About VPC Gateways
We explore Internet Gateways and NAT Gateways to see how they help us create private and public subnets.
Internet Gateways
The default VPC has one route table that is used across all subnets created within it. This Route Table has an IGW assigned to call traffic headed to 0.0.0.0/0
(basically if some outbound network traffic in the server goes anywhere but the private network, it will get routed through the IGW, allowing public internet access).
Put another way: IGWs allows public network access (which makes any subnet using the route table that has an IGW a "Public Subnet").
There's no extra charge (except for "regular" bandwidth usage charges) for Internet Gateways.
NAT Gateway
The default VPC has no NAT Gateways created, as the default VPC is optimized towards allowing you to quickly spin up a server and have it available on the public internet.
NAT Gateways allows private-network-only servers access to the internet (but they can't be reached from the public internet). NAT is "Network Addreess Translation" and is a way to map local private addresses to a public one before transferring the information. In other words, outbound traffic from a server in a private subnet is routed through the NAT Gateway and then to the outside internet. This allows the resource (server) to talk to the outside internet without allowing the outside internet to reach the resource (server) directly.
In additional to standard bandwidth charges, there are additional charges for NAT Gateways:
- There is an hourly charge for NAT Gateways (for example in
us-east-2
, an hour charge of$0.45/hr
- to calculate the monthly charge:$0.045*730 = $32.85/mo
) - There is a charge per gigabyte transferred through a NAT Gateway (for example in
us-east-2
, a charge of$0.045/GB
). This is in addition to regular bandwidth charges!