Question 1

What's the difference between a NAT Gateway and an Internet Gateway?

Accepted Answer

An Internet Gateway (IGW) enables resources with public IPs to have direct two-way internet connectivity (inbound and outbound, depending on security rules). A NAT Gateway is for outbound-only internet access from private subnets: instances don’t need public IPs, and unsolicited inbound connections from the internet are not allowed through the NAT.

Question 2

When should I use a NAT Gateway?

Accepted Answer

Use a NAT Gateway when resources in a private subnet must initiate outbound connections to the internet (OS updates, package downloads, calling external APIs) but should not accept inbound connections from the internet. If you don’t need internet access at all, keep the subnet fully private with no NAT. If you need inbound internet traffic, use a public-facing entry point like a load balancer or a bastion/SSM-style access pattern rather than making the instances public.

Question 3

How much does a NAT Gateway cost?

Accepted Answer

Costs are mainly driven by (1) hourly charges for the NAT service (where applicable) and (2) data processed/egress through the NAT. You also pay standard internet egress charges from the cloud provider. Pricing varies by provider and region, so estimate based on expected uptime and outbound GB/TB, and consider architecture choices (e.g., minimizing unnecessary outbound traffic, using private endpoints for cloud services when available).

NAT Gateway

Definition

Real-World Example

Related Terms

Cloud Provider Equivalencies

See NAT Gateway in Action

Cloud Architecture for Ad Network with Authentication

Serverless E-Commerce Platform with Real-Time Inventory

Scalable 3-Tier Web Application

Real-Time Analytics Data Pipeline

Explore More Cloud Computing Terms