1. Configuration – ELB in front of NAT instance.
2. NAT instance in it’s own security group (NAT_SG); ELB in it’s own Security Group (ELB_SG)
3. Inbound Rules – HTTP/S with a source of ELB_SG
4. Outbound Rules – HTTP/S with a Destination of 0.0.0.0/0 (all)

MULTI AZ DEPLOYMENTS  -AND NATS

• Each AZ needs it’s own NAT instance. This allows the NAT to retain the session for returning traffic – and route it back to the same instance that sent the traffic out.
• NAT instances go straight to the IgW – not through the ALB / ELB or any firewall.

Need assistance with your GCP or AWS migrations or security audits? 

The post NAT Instances and Multiple Availability Zone Deployments – AWS appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.