing to AWS documentation links, can anyone please explain these by adding some background on what is public and private subnets so any amateur with limited knowledge of networking can understand these easily? Also, when should I use a NAT Gateway instead of a NAT instance?

Answer 1

What is Internet Gateway:-

It is a logical connection between an Amazon VPC and the Internet. It is not a physical device. Only one can be associated with each VPC. Also, it does not limit the bandwidth of Internet connectivity. 

So to access a VPC you need to have an internet Gateway if you do not have an Internet Gateway, then the resources in the VPC cannot be accessed from the Internet.

What is a NAT Instance:-

It is an Amazon EC2 instance which configured to forward traffic to the Internet. It can be launched from an existing AMI, or can be configured via User Data like this:

#!/bin/sh 

echo 1 > /proc/sys/net/ipv4/ip_forward 

echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects 

/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 0.0.0.0/0 -j MASQUERADE 

/sbin/iptables-save > /etc/sysconfig/iptables 

mkdir -p /etc/sysctl.d/ 

cat <<EOF > /etc/sysctl.d/nat.conf 

net.ipv4.ip_forward = 1 

net.ipv4.conf.eth0.send_redirects = 0