Thank you Bharat1287!

Thank you Jasper5016!

@@stuartscott6368 - Just to tell you, I cleared my SAA exam and your videos had a great contribution to it.

@@jasper5016 Congratulations to you, that's an awesome achievement! Great work, and thank you for letting me know! 👍

Thank you very much Fahad Ali, I appreciate the feedback

Hi Julian, thank you! I'm pleased to hear it cleared up any confusion you had!

Thank you Chris, appreciate the feedback!

Thank you Armen!

Thank you Robert, appreciate the feedback!

Happy to hear you got your answer arithex!

Thank you Mario

Thank you Diego!

Yes, the NAT Gateway will manage the communication

Hi belfunkk, this largely depends on what you want the private instances to access. For example, if the private instances are communicating using HTTP, then you would use port 80 as the port on the outbound ruleset, pointing to the Private IP of the NAT G/W as the destination.

Hi Steve, the request has to be initiated from the instance requiring the update first. As long as the request comes from an internal resource first, in this case, the instance, the NAT will forward the request externally and then receive the reply and allow comms between the outside world and the private instance. The NAT just doesn't accept inbound connections being initiated to internal resources. Thank you for the positive feedback too! Much appreciated!

@@stuartscott6368 That makes sense. Many many thanks.

Hey Susan, you can find here cloudacademy.com/search/?platform=amazon-web-services&product=lab&q=labs all of our AWS labs where you can practice your skills in a live AWS environment. If you prefer, you can register here info.cloudacademy.com/free-courses-list and start training for free with our selection of free content. Don’t hesitate to reach out if you have any other questions. Thanks, Cloud Academy Team.

A pleasure, thank you Keyntankeye

Correct, the NAT GW will contact the resource requested from the source client, in this example, the private EC2 instance

Thank you, I just used a GAOMON digital drawing board with a drawing app

Thank you Christopher!

Hi Abhishek, you are correct, so if you have a multi-AZ infrastructure with more than one public subnet, then to maintain high availability you should create a NAT Gateway in each of the public AZs and update the routing accordingly for each of the private subnets.

Hi Luis - You can find a summary table comparing the 2 here: docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html

Thank you Nivin - I was using Sketchbook by Autodesk with a Gaomon digital drawing tablet.

Hi Vinay, a NAT gateway is used to allow instances in a private subnet to initiate a connection to the internet, while preventing connections being made inbound. NAT Gateways are not used to connect or exchange data flow between 2 VPCs. If you want to route connect to VPCs together, consider using VPC Peering or the AWS Transit Gateway. One point to remember is that NAT Gateways are not able to route any traffic through a VPC peering connection, a Site-to-Site VPN connection, or AWS Direct Connect. Even when you have 2 or more VPCs connected via peering or Transit gateway, the NAT gateway can't be used by resources on the other side of these connections by other VPCs.

@@stuartscott6368 Thanks a lot ... Explained clearly..

that is if your looking at it from the network layer rules, but the function of the NAT gateway is also to translate the private IP address into Public IP adress (At least thats what the theory says)

1. Security Groups of EC2 instances has to allow outbound traffic 2. ACL also has to allow which ports and CIDR block are allowed to be reached at Subnet level. 3) Now How your private subnet is connected to internet which is addressed by NAT instance or NAT gateway in public subnet, which gives you a public IP. which inturn talks to Internet Gateway.

NACL is managed by aws and all the traffics are allowed by default,,,,u cant change that

@syed Farhan Haider. If you created a NACL and associated it with the private Subnet that blocked ALL inbound traffic, then no communication could be made to any resource within that Subnet from outside of that subnet. All the traffic will be blocked at the network layer. This would essentially isolate your subnet from every other subnet in your VPC, obviously, this is not ideal. NACLs control network traffic using ports and protocols at the subnet level. Luis is also correct in stating that the NAT will perform translation as well.

@@rakesh4642 Hi Rakesh, that is not strictly true. AWS will create a default NACL for your VPC that does not have any restrictions configured at all and effectively allows ALL traffic. However, you can create your own NACLs that contain far more restrictive controls, and this is recommended. You can then associate different restricted NACLs to different Subnets within your VPC. Only 1 NACL can be associated with 1 subnet, however, you can associate the same NACL to multiple subnets

Glad you like this video TheSidhussain!

Thank you TheSidhussain

A pleasure, thank you Amita!