[ttt3ts]

Bit confused. Couldn't you just run a Linux VM to do your NAT and only pay normal egress?

[endgame]

Yes. And AWS do (sorta) offer a NAT AMI (amazon machine image) if you want to do more management yourself and not get extorted for bandwidth.

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Ins...

I say sorta because it's built on an old version of Amazon Linux and is headed towards EOL with no replacement except "go build your own" as you suggest.

https://www.lastweekinaws.com/blog/an-alternat-future-we-now...

AlterNAT uses managed NAT Gateways as a fallback when the NAT Instance is out of service, but again you will have to make your own NAT AMI.

This is not to excuse AWS' frankly absurd NATGW pricing, but to point out other ways around it.

[dwilkie]

You don’t actually need to use the AMI. Here’s an example of a NAT instance we build from scratch:

https://github.com/somleng/somleng-project/blob/main/infrast...

[ttt3ts]

Thanks! That is exactly what I wanted to know.

[endgame]

Another thing: EC2 instances (VMs) have a "Source/Destination IP check" which makes them ignore any packets not intended for them. If you want an instance to do NAT, you need to turn this off.

[tedivm]

I've also got an open source terraform module for this-

https://github.com/tedivm/terraform-aws-nat

[jon_richards]

Weird, I was just looking into this yesterday and found https://fck-nat.dev/

[deadmutex]

> just run a Linux VM

+ Run extra for failover, HA etc + manage security + Monitor performance + ...

[ttt3ts]

You would have to run that in your own data center which is what original poster was comparing to.

[otterley]

You also have to do it in AWS if you don't want to use the NAT Gateway service and still desire reliability over and above the MTBF for an EC2 instance or AZ, or ever want to do anything requiring a reboot.