Network Address Translation Gateway - allows private subnet resources to access the internet without being directly accessible from the internet. Like a secure mailroom that can send packages out but doesn't accept unsolicited deliveries.
Database servers in private subnets use a NAT Gateway to download software updates while remaining protected from direct internet access.
All major cloud providers offer NAT services that allow private network resources to access the internet securely. AWS and OCI both use the term 'NAT Gateway,' while Azure refers to it as 'Azure Virtual Network NAT,' and GCP calls it 'Cloud NAT.' These services function similarly across platforms, providing outbound internet access while keeping resources protected from inbound traffic.