NAT Gateway VPC Routing
NAT Gateway integrates with the VPC route table automatically. When you create or update a gateway's subnet association, the platform installs the routes needed for those sources to reach the gateway. You don't create these routes manually.
What Gets Installed
For each covered subnet, the platform adds a default route (0.0.0.0/0) that points to the NAT Gateway. If the gateway is attached to a Border Gateway, the platform also creates the route needed for traffic sourced from that Border Gateway.
SNAT entries do not create VPC routes by themselves. They control translation after traffic reaches the gateway.
Route Conflicts
Before gateway routing can be activated, the platform checks whether another NAT Gateway already covers the same source scope. Common causes of conflicts include:
Another NAT Gateway already covers one or more of the same subnets.
Another NAT Gateway is already attached to the same Border Gateway.
If a conflict is found, the operation is rejected. Remove or reassign the existing gateway association before retrying.
To avoid conflicts, check the VPC route table and existing NAT Gateway associations before creating a new gateway or changing subnet coverage.
What Happens When You Delete an Entry or Gateway
When a SNAT entry is deleted, translation for that entry stops. The gateway route remains as long as the subnet is still associated with the gateway.
When a NAT Gateway is deleted, bound EIPs are unbound and the gateway is removed. Its VPC routes are withdrawn as part of gateway deletion.
DNAT and Routing
DNAT entries do not modify the VPC route table. Inbound forwarding is handled entirely within the gateway based on the EIP, port, and protocol of the arriving packet. No additional routing changes are needed on the VPC side to support DNAT.
Viewing Routes in the Console
To see which routes have been installed by a NAT Gateway, navigate to VPC → Route Tables in the management console, select the relevant route table, and filter by type NAT Gateway. Each entry shows the destination prefix, the gateway it points to, and the subnets it applies to.
Last updated