Why do we disable source/destination checks on the NAT instance?

Usman Ahmad

Published Apr 8, 2020

The AWS documentation says “Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives.”

In simple words, each EC2 instance either sends or receives internet traffic. That is, it itself is the source and/or destination of the traffic. But, the NAT instance is neither the source nor the destination of the traffic. NAT Instances merely act as a gateway for the traffic. Thus, the Source/Destination checks need to be disabled on NAT instance so that the NAT instance can serve as a gateway and allow instances in a private subnet to securely connect to the internet.

Watch Video of above query: https://drive.google.com/file/d/1i0YFoUvWesV99e9ksRtdJWlySLBnVery/view?usp=sharing

To view or add a comment, sign in

Why do we disable source/destination checks on the NAT instance?

Usman Ahmad

More articles by Usman Ahmad

Explore content categories

More articles by Usman Ahmad

AWS IAM Access keys rotation using Lambda function

Explore content categories