Can we have Two AWS NAT instances in the Same AZ

Question

I am currently working NAT instances on HA in same AZ there is documentation for multiple AZ, but not on same AZ. Is it possible for HA of NAT instances in same AZ.

Any Help is appreciated

Answer 1

I met a related question in Solution Architect exam tests. You can surely have as many NAT instances in 1 AZ as you want, but anything that is replicated inside 1 AZ is not considered HA.

Since NAT is related to Egress control here are a couple of articles about that:

• Controlling Egress for VPC
• How to add dns filtering to your nat instance with squid
• Enforcing a squid access policy for amazon s3

As pointed out in Xeraa's answer there's no way to have multiple NAT instances simultaneously because the whole idea of having NAT is to ensure that all traffic goes through it. And at the same time there is a limitation that there can only be one default route. So for HA solution you either need:

• Extra LB
• Instance-level configuration per each instance
• or a managed NAT Gateway

Even with an extra ELB it's gonna require some tweaks per instance since you won't be able to point your RTs to ELB. Here is what you can use as a destination for Route Table:

Answer 2

The two standard patterns for High Availability NAT are:

• High Availability for Amazon VPC NAT Instances: An Example
• Using Squid Proxy Instances for Web Service Access in Amazon VPC: An Example (Uses proxies instead of route tables, I think)

If you are using the NAT for traffic to Amazon S3, you can also take advantage of VPC Endpoint for S3 to reduce the reliance on having a HA NAT.

Answer 3

While you can have multiple NAT instances inside a single AZ, each routing table (associated with a subnet) can only have a single entry for the route 0.0.0.0/0.

The HA approach is normally to have 2 NAT instances (one active, the other one on standby), which check each other. If the standby instance cannot reach the active one, it will replace the other instance's ENI on the 0.0.0.0/0 routing entry.