[ArchOversight]

Why shouldn't someone assign a public IPv4 address to a server? The whole NAT game is just that, a game.

Also, NAT gateways cost money in AWS, so much that it is a running joke:

https://twitter.com/QuinnyPig/status/1294047698560012289

https://twitter.com/QuinnyPig/status/1293366642567651330

NAT doesn't add any additional security, Security Groups are fantastic at allowing you define your ingress/egress between instances and protecting them from harm.

All my instances get an IPv4 address an an IPv6 address by default so that there is parity. The fact that the IPv4 address still goes through some sort of NAT on AWS's side (1:1 but still NAT) kind of bothers me.

[_alex_]

> The fact that the IPv4 address still goes through some sort of NAT on AWS's side (1:1 but still NAT) kind of bothers me.

Why does that bother you?

[ArchOversight]

Cause all my services bind to a private IP on the inside. I don't see the real IP that it is receiving traffic on.

Also, if I have multiple IP's with EIP's attached so I can host multiple services (with unique IP's) I have to write automation to make sure I bind the service to the right internal private IP for the appropriate external IP address. It'd be much better if the IP address were routed directly to my EC2 instance.

[outworlder]

> I have to write automation to make sure I bind the service to the right internal private IP for the appropriate external IP address.

Isn't that done in a more straightforward fashion by AWS loadbalancers? AWS load balancer IPs and ports on one side, listeners on the other side talking to your instances - if the instances are also in auto-scaling groups, there's zero automation needed after you set this up.