You can use NAT gateways to enable Elastic Compute Service (ECS) instances in virtual private clouds (VPCs) to access the Internet and receive requests from the Internet.

Create a SNAT gateway to enable ECS instances to access the Internet

You can create a NAT gateway for a VPC, associate an elastic IP address (EIP) with the NAT gateway, and then create a Source Network Address Translation (SNAT) entry on the NAT gateway. This way, the ECS instances in the VPC can access the Internet by sharing the EIP. This saves public IP resources. For more information, see Enable ECS instances to access the Internet through SNAT.

You can also associate multiple EIPs with the NAT gateway. When an ECS instance needs to access the Internet, it randomly selects an EIP from the SNAT IP address pool. If one of the EIPs is under attack, ECS instance can randomly select another EIP from the SNAT IP address pool to access the Internet. This ensures high availability of your workloads. We recommend that you associate multiple EIPs with a NAT gateway to avoid service interruption caused by EIP failures.
Note Before you associate multiple EIPs with a NAT gateway, make sure that you have added these EIPs to the same EIP bandwidth plan. For more information, see Associate an EIP with an EIP bandwidth plan.
Create a highly-available SNAT gateway

Create a DNAT gateway to enable ECS instances to receive requests from the Internet

You can create a NAT gateway for a VPC, associate EIPs with the NAT gateway, and then create a Destination Network Address Translation (DNAT) entry on the NAT gateway. This way, ECS instances in the VPC can receive requests from the Internet through port mapping or IP mapping. For more information, see Enable ECS instances to receive requests from the Internet through DNAT.
Note Port mapping and IP mapping are used for the following purposes:
  • Port mapping: A NAT gateway forwards requests destined for an EIP to the specified ECS instance. Requests are forwarded based on the specified source and destination ports and the specified protocols used by both ports.
  • IP mapping: A NAT gateway forwards all requests destined for an EIP to the specified ECS instance.
Create a DNAT gateway that enables ECS instances to receive requests from the Internet

EIP bandwidth plan

To allow an application that is deployed on an ECS instance to provide services over the Internet, you must purchase Internet bandwidth for the application. Make sure that you have sufficient bandwidth resources to handle traffic fluctuations. When more than one application need to provide services over the Internet, you may need to purchase Internet bandwidth for each application. However, this increases the cost and causes resource wastes.

To reduce bandwidth cost and optimize bandwidth usage, you can associate EIPs with your NAT gateway and then add the EIPs to an EIP bandwidth plan. This way, you can centrally manage and monitor Internet traffic.EIP bandwidth plan