Is a nat instance required per AZ?

in this session for configuring a nat instance -

I'm wondering if it is best practice or required to have a seperate NAT instance for each AZ?

I'm wondering if there are any updates on this subject as well.  I noticed that in the session a pem key is copied onto the nat instance which is could be a security risk.  its probably safer to teach people how to use ssh forwarding (ssh -A) to store the keys only locally.
  • post-author-pic
    Tia W

    Hi  @houdinifxtd ,  you are correct.  It would be better to have a NAT instance per AZ, however, keep in mind that AWS recommends NAT gateways over NAT instances.   

    Also, It looks like you may be looking at the old version of the Solution Architect Associate course.  If you are pursuing the certification, the 2018 version of the course is the one you would want to review.  Just an FYI in case you were not aware.

  • post-author-pic
    Andrew G

    Thanks Tia,

    I've been refered to this by linux academy support from another course and its assumed knowledge in Active Directory and Amazon Web services.  

    as far as I can tell, a nat gateway cannot be logged into, so its not possible to use open swan/strong swan unless I configure a nat instance.

    AWS only support vpn if you have direct connect I think, so I have to go down this route for now.  let me know if you think any of my assumptions here are incorrect!

    Thanks :)

  • post-author-pic
    Derek M

    VPN works without Direct Connect. In fact, if you check out the AWS Advanced Networking Specialty Course, I have several walkthroughs for their hosted VPN. Here is a link to the course:

Looking For Team Training?

Learn More