2

I'm building an AWS VPC network lab via Terraform.

I want to add a NAT Gateway in order that my private network instances could access the internet for software updates.

From the Terraform spec you can see the an "allocation_id" is a required attribute:

allocation_id - (Required) The Allocation ID of the Elastic IP address for the gateway.

Checked also in AWS spec - In step 1:

A NAT gateway requires an Elastic IP address in your public subnet...

My question is: Why can't the NAT Gateway use a simple non static IPv4 address?

What is the logic reason for that? (technically, it is the only option to configure).

Note: The question is in the scope of AWS, not Terraform.


Short Example for Nat Gateway config in Terraform:

resource "aws_nat_gateway" "natgw" {
  allocation_id = "${(aws_eip.nateip.id)}"
  subnet_id     = "${(aws_subnet.public.id)}"
  depends_on    = ["aws_internet_gateway.igw"]
}
RtmY
  • 277
  • 2
  • 9
  • What do you mean by "simple public IPv4 address"? What is your proposed use case? – Michael Hampton Mar 17 '19 at 15:23
  • I mean a public IP address that will be generated by AWS (for the NAT Gateway) and not be allocated as EIP. – RtmY Mar 17 '19 at 15:38
  • What is your proposed use case? Why do you want this? – Michael Hampton Mar 17 '19 at 15:56
  • proposed use case - Using a non elastic IP with NAT Gateway ("Regular" IP which is not static). Why do I want this - I don't want to be billed for the EIP. – RtmY Mar 17 '19 at 16:04
  • You aren't billed for an EIP you are actually using? – Michael Hampton Mar 17 '19 at 16:05
  • As far As I see - yes. Maybe I'm missing something here - But I think those questions are less relevant for the discussion. – RtmY Mar 17 '19 at 16:07
  • 3
    So I'm confused as to why you say you don't want to be billed for something you already won't be billed for! – Michael Hampton Mar 17 '19 at 16:10
  • 1
    Lets focus on my original question. The discussion of whether I'm being billed for the these extra EIP as not in the discussion's scope (: Thank you @Michael Hampton. – RtmY Mar 17 '19 at 16:13
  • We don't do that here. We focus on solving actual business problems. We avoid and discourage questions with [XY problems](https://meta.stackexchange.com/q/66377/189912) such as this one. – Michael Hampton Mar 17 '19 at 16:15
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/91169/discussion-between-rotem-jackoby-and-michael-hampton). – RtmY Mar 17 '19 at 16:20
  • Thank you @eckes , I think your comment is worth to be published as a legitimate answer and open the discussion this topic. – RtmY Mar 17 '19 at 20:38

2 Answers2

6

There is no way around having an Elastic IP for those NAT Gateways, it is probably because the Gateways can be restarted and recreated automatically (and therefore reduce the interruption by hanging onto the same IP)

An EIP does not cost extra when attached, so you only need to make sure to release them once your NAT Gateway is removed.

In some situations going with a NAT Instance instead of a NAT gateway would be an option, In this case a dynamic public IP would work. A NAT instance can also be used as a jump host or a caching proxy (for your package repository). But you have to manage itself.

IPv6 outgoing NAT gateway also does not require a EIP defined.

eckes
  • 835
  • 9
  • 21
3

This is because the NAT gateways can get restarted, either by maintenance or by crashes. so as a failsafe AWS forces you to use an EIP.

as eckes suggests, you could create your own NAT instance, which in the past was the only way to do natting.

You can check this terraform module https://github.com/terraform-community-modules/tf_aws_nat

Diego Velez
  • 780
  • 1
  • 6
  • 13