NAT gateway for ec2 instances
Generally you will have 2 kinds of subnets in a VPC:
-
Public subnet
- has IGW and optionally NAT
-
0.0.0.0/0
there points to the IGW - hosts (EC2 instances) must have public IP or elastic IP attached as they go directly to the internet
- hosts can be contacted from the internet on this public/elastic IP (if Security Group permits)
-
Private subnet
- has no IGW or NAT
- the
0.0.0.0/0
points to the NAT in the public subnet above - hosts only have private IP and all outbound access is "masked" to the NAT gateway IP
- hosts can initiate connections to the internet but can't be contacted from outside as they are "hidden" behind the NAT (Network Address Translation gateway).
- without NAT configured hosts won't have internet access
Hope that explains it :)