2 min readOct 6, 2022
[AWS] Add new NAT Gateways to Route Table in Private Subnets
Why do we need more than one NAT gateway?
- Each NAT gateway is created in a specific Availability Zone and implemented with redundancy in that zone only.
- Thus, if the NAT gateway’s Availability Zone is down, resources in the other Availability Zones that are using that NAT gateway lose internet access too.
- To maintain availability across Availability Zones, we recommend that you create a NAT gateway in each Availability Zone in your VPC(s) and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone.
Steps:
- Navigate to VPC -> NAT Gateways -> Create a new NAT Gateway
- Select a public subnet in which to create the NAT gateway
- Connectivity type: public
- Allocate a new elastic IP
- Create NAT gateway
2. VPC -> Route Tables -> Create a new route table for each NAT gateway (or choose an existing route table for private subnets)
- Select a VPC, then create it
- Edit routes to add destination (0.0.0.0/0) with target (the new NAT gateway).
- Edit subnet associations, select the private subnet that you want the network to go through the new NAT gateway you just created.
- Make sure to edit routes before subnet associations to prevent network down time.
3. (Optional) VPC -> Endpoints
- Select an endpoint that you want to edit. (i.e. for S3 Gateway Endpoint)
- Route tables -> Manage route tables
- Select the new route table that you just created.
4. The change for network will take effect immediately. You can test the internet connection on the EC2 machine in the AZ that you just created the NAT gateway.