AWS NAT – Create EC2 NAT

AWS NAT – Create EC2 NAT

Wow, I had to post something about this after getting my AWS bill. I had an AWS setup NAT and recently changed to an EC2 NAT.

I’ve been working with Lambda recently and I had a Lambda function I needed to utilize SQS as well as an RDS instance. Sounds easy, and it wasn’t exactly difficult, but there are definitely some caveats to consider. The big thing I learned was that Lambda functions will need NAT to access resources if the Lambda function is running on your VPC. For both of these configurations you will need an Internet Gateway already configured as well.


Holy cow, this thing costs $30+ monthly!!!

Easy to setup, just read the docs.

It was super simple to setup but I can’t justify the cost by the ease of setup at this time. This is something I’m going to setup once, so a recurring $30+ premium for it is just too much for my small setup. I googled for some alternatives and found I can spin up a NAT instance from an AMI.


An EC2 NAT is the way to go. I selected a micro instance and the correct AMI image as the EC2 NAT.

I deployed this instance into a subnet associated with the following route table with a route to the Internet Gateway.
NAT route table

So now I have an EC2 NAT instance with a public IP and a route to the internet.

To get traffic out to the internet from any other internal/private subnet I can add them to a subnet with a route to the NAT instance.
lambda route table

This is what I’ve done with my lambda functions. So now anything running in the lambda subnets can access SQS and RDS from my VPC.

In the end changing to an EC2 NAT has saved me about $35 a month. This is a big deal for a small setup but for larger enterprises the $35+ extra every month could be worth it. That’s for you to decide.

Leave a Reply

Your email address will not be published. Required fields are marked *