You can configure SNAT entries on a Virtual Private Cloud (VPC) NAT gateway to allow Elastic Compute Service (ECS) instances in the VPC where the NAT gateway is deployed to access external private networks. This topic describes how to create and manage SNAT entries on a VPC NAT gateway.
Background information
- If the source CIDR blocks of multiple SNAT entries overlap with each other, the CIDR
block with the longest subnet mask is used.
- For example, if you create an SNAT entry for an ECS instance, the subnet mask of the
source CIDR block is
/32
, which is the longest subnet mask. Therefore, the SNAT entry has the highest priority. - For SNAT entries that you create for other resources, such as vSwitches, VPCs, and custom CIDR blocks, the system determines the priorities of the SNAT entries based on the subnet mask length of the source CIDR block. The longer the subnet mask, the higher the priority.
- For example, if you create an SNAT entry for an ECS instance, the subnet mask of the
source CIDR block is
- You can specify an IP address in both a DNAT entry and an SNAT entry configured on a VPC NAT gateway.
Prerequisites
- A VPC NAT gateway is created. For more information, see Create a VPC NAT gateway.
- To create an SNAT entry for a vSwitch, make sure that a vSwitch is created in the VPC that is associated with the VPC NAT gateway. For more information, see Work with vSwitches.
- To create an SNAT entry for an ECS instance, make sure that an ECS instance is created in the VPC that is associated with the VPC NAT gateway. For more information, see Create an instance by using the wizard.
Create an SNAT entry
Modify an SNAT entry
You can change the name and IP address of an SNAT entry after you create the SNAT entry. However, you cannot change the VPC, vSwitch, or ECS instance specified in the SNAT entry.
- Log on to the NAT Gateway console.
- In the left-side navigation pane, choose .
- In the top navigation bar, select the region where the VPC NAT gateway is created.
- On the VPC NAT Gateway page, find the VPC NAT gateway that you want to manage and click SNAT Management in the Actions column.
- In the Used in SNAT Entry section, find the SNAT entry that you want to manage and click Edit in the Actions column.
- On the Edit SNAT Entry page, replace the IP address or change the name of the SNAT entry and click Confirm.
Delete an SNAT entry
You can delete an SNAT entry that is no longer needed.
- Log on to the NAT Gateway console.
- In the left-side navigation pane, choose .
- In the top navigation bar, select the region where the VPC NAT gateway is created.
- In the Used in SNAT Entry section, find the SNAT entry that you want to delete and click Delete in the Actions column.
- In the Delete SNAT Entry message, click OK.
References
- CreateSnatEntry: creates an SNAT entry.
- ModifySnatEntry: modifies an SNAT entry.
- DeleteSnatEntry: deletes an SNAT entry.