from Hacker News

Ask HN: Alternatives to NAT gateways for EC2 instances

by nodesocket on 6/5/25, 1:38 AM with 7 comments

I’m looking to deploy EC2 instances in multiple availability zones and would like the EC2 instances to only be on the private subnet with no public ip address assigned. However the instances need outbound access for API requests, etc.

NAT gateways cost $32/mo per AZ and that doesn’t include bandwidth which is absurdly expensive. I could manually deploy NAT instances but still looking at a minimum of around $8/mo per for t5g.small instances and EBS. Not to mention the maintenance and setup of the NAT instances.

Any clever tricks for outbound internet access for EC2 instances that are in private subnets?

  • by spaceprison on 6/5/25, 2:46 AM

    You’ll need a vpc subnet connected “something” with outbound access.

    Natgw and nat instance are about all there is or something crazy like a site to site vpn attached to your vgw and a server/firewall outside of aws/ec2 connected to the internet acting like a router…?

  • by somedanishguy on 6/5/25, 3:44 AM

    I can only recommend fck-nat.dev as an alternative to aws’s own nat instances.

  • by ecesena on 6/6/25, 1:57 AM

    If cost is the main issue, could you route all instances through a single nat, instead of one per AZ?

  • by samcat116 on 6/5/25, 3:53 AM

    The ideal answer is IPv6 subnet with an egress only internet gateway