This topic describes how to purchase a NAT gateway. An enhanced NAT gateway is used as an example.
A virtual private cloud (VPC) and a vSwitch are created. For more information, see Create a VPC.
Create a NAT gateway
After you create a NAT gateway in a VPC for the first time, a route entry is automatically added to the route table of the VPC. The destination CIDR block of the route entry is 0.0.0.0/0 and the next hop is the NAT gateway. This ensures that traffic is routed to the NAT gateway. After the route entry is added to the route table, Internet traffic can reach the NAT gateway. Therefore, after you create a NAT gateway, make sure that the VPC route table contains a route entry whose destination CIDR block is 0.0.0.0/0 and whose next hop is the NAT gateway. If no such route entry exists, add one. For more information, see Create and delete route entries.
If a route entry whose destination CIDR block is 0.0.0.0/0 already exists in the route table of the VPC before you create a NAT gateway, the system does not automatically add a route entry with the destination CIDR block 0.0.0.0/0 that points to the NAT gateway. After you create the NAT gateway, change the next hop of the existing route entry to the NAT gateway.
- Log on to the NAT Gateway console.
- On the NAT Gateway page, click Create NAT Gateway.
- If this is the first time you purchase a NAT gateway, you must create a service-linked role for NAT Gateway. In the lower part of the Create NAT Gateway panel, click Create in the Notes on Creating Service-linked Roles section. After a service-linked role is created, you can purchase a NAT gateway.
- In the Create NAT Gateway panel, set the following parameters and click Buy Now:
- Region and Zone: Select the region where you want to deploy the NAT gateway.
- Zone: Select the zone where you want to deploy the NAT gateway.
- VPC ID: Select the VPC where you want to deploy the NAT gateway. After the NAT gateway is created, you cannot change the VPC where the NAT gateway is deployed.
Note If you cannot find the VPC that you want to manage in the list, troubleshoot the issue by using the following methods:
- Check whether a VPC is created in the region and zone that you selected.
- If you create the NAT gateway as a Resource Access Management (RAM) user, check whether the RAM user has read permissions on the VPC. If not, contact the Alibaba Cloud account owner to acquire the permissions.
- VSwitch ID: Select the vSwitch to which the NAT gateway is attached.
- Gateway Type: By default, Enhanced is selected.
Enhanced NAT gateways are an upgrade from standard NAT gateways and use a more advanced architecture. Compared with standard NAT gateways, enhanced NAT gateways provide higher elasticity and stability. This helps you manage data transfer in a more efficient manner.
- Billing Method: Select a billing method for the NAT gateway.
Only Pay by Actual Usage is supported.
- Billing Cycle:displays the billing cycle of the NAT gateway.
- On the buy page, check the payment amount and click Activate Now to complete the payment.
When Order complete. appears, the purchase is completed.