Swiftorial Logo
Home
Swift Lessons
Matchups
CodeSnaps
Tutorials
Career
Resources

Tech Matchups: Elastic IP vs NAT Gateway

Overview

Elastic IP is a static public IP address assigned to an instance or network interface, enabling consistent public connectivity.

NAT Gateway allows private subnet instances to initiate outbound internet traffic while blocking inbound connections.

Both enable internet connectivity: Elastic IP for public instances, NAT Gateway for private subnets.

Fun Fact: Elastic IPs are free when attached to running instances!

Section 1 - Functionality and Use

Elastic IP provides a fixed public IP—e.g., assigning 203.0.113.10 to an EC2 web server in a public subnet for DNS consistency.

aws ec2 allocate-address --domain vpc aws ec2 associate-address --instance-id i-12345678 --allocation-id eipalloc-87654321

NAT Gateway enables outbound traffic from private subnets—e.g., an EC2 app server (10.0.1.10) fetching updates via a NAT Gateway in a public subnet.

aws ec2 create-nat-gateway --subnet-id subnet-12345678 --allocation-id eipalloc-87654321

Scenario: Elastic IP for a public API server; NAT Gateway for a private database’s updates.

Section 2 - Connectivity and Security

Elastic IP allows bidirectional traffic, requiring Security Groups/NACLs for protection—e.g., allowing TCP 80 from 0.0.0.0/0. Public exposure needs tight rules.

NAT Gateway permits outbound-only traffic, inherently blocking inbound connections. Security Groups control outbound access—e.g., TCP 443 to 0.0.0.0/0.

Scenario: Elastic IP exposes a web server to users; NAT Gateway shields a private app server. Elastic IP is open; NAT Gateway is secure.

Key Insight: NAT Gateway’s inbound block enhances private subnet security!

Section 3 - Cost and Scalability

Elastic IP is free when attached to a running instance; unattached or extra IPs cost $0.005/hour. Data transfer costs apply ($0.09/GB out in us-east-1).

NAT Gateway charges $0.045/hour + $0.045/GB in us-east-1. Example: 1TB/month costs ~$136.80 ($32.40 hourly + $104.40 data).

Elastic IP scales to 5 per account (extendable); NAT Gateway scales to 45 Gbps, with multiple NATs for higher throughput.

Scenario: Elastic IP for cost-effective public IPs; NAT Gateway for secure private traffic.

Section 4 - Use Case Scenarios

Elastic IP suits public-facing instances—e.g., a web server or VPN endpoint needing a consistent IP for DNS or whitelisting.

NAT Gateway fits private subnets—e.g., backend servers or databases needing internet access for patches without public exposure.

Scenario: Elastic IP for a public load balancer; NAT Gateway for a private analytics engine.

Quick Tip: Attach Elastic IPs to NAT Gateways for consistent outbound IPs!

Section 5 - Comparison Table

Aspect Elastic IP NAT Gateway
Traffic Bidirectional Outbound Only
Scope Instance-level Subnet-level
Cost Free (Attached) + Data Hourly + Data
Security SGs/NACLs Inbound Blocked
Best For Public Instances Private Subnets

Elastic IP for public access, NAT Gateway for private outbound. Use both for secure VPCs.

Conclusion

Elastic IP and NAT Gateway enable internet connectivity with distinct roles. Elastic IP provides static public IPs for consistent access, ideal for public-facing instances. NAT Gateway ensures private subnets access the internet securely, perfect for internal resources.

Weigh traffic (bidirectional vs. outbound), scope (instance vs. subnet), and cost (free vs. hourly). Use Elastic IP for public resources, NAT Gateway for private—or combine: Elastic IP for frontends, NAT Gateway for backends.

Pro Tip: Reserve Elastic IPs for critical instances to avoid reassignment!