How do I build an AWS ec2 natgateway with Terraform?
To create an AWS EC2 NAT Gateway, we’ll cover the following steps:
- Set up a Virtual Private Cloud (VPC)
- Create Public and Private Subnets
- Provision an Internet Gateway (for public subnet connectivity)
- Allocate an Elastic IP for the NAT Gateway
- Create the NAT Gateway
- Configure Routing Tables for Public and Private Subnets
These steps ensure instances in your private subnet can access the internet (for software updates, etc.) but aren’t directly accessible from the internet.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// 1. Create VPC
const main = new aws.ec2.Vpc("main", {
cidrBlock: "10.0.0.0/16",
tags: {
Name: "main-vpc",
},
});
// 2. Create Public Subnet
const _public = new aws.ec2.Subnet("public", {
vpcId: main.id,
cidrBlock: "10.0.1.0/24",
mapPublicIpOnLaunch: true,
tags: {
Name: "public-subnet",
},
});
// 2. Create Private Subnet
const _private = new aws.ec2.Subnet("private", {
vpcId: main.id,
cidrBlock: "10.0.2.0/24",
tags: {
Name: "private-subnet",
},
});
// 3. Create Internet Gateway
const igw = new aws.ec2.InternetGateway("igw", {
vpcId: main.id,
tags: {
Name: "vpc-igw",
},
});
// 4. Create Elastic IP for NAT Gateway
const natEip = new aws.ec2.Eip("nat_eip", {vpc: true});
// 5. Create NAT Gateway
const nat = new aws.ec2.NatGateway("nat", {
allocationId: natEip.id,
subnetId: _public.id,
tags: {
Name: "nat-gateway",
},
});
// 6. Create Route Table for Public Subnet
const publicRt = new aws.ec2.RouteTable("public_rt", {
vpcId: main.id,
routes: [{
cidrBlock: "0.0.0.0/0",
gatewayId: igw.id,
}],
tags: {
Name: "public-route-table",
},
});
// 6. Associate Public Route Table with Public Subnet
const publicAssociation = new aws.ec2.RouteTableAssociation("public_association", {
subnetId: _public.id,
routeTableId: publicRt.id,
});
// 6. Create Route Table for Private Subnet
const privateRt = new aws.ec2.RouteTable("private_rt", {
vpcId: main.id,
routes: [{
cidrBlock: "0.0.0.0/0",
natGatewayId: nat.id,
}],
tags: {
Name: "private-route-table",
},
});
// 6. Associate Private Route Table with Private Subnet
const privateAssociation = new aws.ec2.RouteTableAssociation("private_association", {
subnetId: _private.id,
routeTableId: privateRt.id,
});
export const vpcId = main.id;
export const publicSubnetId = _public.id;
export const privateSubnetId = _private.id;
export const natGatewayId = nat.id;
export const publicRouteTableId = publicRt.id;
export const privateRouteTableId = privateRt.id;
Key Points:
- VPC and Subnets: Define the network space and private/public subnets.
- Internet Gateway: Enable internet connectivity for public subnet.
- NAT Gateway: Provide internet access for private subnet without exposing instances.
- Routing: Setup route tables to direct traffic appropriately.
Summary:
You’ve created an AWS EC2 NAT Gateway setup ensuring private subnet instances can reach the internet securely. This structure maintains a robust, secure, and scalable network configuration.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.