NAT Multiple AZ

Quick Info

Plugin TitleNAT Multiple AZ
DescriptionEnsures managed NAT instances exist in at least 2 AZs for availability purposes
More InfoCreating NAT instances in a single AZ creates a single point of failure for all systems in the VPC. All managed NAT instances should be created in multiple AZs to ensure proper failover.
AWS Link
Recommended ActionLaunch managed NAT instances in multiple AZs.

Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the “Services” option and search for VPC.
  3. Scroll down the left navigation panel and choose “Your VPCs”. Select the VPC that needs to be verified.
  4. Scroll down the left navigation panel and choose “NAT Gateways”. If there are only a single “NAT Gateway” then all the “EC2 Instances” within private subnet will share the same gateway.
  5. On the “Details” tab under the “NAT Gateway” click on the subnet id link next to “Subnet” attribute to verify where the selected NAT gateway was created.
  6. Check the “Availability Zone” to verify where the selected “NAT Gateway” subnets located. <img src="/resources/aws/ec2/nat-multiple-az/step6.png)
  7. Repeat steps number 2 - 6 to verify “Availability Zone” for other “NAT Gateways” in the selected AWS region.
  8. Navigate to “VPC Dashboard” and click on the “NAT Gateways” under the “Virtual Private Cloud” on the left navigation panel.
  9. Click on the “Create NAT Gateway” button at the top panel to create a new “NAT Gateway” in different “Availabilty Zone”.
  10. On the “Create NAT Gateway” page select the “Subnet” from the dropdown menu and click on the “Create New EIP” button to assign a new Elastic IP to the “NAT Gateway”.
  11. Click on the “Create a NAT Gateway” button at the bottom to create a new “NAT Gateway”.
  12. On the successful creation of “NAT Gateway” following message will show: “Your NAT gateway has been created”.
  13. Repeat steps number 8 - 12 to create a “NAT Gateway” in a different “Availabilty Zone”.