Ask HN: Alternatives to NAT gateways for EC2 instances

6•nodesocket•8mo ago

I’m looking to deploy EC2 instances in multiple availability zones and would like the EC2 instances to only be on the private subnet with no public ip address assigned. However the instances need outbound access for API requests, etc.

NAT gateways cost $32/mo per AZ and that doesn’t include bandwidth which is absurdly expensive. I could manually deploy NAT instances but still looking at a minimum of around $8/mo per for t5g.small instances and EBS. Not to mention the maintenance and setup of the NAT instances.

Any clever tricks for outbound internet access for EC2 instances that are in private subnets?

Comments

spaceprison•8mo ago

You’ll need a vpc subnet connected “something” with outbound access.

Natgw and nat instance are about all there is or something crazy like a site to site vpn attached to your vgw and a server/firewall outside of aws/ec2 connected to the internet acting like a router…?

nodesocket•8mo ago

Thanks, figured as much. AWS hasn't lowered the price of NAT gateways in (ever) I think. It's a bit absurd seeing as the dramatic price reduction of Graviton based instances and such. NAT gateways should be like 1/2 or 1/3 the current cost.

somedanishguy•8mo ago

I can only recommend fck-nat.dev as an alternative to aws’s own nat instances.

nodesocket•8mo ago

Awesome, will look at deploying fck-nat.dev. Love the name. So absurd AWS hasn’t updated their NAT instance AMI since 2018 and running Amazon Linux v1 which is end of life.

romanhn•8mo ago

Fck-nat is great, and I'm running it for the exact same reason that the NAT Gateway is expensive for my hobby project. I configured it with an auto scaling group to bring it back up if the instance dies. The instance doubles as a bastion host as well.

samcat116•8mo ago

The ideal answer is IPv6 subnet with an egress only internet gateway

ecesena•8mo ago

If cost is the main issue, could you route all instances through a single nat, instead of one per AZ?

GPT-5.3-Codex System Card [pdf]

Atlas: Manage your database schema as code

Geist Pixel

Show HN: MCP to get latest dependency package and tool versions

The better you get at something, the harder it becomes to do

Show HN: WP Float – Archive WordPress blogs to free static hosting

Show HN: I Hacked My Family's Meal Planning with an App

Sony BMG copy protection rootkit scandal

The Future of Systems

NASA now allowing astronauts to bring their smartphones on space missions

Claude Code Is the Inflection Point

Show HN: MicroClaw – Agentic AI Assistant for Telegram, Built in Rust

Show HN: Omni-BLAS – 4x faster matrix multiplication via Monte Carlo sampling

The AI-Ready Software Developer: Conclusion – Same Game, Different Dice

AI Agent Automates Google Stock Analysis from Financial Reports

Voxtral Realtime 4B Pure C Implementation

I Was Trapped in Chinese Mafia Crypto Slavery [video]

U.S. CBP Reported Employee Arrests (FY2020 – FYTD)

Show HN: I built a free UCP checker – see if AI agents can find your store

Show HN: SVGV – A Real-Time Vector Video Format for Budget Hardware

Study of 150 developers shows AI generated code no harder to maintain long term

Spotify now requires premium accounts for developer mode API access

When Albert Einstein Moved to Princeton

Agents.md as a Dark Signal

System time, clocks, and their syncing in macOS

McCLIM and 7GUIs – Part 1: The Counter

So whats the next word, then? Almost-no-math intro to transformer models

Ed Zitron: The Hater's Guide to Microsoft

UK infants ill after drinking contaminated baby formula of Nestle and Danone

Show HN: Android-based audio player for seniors – Homer Audio Player