Creating a NAT Service

You can create a NAT service in a public Subnet of a Net to enable virtual machines (VMs) in this Subnet to indirectly connect to the internet. You can create one NAT service for each public Subnet of the Net.

To do so, you also need to:

  • Add a rule allowing outbound flows to the internet to the security group used for the VMs you want to connect to the internet.

  • Add a route with the 0.0.0.0/0 CIDR block (or a smaller range of IPs) as destination and the ID of the newly created NAT service as target to the route table of the Subnet containing your VMs.

Creating a NAT Service Using Cockpit v2

Before you begin:

  1. In the NAT Services dashboard, click IconAddFull Create NAT Service.
    The CREATE NAT SERVICE dialog box appears.

  2. Specify the following information for the NAT service to create:

    • In the Name field, type a name for the NAT service.

      This action adds a Name tag of 255 characters maximum. You can use any character, including accented letters.

    • From the Subnet list, select the Net, then the Subnet for which you want to create the NAT Service.

    • From the Public IP list, select the Public IP you want to associate with the NAT Service.

  3. Click Create NAT Service.
    The NAT service is created.

Creating a NAT Service Using OSC CLI

Before you begin: Allocate a public IP to your account. For more information, see Allocating a Public IP to Your Account.

The CreateNatService command creates a network address translation (NAT) service in the specified public Subnet of a Net.
A NAT service enables virtual machines (VMs) placed in the private Subnet of this Net to connect to the Internet, without being accessible from the Internet.
When creating a NAT service, you specify the allocation ID of the public IP you want to use as public IP for the NAT service. Once the NAT service is created, you need to create a route in the route table of the private Subnet, with 0.0.0.0/0 as destination and the ID of the NAT service as target. For more information, see LinkPublicIP and CreateRoute.
This action also enables you to create multiple NAT services in the same Net (one per public Subnet).

You cannot modify the public IP associated with a NAT service after its creation. To do so, you need to delete the NAT service and create a new one with another public IP.

For more information, see About NAT Services.

Request sample
$ osc-cli api CreateNatService --profile "default" \
    --SubnetId "subnet-12345678" \
    --PublicIpId "eipalloc-12345678"

This command contains the following attributes that you need to specify:

  • ClientToken: (optional) A unique identifier which enables you to manage the idempotency.

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • PublicIpId: The allocation ID of the public IP to associate with the NAT service.
    If the public IP is already associated with another resource, you must first disassociate it.

  • SubnetId: The ID of the Subnet in which you want to create the NAT service.

The CreateNatService command returns the following elements:

  • NatService: Information about the NAT service.

    • ClientToken: The idempotency token provided when creating the NAT service.

    • NatServiceId: The ID of the NAT service.

    • NetId: The ID of the Net in which the NAT service is.

    • PublicIps: Information about the public IP or IPs associated with the NAT service.

      • PublicIp: The public IP associated with the NAT service.

      • PublicIpId: The allocation ID of the public IP associated with the NAT service.

    • State: The state of the NAT service (pending | available | deleting | deleted).

    • SubnetId: The ID of the Subnet in which the NAT service is.

    • Tags: One or more tags associated with the NAT service.

      • Key: The key of the tag, with a minimum of 1 character.

      • Value: The value of the tag, between 0 and 255 characters.

  • ResponseContext: Information about the context of the response.

    • RequestId: The ID of the request.

Result sample
{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "NatService": {
    "Tags": [],
    "SubnetId": "subnet-12345678",
    "NatServiceId": "nat-12345678",
    "PublicIps": [
      {
        "PublicIpId": "eipalloc-12345678",
        "PublicIp": "192.0.2.0"
      }
    ],
    "NetId": "vpc-12345678",
    "State": "available"
  }
}

Creating a NAT Service Using oapi-cli

Before you begin: Allocate a public IP to your account. For more information, see Allocating a Public IP to Your Account.

The CreateNatService command creates a network address translation (NAT) service in the specified public Subnet of a Net.
A NAT service enables virtual machines (VMs) placed in the private Subnet of this Net to connect to the Internet, without being accessible from the Internet.
When creating a NAT service, you specify the allocation ID of the public IP you want to use as public IP for the NAT service. Once the NAT service is created, you need to create a route in the route table of the private Subnet, with 0.0.0.0/0 as destination and the ID of the NAT service as target. For more information, see LinkPublicIP and CreateRoute.
This action also enables you to create multiple NAT services in the same Net (one per public Subnet).

You cannot modify the public IP associated with a NAT service after its creation. To do so, you need to delete the NAT service and create a new one with another public IP.

For more information, see About NAT Services.

Request sample
$ oapi-cli --profile "default" CreateNatService \
    --SubnetId "subnet-12345678" \
    --PublicIpId "eipalloc-12345678"

This command contains the following attributes that you need to specify:

  • ClientToken: (optional) A unique identifier which enables you to manage the idempotency.

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • PublicIpId: The allocation ID of the public IP to associate with the NAT service.
    If the public IP is already associated with another resource, you must first disassociate it.

  • SubnetId: The ID of the Subnet in which you want to create the NAT service.

The CreateNatService command returns the following elements:

  • NatService: Information about the NAT service.

    • ClientToken: The idempotency token provided when creating the NAT service.

    • NatServiceId: The ID of the NAT service.

    • NetId: The ID of the Net in which the NAT service is.

    • PublicIps: Information about the public IP or IPs associated with the NAT service.

      • PublicIp: The public IP associated with the NAT service.

      • PublicIpId: The allocation ID of the public IP associated with the NAT service.

    • State: The state of the NAT service (pending | available | deleting | deleted).

    • SubnetId: The ID of the Subnet in which the NAT service is.

    • Tags: One or more tags associated with the NAT service.

      • Key: The key of the tag, with a minimum of 1 character.

      • Value: The value of the tag, between 0 and 255 characters.

  • ResponseContext: Information about the context of the response.

    • RequestId: The ID of the request.

Result sample
{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "NatService": {
    "Tags": [],
    "SubnetId": "subnet-12345678",
    "NatServiceId": "nat-12345678",
    "PublicIps": [
      {
        "PublicIpId": "eipalloc-12345678",
        "PublicIp": "192.0.2.0"
      }
    ],
    "NetId": "vpc-12345678",
    "State": "available"
  }
}

Creating a NAT Gateway Using AWS CLI

Before you begin:

To create a NAT gateway, use the create-nat-gateway command following this syntax:

Request sample
$ aws ec2 create-nat-gateway \
    --profile YOUR_PROFILE \
    --subnet-id subnet-12345678 \
    --allocation-id eipalloc-87654321 \
    --endpoint https://fcu.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

  • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.

  • subnet-id: The subnet in which you want to create the NAT gateway.

  • allocation-id: The allocation ID of the EIP you want to associate with the NAT gateway.

  • endpoint: The endpoint corresponding to the Region you want to send the request to. For more information, see Installing and Configuring AWS CLI.

The create-nat-gateway command returns the following elements:

  • NatGateway: Information about the newly created NAT gateway. This element contains the following information:

    • NatGatewayAddresses: Information about the EIP associated with the NAT gateway. This element contains the following information:

      • AllocationId: The ID of the allocation of the EIP.

      • PublicIp: The EIP associated with the NAT gateway.

  • VpcId: The ID of the VPC in which the NAT gateway is.

  • State: The state of the NAT gateway. For more information, see About NAT Services.

  • NatGatewayId: The ID of the NAT gateway.

  • SubnetId: The ID of the subnet in which the NAT gateway is.

  • CreateTime: The date and time of creation of the NAT gateway.

Result sample
 {
  "NatGateway": {
    "NatGatewayAddresses": [
      {
        "AllocationId": "eipalloc-87654321",
        "PublicIp": IP_ADDRESS
      }
    ],
    "VpcId": "vpc-1234abcd",
    "State": "pending",
    "NatGatewayId": "nat-4321dcba",
    "SubnetId": "subnet-12345678",
    "CreateTime": "2016-10-17T11:18:12.423Z"
  }
}

The NAT gateway is created.

Related Pages

Corresponding API Methods

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.