NAT Gateways in Thalassa Cloud VPCs
A NAT (Network Address Translation) Gateway enables outbound internet access for workloads running in private subnets within a Virtual Private Cloud (VPC) in Thalassa Cloud. NAT Gateways allow instances in private subnets to access external services while preventing inbound connections, ensuring security and isolation.
NAT Gateway Capabilities
| Capability | Description |
|---|---|
| Outbound Internet Access | Allows resources in private subnets to access the internet securely. |
| Private Subnet Isolation | Prevents direct inbound traffic, ensuring a higher security posture. |
| Automatic Address Translation | Handles automatic mapping of private IP addresses to public IPs for outbound traffic. |
| High Availability | NAT Gateways operate within an availability zone and can be deployed redundantly for failover scenarios. |
| Scalability | Supports high bandwidth throughput for handling multiple concurrent connections from workloads. |
NAT Gateway Behavior and Constraints
Enabling Outbound Connectivity
Private subnets in Thalassa Cloud do not have direct internet access by default. To allow instances in private subnets to communicate with external services (e.g., downloading updates, connecting to APIs), users must configure a NAT Gateway.
Subnet Association
A NAT Gateway is deployed in a subnet and is automatically associated with an Public IP. Private subnets must have their default route in the Route Table configured to forward outbound traffic to the NAT Gateway. This ensures that all outbound internet traffic from private subnets is routed through the NAT Gateway.
Security Considerations
- NAT Gateways only allow outbound traffic from private subnets; they do not permit inbound connections.
- For services requiring inbound access, consider using a Load Balancer instead.
- Thalassa Cloud automatically assigns a public IP to the NAT Gateway but does not expose internal workloads.
Summary
NAT Gateways in Thalassa Cloud provide secure outbound internet access for private subnets while maintaining network isolation. By deploying a NAT Gateway, organizations can ensure controlled access to external services without exposing internal workloads. Proper configuration of route tables and security policies ensures seamless network connectivity within the cloud environment.