https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html aws document says - Public – (Default) Instances in private subnets can connect to the internet through a public NAT gateway, but cannot receive unsolicited inbound connections from the internet.
if private instance does not receive inbound connection how do they communicate with internet, does it mean they can receive inbound request only through NAT gateway?
HTTP request is inbound, so is there any protocol which makes non inbound connection? what are the other types of connections possible if not inbound.
I am lost at the point --> internet connection is possible but not inbound.
CodePudding user response:
internet connection is possible but not inbound
This means that instances in a private subnet, behind NAT, can only access internet. For example, you can download software on them, or perform their update. But, you can't access them from the internet. For example, you can't ssh into them from the internet.
CodePudding user response:
A Nat gateway makes it possible for the instances inside the subnet to make a new connection to the internet, but not receiving new connection "from the internet".
To "expose" instances inside a private network to the internet, you may use some kind of Load Balancer (A service which has IP, and forwarding the networking to specific instances).
There are three kinds of load balancers:
- Gateway Load Balancer - third layer of the OSI model (forwards all traffic to some instances)
- Network Load Balancer - fourth layer of the OSI model (forward sspecific port traffic to some instances)
- Application Load Balancer - seventh layer of the OSI model (forwards specific endpoint like
/index
to some instances)