Ask HN: Alternatives to NAT gateways for EC2 instances

6•nodesocket•1d ago

I’m looking to deploy EC2 instances in multiple availability zones and would like the EC2 instances to only be on the private subnet with no public ip address assigned. However the instances need outbound access for API requests, etc.

NAT gateways cost $32/mo per AZ and that doesn’t include bandwidth which is absurdly expensive. I could manually deploy NAT instances but still looking at a minimum of around $8/mo per for t5g.small instances and EBS. Not to mention the maintenance and setup of the NAT instances.

Any clever tricks for outbound internet access for EC2 instances that are in private subnets?

Comments

spaceprison•1d ago

You’ll need a vpc subnet connected “something” with outbound access.

Natgw and nat instance are about all there is or something crazy like a site to site vpn attached to your vgw and a server/firewall outside of aws/ec2 connected to the internet acting like a router…?

nodesocket•1d ago

Thanks, figured as much. AWS hasn't lowered the price of NAT gateways in (ever) I think. It's a bit absurd seeing as the dramatic price reduction of Graviton based instances and such. NAT gateways should be like 1/2 or 1/3 the current cost.

somedanishguy•1d ago

I can only recommend fck-nat.dev as an alternative to aws’s own nat instances.

nodesocket•1d ago

Awesome, will look at deploying fck-nat.dev. Love the name. So absurd AWS hasn’t updated their NAT instance AMI since 2018 and running Amazon Linux v1 which is end of life.

romanhn•1d ago

Fck-nat is great, and I'm running it for the exact same reason that the NAT Gateway is expensive for my hobby project. I configured it with an auto scaling group to bring it back up if the instance dies. The instance doubles as a bastion host as well.

samcat116•1d ago

The ideal answer is IPv6 subnet with an egress only internet gateway

ecesena•11h ago

If cost is the main issue, could you route all instances through a single nat, instead of one per AZ?

Mental Refactoring for the AI Age

Process improvement is more important than metrics

Show HN: Kefir – Native macOS menubar app for KEF wireless speakers

It turns out you can train AI models without copyrighted material

Symbase – A Symbolic Logic OS You Can Run in the Browser

Mono-JSX: JSX runtime for server side

Show HN: Offline ESP32 that displays a new QR code every 30 seconds

Nuclear fusion record smashed as German scientists take significant step forward

How US cities are supporting local economies through open contracting

Make It Rain: State Control of the Atmosphere in Twentieth Century America(2017)

EU's public consultation on the AI Act's classification of high-risk systems

Analyzing Metastable Failures in Distributed Systems

Highlighting commonalities increases the perceived legitimacy of critical voices

Tidewave: Beyond Code Intelligence

Pi in Pascal's Triangle

Being fat is a trap

Evu

Ask HN: Google Workspace (impossibly) created on Gmail account

MBA Harvard Feels Undervalued

Why Won't Some Musicians Take Me Seriously?

Show HN: Which side are you? Elon? Trump? Hate both?

Michigan 10th century farming – drone-based survey of 330-acre area using Lidar

ThornWalli/web-workbench: Old operating system as homepage

Anki Users Get Rickrolled – Why Open Source Needs Trademarks

Google's ADK for agentic AI development – and some general thoughts

The Common Pile

Upcoming Changes to the Chrome Root Store

The Illusion of Thinking

Software engineering laws with comics – Hyrum's,Zawinski's,Conway's and 10 more

The Bitcoin scandal shaking Czech politics