Hacker News new | past | comments | ask | show | jobs | submit login

The IGW is not the NAT gw. You need both for private networks outgoing public connections.



Sure. It's not the NAT gw. But it is NAT. Op was complaining about having to use 1990s NAT, and I was responding to that. NAT gw isn't really 1990s NAT either, since it autoscales. I assume the sentiment was the complaint about having a "public" subnet and a "private" subnet, and using a NAT to route traffic for the "private" subnet. Its been a while since I used AWS, but I was at a large company and that's simply how IT Security demanded it. So, of course, AWS offers a solution for that market.

But if you use IGW, then your "public" subnet is still actually a private subnet: all networking to hosts inside the VPC occurs with private IPs. The public IPs are 1:1 NATed by the IGW. Your instances never see packets with their public IP. And you can launch instances in the "public" subnet without a NAT mapping if you want. For IPv6, you can have an egress only IGW.

So you can do "traditional" NAT if you want, or you can do "modern cloud" NAT using IGW. It is really your choice. I'm not saying one is better than the other. I'm just letting OP know that there is a non-1990s option. =)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: