TechOps Examples
Hey — It's Govardhana MK 👋
Welcome to another technical edition.
Every Tuesday – You’ll receive a free edition with a byte-size use case, remote job opportunities, top news, tools, and articles.
Every Thursday and Saturday – You’ll receive a special edition with a deep dive use case, remote job opportunities and articles.
Top engineers at Anthropic and OpenAI say AI now writes 100% of their code.
If you're not using AI, you're spending 40 hours doing what they do in 4.
These 100+ Claude Code hacks fix that and help you ship 10x faster.
Sign up for The Code and get:
100+ Claude Code hacks used by top engineers — free
The Code newsletter — learn the latest AI tools, tips, and skills to code faster with AI in 5 minutes a day
🧠 USE CASE
AWS Internet Gateway vs NAT Gateway – Which One to Choose?
We all know AWS Internet Gateway and NAT Gateway serve distinct purposes.
If I have to simplfy,
Internet Gateway:
Allows instances in public subnets to access the internet.
Free to use, but EC2 data transfers incur charges.
One IGW per VPC and vice versa (one-to-one attachment).
Does not enable internet access by itself; route tables must be updated.
NAT Gateway:
Allows instances in private subnets to initiate outbound internet traffic. (Private Subnet → NATGW → IGW)
Created in a specific Availability Zone and uses an Elastic IP.
But there are overlaps and potential for confusion due to their similar roles in routing traffic.
1. Exposing Private Subnets by Using an Internet Gateway (IGW)
A common mistake occurs when a private subnet is configured with a route table pointing to an IGW instead of a NAT Gateway
Impact:
Instances in Private subnet are directly accessible from the internet (if security groups or ACLs permit).
Sensitive services, such as databases, are vulnerable to attack.
2. Redundant Use of NAT Gateway in Public Subnets
Deploying a NAT Gateway for web layer in public subnets adds unnecessary complexity and costs. Public subnets already have direct outbound internet access via the IGW.
Impact:
Traffic from the web server to the internet is routed unnecessarily through the NAT Gateway, incurring:
Per-hour charges for the NAT Gateway.
Per-GB charges for data transfer through the NAT Gateway.
3. Incorrect Elastic IP Configuration for NAT Gateway
Users mistakenly assume that Elastic IPs attached to a NAT Gateway can be used for inbound internet traffic.
NAT Gateways are designed only for outbound traffic initiated by private instances.
Impact:
Inbound traffic to the NAT Gateway's Elastic IP is dropped because NAT Gateways do not support unsolicited inbound requests.
Leads to confusion, debugging effort, and delayed project timelines.
Use tools like curl or nc to verify connectivity from a private subnet instance through the NAT Gateway
These Actionable Insights May Help:
1. Subnet Categorization:
Public subnets: Use IGW with route table entries pointing to IGW.
Private subnets: Use NGW with route table entries pointing to NGW.
2. Monitor Costs:
Use AWS Cost Explorer to identify high NAT Gateway usage.
Review whether data transfer through NAT Gateway is necessary or redundant.
3. Validate Security Groups and ACLs:
Avoid assigning overly permissive rules in private subnets, even if they use NAT Gateway.
Use
aws ec2 describe-security-groupsto audit rules.
You may even like:
Looking to promote your company, product, service, or event to 49,000+ TechOps Professionals? Let's work together.
