The SNAT feature of VPC NAT gateways allows Elastic Compute Service (ECS) instances in a VPC to access external networks by using NAT IP addresses.

Prerequisites

Before you create an SNAT entry, make sure that the following requirements are met:
  • A VPC NAT gateway is created. For more information, see Create a VPC NAT gateway.
  • To create an SNAT entry for a vSwitch, make sure that a vSwitch is created in the VPC that is associated with the VPC NAT gateway. For more information, see Create a vSwitch.
  • To create an SNAT entry for an ECS instance, make sure that an ECS instance is created in the VPC that is associated with the VPC NAT gateway. For more information, see Create an instance by using the wizard.

Create an SNAT entry

  1. Log on to the NAT Gateway console.
  2. In the left-side navigation pane, choose NAT Gateway > VPC NAT Gateway.
  3. In the top navigation bar, select the region where the VPC NAT gateway is deployed.
  4. On the VPC NAT Gateway page, find the VPC NAT gateway that you want to manage and click SNAT Management in the Actions column.
  5. On the SNAT Management tab, click Create SNAT Entry.
  6. On the Create SNAT Entry page, set the following parameters and click OK.
    Parameter Description
    SNAT Entry Specify whether you want to create an SNAT entry for a VPC, a vSwitch, an ECS instance, or a custom CIDR block.
    • Specify VPC: All ECS instances in the VPC to which the VPC NAT gateway belongs use the SNAT entry to access external networks.
    • Specify vSwitch: The ECS instances that belong to the specified vSwitch use the SNAT entry to access external networks.
      • Select vSwitch: Select a vSwitch from the drop-down list.
        Note
        • If no vSwitch is available in the drop-down list, click Create vSwitch from the drop-down list. Then, you can log on to the VPC console to create a vSwitch.
        • If you select multiple vSwitches, the system creates multiple SNAT entries that use the same NAT IP address.
      • vSwitch CIDR Block: displays the CIDR block of the vSwitch.
    • Specify ECS Instance: The specified ECS instance uses the SNAT entry to access external networks.
      • Select ECS Instance: Select an ECS instance from the drop-down list. The ECS instance uses the SNAT entry to access external networks. Make sure that the ECS instance is running as expected.
        Note
        • If no ECS instance is available in the drop-down list, click Create ECS Instance to create one in the ECS console.
        • If you select multiple ECS instances, the system creates multiple SNAT entries that use the same NAT IP address.
      • ECS CIDR Block: displays the CIDR block of the ECS instance.
    • Specify Custom CIDR Block: Specify a custom CIDR block. The ECS instances in the custom CIDR block use the SNAT entry to access external networks.
    Select NAT IP Address Select the NAT IP address that is used to access external networks.
    Note You can also click Create NAT IP Address in the drop-down list and create a NAT IP address in the Add NAT IP Address dialog box.
    NAT IP Address If you set SNAT Entry to Specify Custom CIDR Block, you must specify a custom NAT IP address.
    Entry Name Enter a name for the SNAT entry.

    The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter.

Modify an SNAT entry

You can change the name and NAT IP address of an SNAT entry after you create the SNAT entry. However, you cannot change the VPC, vSwitch, or ECS instance specified in the SNAT entry.

  1. Log on to the NAT Gateway console.
  2. In the left-side navigation pane, choose NAT Gateway > VPC NAT Gateway.
  3. In the top navigation bar, select the region where the VPC NAT gateway is deployed.
  4. On the VPC NAT Gateway page, find the VPC NAT gateway that you want to manage and click SNAT Management in the Actions column.
  5. In the Used in SNAT Entry section, find the SNAT entry that you want to manage and click Edit in the Actions column.
  6. On the Edit SNAT Entry page, change the NAT IP address or name of the SNAT entry and click Confirm.

Delete an SNAT entry

You can delete an SNAT entry that is no longer needed.

  1. Log on to the NAT Gateway console.
  2. In the left-side navigation pane, choose NAT Gateway > VPC NAT Gateway.
  3. In the top navigation bar, select the region where the VPC NAT gateway is deployed.
  4. In the Used in SNAT Entry section, find the SNAT entry that you want to delete and click Delete in the Actions column.
  5. In the Delete SNAT Entry message, click OK.