Plugin Title | NAT Multiple AZ |
Cloud | AWS |
Category | EC2 |
Description | Ensures managed NAT instances exist in at least 2 AZs for availability purposes |
More Info | Creating NAT instances in a single AZ creates a single point of failure for all systems in the VPC. All managed NAT instances should be created in multiple AZs to ensure proper failover. |
AWS Link | http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html |
Recommended Action | Launch managed NAT instances in multiple AZs. |
- Log in to the AWS Management Console.
- Select the "Services" option and search for VPC.
- Scroll down the left navigation panel and choose "Your VPCs". Select the VPC that needs to be verified.
- Scroll down the left navigation panel and choose "NAT Gateways". If there is only a single "NAT Gateway" then all the "EC2 Instances" within private subnet will share the same gateway.
- On the "Details" tab under the "NAT Gateway" click on the subnet id link next to "Subnet" attribute to verify where the selected NAT gateway was created.
- Check the "Availability Zone" to verify where the selected "NAT Gateway" subnets are located.
- Repeat steps number 2 - 6 to verify "Availability Zone" for other "NAT Gateways" in the selected AWS region.
- Navigate to "VPC Dashboard" and click on the "NAT Gateways" under the "Virtual Private Cloud" on the left navigation panel.
- Click on the "Create NAT Gateway" button at the top panel to create a new "NAT Gateway" in different "Availabilty Zone".
- On the "Create NAT Gateway" page select the "Subnet" from the dropdown menu, select the connection type and click on the "Allocate Elastic IP" button to assign a new Elastic IP to the "NAT Gateway".
- Click on the "Create a NAT Gateway" button at the bottom to create a new "NAT Gateway".
- On the successful creation of "NAT Gateway" following message will show: "Your NAT gateway has been created".
- Repeat steps number 8 - 12 to create a "NAT Gateway" in a different "Availabilty Zone".