Question 1

What's the difference between a NAT Gateway and an Internet Gateway?

Accepted Answer

An Internet Gateway (IGW) enables resources with public IPs to communicate with the internet (including inbound connections if allowed by security rules). A NAT Gateway is for outbound-only internet access from private subnets: instances keep private IPs and can start connections to the internet, but the internet cannot start connections back to them through the NAT.

Question 2

When should I use a NAT Gateway?

Accepted Answer

Use a NAT Gateway when resources in a private subnet need outbound internet access (for example, downloading OS updates, pulling container images, calling external APIs) but should not be directly reachable from the internet. If a workload must accept inbound internet traffic, use a public entry point such as a load balancer, API gateway, bastion/SSM-style access, or a public subnet design instead.

Question 3

How much does a NAT Gateway cost?

Accepted Answer

Costs typically include (1) an hourly charge for the NAT gateway resource and (2) data processing/egress charges based on the amount of traffic that passes through it, plus standard internet egress fees from the cloud provider. Your total depends on hours running, GB processed, and how many gateways you deploy (often one per availability zone for resilience). Always check the provider’s pricing page for current rates and regional differences.

NAT Gateway

Definition

Real-World Example

Related Terms

Cloud Provider Equivalencies

Explore More Cloud Computing Terms