In the previous post  we created a public and private subnet in our VPC.  In this post we are going to create a NAT gateway so that our private instances can access the internet.  That's useful when there's a need to update the instance.  For example if we ping google.com right now there will be 100% package lost in our private instance because we cannot get to the internet.  After we attach the instance to the NAT gateway we will be able to ping google.

It would go on for a while but eventually it would say the package is lost.

Now let's create our NAT Gateway, it is important that we delete the NAT Gateway if it's not in use because you have to pay for it.

 In most scenarios you don't want to expose all of your servers to be public facing.  You probably want to configure your network so that only the server that is hosting your web application is public facing.  What you want to do is put your web application on the public subnet and your backend servers on the private subnet.  This private subnet can access the internet through a NAT gateway for software updates and other functions that require internet access.  However, the outside world cannot establish a connection to servers in the private subnet.  The NAT gateway resides in the public subnet, acting as a bridge between the public subnet and private subnet.