Skip to content

Instantly share code, notes, and snippets.

@crazyguitar

crazyguitar/aws-vpc-nat-gateway.md

Last active May 30, 2024 17:48
Show Gist options
  • Save crazyguitar/bf178583366e4d649769a5fb57e6b7f5 to your computer and use it in GitHub Desktop.
Save crazyguitar/bf178583366e4d649769a5fb57e6b7f5 to your computer and use it in GitHub Desktop.
Download ZIP
aws-vpc with NAT Gateway
Raw
aws-vpc-nat-gateway.md

AWS VPC with NAT Gateway

Sometimes, we need a static IP for accessing a private service since it has several firewall rules to avoide malcious attacks. In this case, we can create a NAT gateway on AWS and assign a static IP for this gateway. Therefore, we can use this public IP address to access our private service. This note tries to demonstrate how to create a NAT gateway on AWS VPC.

Architecture

Environment

  1. one private subnet
  2. one public subnet
  3. one internal gateway
  4. one NAT gateway
  5. Elastic IP (public static IP)
  6. 2 routing tables

vpc NAT gateway

Setup Nat Gateway

Create a VPC on AWS

  1. Go to VPC console and click Your VPCs for creating a VPC on AWS
  2. Click Create VPC and fill the information as following figure.

create VPC

Create two subnets (public/private)

  1. Got to Subnets
  2. Click Create subnet for creating public subnets

create the public subnet

  1. Click Create subnet for creating private subnets create the private subnet

Create an internal gateway

  1. Go to Internal Gateways and click Create internal gateway

create the internal gateway

  1. Attach to VPC

attach to VPC

  1. Check the result of attachment

attach to VPC's result

Create a public route table

  1. Click Route Tables
  2. Click Create Route Table

public route table

  1. Add a routing rule in route table

public route rule

  1. Click Subnet Associations tab and associate to public subnet

public subnet assication

Create a NAT gateway

  1. Go to NAT Gateways
  2. Click Create NAT Gateway

create nat gateway

  1. Create a EIP

create a EIP

  1. Edit the main route table

add nat gateway to route table

Prepare an app for test (simulate private service)

const express = require('express');
const app = express();

app.get('/', function(req, res){
   const ip = req.headers['x-real-ip'] || req.connection.remoteAddress;
   console.log(ip);
   res.send("Hello world!");
});

app.listen(3000);

Prepare a lambda function on AWS

  1. Create a lambda function on AWS

create a lambda

  1. Go to IAM and assign a VPC permission to execturion role

VPC permission

  1. Attach VPC to lambda

attach VPC to lambda

  1. Test sending a request to server

test result

  1. Check execution result

execution result

const http = require('http');
const ip = process.env.IP;

exports.handler = (event, context, callback) => {
  const opt = {
    hostname: ip,
    port: 3000,
    path: '/',
    method: 'GET',
  };

  const req = http.request(opt, res => {
    console.log(res);
  });

  req.end();
};
  1. Check server output and EIP

EIP result

output:

$ node app.js 
::ffff:18.208.118.121

Reference

  1. AWS Lambdas with a static outgoing IP
  2. How to use Elastic Beanstalk with an IP Whitelisted API
  3. Express.js: how to get remote client address
  4. NAT instances
  5. NAT gateway use cases
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment