AWS Networking — Top 4 Similar Terms that Confuse you All the Time
1 — NAT Gateway VS NAT Instance
NAT Gateway is managed by AWS. This is always go-to solution.
NAT Instance is managed by you. For more complex case, this suits you more when
- Allow some port
by attach security group. - Use as bastion host
Otherwise you will pay for another EC2
2 — Internet Gateway VS Egress Only Internet Gateway
Two type of gateway in AWS.
You cannot configure Internet Gateway to be egress-only or vice versa.
They live in different bullet under VPC menu.
Both are not configurable. Give it a name and there you go.
Tips: NAT Gateway VS Egress Only Internet Gateway
Looks like they have same functionality.
With NAT gateway every traffic is originated from single IP of NAT.
With Egress Only Internet Gateway, every server in that subnet talk to the outside world with it own IP.
3 — Gateway Endpoint VS VPC Endpoint
Gateway Endpoint is for S3 and DynamoDB only
VPC Endpoint or VPC Interface Endpoint is a network interface (card).
It can be used for wider range of service e.g., ELB, SQS, SNS.
4— AWS Network Firewall VS AWS Firewall Manager
AWS Network Firewall is VPC features that apply rule to the entire VPC. This is under VPC menu.
AWS Firewall Manager manage firewall rule ACROSS ACCOUNT. This is under WAF & Shield menu.