A Network Address Translation (NAT) Gateway is a service that is used to connect instances in a private VPC subnet to the public internet.

To allow your cloud instances to access the public internet, the instance usually either needs to have a public IP address or connects to a NAT gateway. However, NAT Gateway can be costly. This article and similar github issues are examples of how NAT Gateway costs can quickly add up.

If we look at the current pricing for NAT Gateway on the major cloud platforms.

Cloud Provider	Cost per hour	Cost per GiB
AWS (us-east-1)	$0.045	$0.045
Azure	$0.045	$0.045
Google Cloud	$0.044	$0.045

As a NAT Gateway is needed for each subnet. That’s easily $32 per month per private subnet, not counting the cost of any egress data. For data intensive applications, the data egress would also be costly. That’s why some companies have resolved to developing their own NAT instances.

AWS used to provide a NAT instance AMI but the support is now deprecated. Digital ocean has some documentation on setting up a NAT instance which can be a much cheaper option. The user would only need to pay for the instance and the egress from the instance, and digital ocean droplets have free egress allowance. While setting up NAT instances can potentially reduce cost, it may impact the availability of the service. For more detailed comparison between self-hosted NAT instance and NAT gateway, see this article. NAT Gateway also has other limitations. For example a single NAT Gateway on AWS can support only up to 100 Gbps of bandwidth and 10 million packets per second.

Thanks to Thanan Traiongthawon for providing early feedback!

Glossary

Using AWS examples: