Ask HN: Alternatives to NAT gateways for EC2 instances
I’m looking to deploy EC2 instances in multiple availability zones and would like the EC2 instances to only be on the private subnet with no public ip address assigned. However the instances need outbound access for API requests, etc.
NAT gateways cost $32/mo per AZ and that doesn’t include bandwidth which is absurdly expensive. I could manually deploy NAT instances but still looking at a minimum of around $8/mo per for t5g.small instances and EBS. Not to mention the maintenance and setup of the NAT instances.
Any clever tricks for outbound internet access for EC2 instances that are in private subnets?
If cost is the main issue, could you route all instances through a single nat, instead of one per AZ?
You’ll need a vpc subnet connected “something” with outbound access.
Natgw and nat instance are about all there is or something crazy like a site to site vpn attached to your vgw and a server/firewall outside of aws/ec2 connected to the internet acting like a router…?
Thanks, figured as much. AWS hasn't lowered the price of NAT gateways in (ever) I think. It's a bit absurd seeing as the dramatic price reduction of Graviton based instances and such. NAT gateways should be like 1/2 or 1/3 the current cost.
I can only recommend fck-nat.dev as an alternative to aws’s own nat instances.
Fck-nat is great, and I'm running it for the exact same reason that the NAT Gateway is expensive for my hobby project. I configured it with an auto scaling group to bring it back up if the instance dies. The instance doubles as a bastion host as well.
Awesome, will look at deploying fck-nat.dev. Love the name. So absurd AWS hasn’t updated their NAT instance AMI since 2018 and running Amazon Linux v1 which is end of life.
The ideal answer is IPv6 subnet with an egress only internet gateway