AWS::EC2::NatGateway

EC2 NatGateway

Specifies a network address translation (NAT) gateway in the specified subnet. You can create either a public NAT gateway or a private NAT gateway. The default is a public NAT gateway. If you create a public NAT gateway, you must specify an elastic IP address. With a NAT gateway, instances in a private subnet can connect to the internet, other AWS services, or an on-premises network using the IP address of the NAT gateway. For more information, see [NAT gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) in the *Amazon VPC User Guide*. If you add a default route (AWS::EC2::Route resource) that points to a NAT gateway, specify the NAT gateway ID for the route's NatGatewayId property. When you associate an Elastic IP address or secondary Elastic IP address with a public NAT gateway, the network border group of the Elastic IP address must match the network border group of the Availability Zone (AZ) that the public NAT gateway is in. Otherwise, the NAT gateway fails to launch. You can see the network border group for the AZ by viewing the details of the subnet. Similarly, you can view the network border group for the Elastic IP address by viewing its details. For more information, see [Allocate an Elastic IP address](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#allocate-eip) in the *Amazon VPC User Guide*.

Properties

12 configurable properties. Click a row to see details.

Filter:

Property	Type	Flags
`AllocationId`	`string`	Create-only
`AvailabilityMode`	`string`	Create-only
`AvailabilityZoneAddresses`	`Array<AvailabilityZoneAddress>`
`ConnectivityType`	`string`	Create-only
`MaxDrainDurationSeconds`	`integer`	Write-only
`PrivateIpAddress`	`string`	Create-only
`SecondaryAllocationIds`	`Array<string>`
`SecondaryPrivateIpAddressCount`	`integer`
`SecondaryPrivateIpAddresses`	`Array<string>`
`SubnetId`	`string`	Create-only
`Tags`	`Array<Tag>`
`VpcId`	`string`	Create-only

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`AutoProvisionZones`	`string`	-
`AutoScalingIps`	`string`	-
`EniId`	`string`	-
`NatGatewayId`	`string`	-
`RouteTableId`	`string`	-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::EC2::NatGateway

Resources:
  MyResource:
    Type: AWS::EC2::NatGateway
    Properties:
      Tags:
        - Key: Environment
          Value: Production

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

ec2:CreateNatGatewayec2:DescribeNatGatewaysec2:CreateTags

delete

ec2:DeleteNatGatewayec2:DescribeNatGateways

list

ec2:DescribeNatGateways

read

ec2:DescribeNatGateways

update

ec2:DescribeNatGatewaysec2:CreateTagsec2:DeleteTagsec2:AssociateNatGatewayAddressec2:DisassociateNatGatewayAddressec2:AssignPrivateNatGatewayAddressec2:UnassignPrivateNatGatewayAddress

Get the EC2 Cheat Sheet

Everything you need to know about EC2 on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceEC2

Properties17

Required0

TaggingSupported

Primary IDNatGatewayId

Supported Operations

CreateDeleteListReadUpdate

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

VpcIdSubnetIdConnectivityTypeAllocationIdPrivateIpAddressAvailabilityMode

Related Resources

External Links

AWS Documentation