So I should create (ideally) 1 NAT Gateway per AZ, associated with a private subnet in each. The NAT Gateway takes an allocation_id:
The allocation ID of an Elastic IP address to associate with the NAT gateway. If the Elastic IP address is associated with another resource, you must first disassociate it.
An EIP is attached to either an Instance or a Network Interface.
So what all do I need to create to create a NAT gateway?
- An EIP...
- ...Associated with an instance or a Network Interface.
What is this instance or Network Interface I associate it with? I don't quite follow.
I am imagining I have a bunch of private subnet webservers that also need access to the internet. Are these webservers the instances they are talking about associating with an EIP? Or what?
Can I just create a NAT Gateway and an EIP and nothing else connecting the EIP to the instance/network-interface?
resource "aws_network_interface" "multi-ip" {
subnet_id = aws_subnet.main.id
private_ips = ["10.0.0.10", "10.0.0.11"]
}
resource "aws_eip" "one" {
vpc = true
# WHAT IS THIS
# WHAT NETWORK INTERFACE DO I NEED TO CREATE
network_interface = aws_network_interface.multi-ip.id
associate_with_private_ip = "10.0.0.10"
}
You can create NAT gateway in VPC console. You specify a public subnet for it and existing (or let AWS create it) EIP:
Then you will have to create a route in your private route table to the NAT create,
And depending if you've created new route table, you can associated the route table with any private subnet you need: