NAT Gateway

Definition

Network Address Translation Gateway - enables private subnet resources to access the internet for outbound traffic while blocking inbound connections.

Use Cases

Provider Equivalents

Frequently Asked Questions

What's the difference between Cloud NAT and a public IP on a VM?
A public IP gives a VM a direct internet-facing address, which can allow inbound connections if firewall rules permit. Cloud NAT lets a VM keep only a private IP while still making outbound connections to the internet; unsolicited inbound connections from the internet cannot reach the VM through Cloud NAT.
When should I use Cloud NAT?
Use Cloud NAT when your workloads should not be directly reachable from the internet but still need outbound access—for example, to download OS updates, pull container images, install packages, call external APIs, or send logs/metrics to external endpoints. It’s also useful when you want to reduce the number of public IPs and centralize outbound egress through a managed service.
How much does Cloud NAT cost?
Cloud NAT pricing is based on two main factors: (1) the number of NAT gateway resources you configure and (2) the amount of data processed for NAT (egress). You also pay for the external IP addresses used by Cloud NAT (auto-allocated or reserved) and standard network egress charges for traffic leaving Google Cloud. Exact rates vary by region and change over time, so confirm with the current Google Cloud pricing page for Cloud NAT and network egress.

Category: networking

Difficulty: advanced

Related Terms

See Also