Remove the NAT Gateway on AWS Infrastructure

[mukul-mehta]

Right now, we use a NAT Gateway in our infrastructure to allow resources inside a public subnet to access resources present inside of a private subnet (All part of the same VPC). AWS mandates creating ECS services inside of a private subnet which is why we need a NAT Gateway to route connections to resources inside private subnets (Needs to be looked into again to confirm)

The issue with having a NAT Gateway is that it is the major contributor to infrastructure costs. NAT seems an expendable resource inside of the infra if the issue with routing is fixed and hence we need to find a solution to either remove the need for private subnets (Hence removing the need for a NAT) or access resources in private subnets without a NAT (Which is unlikely if not impossible, what's the point of a private subnet otherwise)

[2000yeshu]

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-configure-network.html
Here, it is written that if we are using awsvpc mode in task definition and EC2 launch type, only then there is a limitation to only host service within a private subnet. Alternately, if we use AWS Fargate launch type, then these tasks can get public IP addresses.
Have a look as well. Thanks

[mukul-mehta]

Hi @2000yeshu
Thanks for your comment and sorry for the delay. We'd love to discuss this over on the Slack workspace. Let me go through the link you've shared