AWS CloudFormation
User Guide (API Version 2010-05-15)


The AWS::EC2::NatGateway resource creates a network address translation (NAT) gateway in the specified public subnet. Use a NAT gateway to allow instances in a private subnet to connect to the Internet or to other AWS services, but prevent the Internet from initiating a connection with those instances. For more information and a sample architectural diagram, see NAT Gateways in the Amazon VPC User Guide.


If you add a default route (AWS::EC2::Route resource) that points to a NAT gateway, specify NAT gateway's ID for the route's NatGatewayId property.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::EC2::NatGateway", "Properties" : { "AllocationId" : String, "SubnetId" : String, "Tags" : [ Resource Tag, ... ] } }


Type: AWS::EC2::NatGateway Properties: AllocationId: String SubnetId: String Tags: - Resource Tag



The allocation ID of an Elastic IP address to associate with the NAT gateway. If the Elastic IP address is associated with another resource, you must first disassociate it.

Required: Yes

Type: String

Update requires: Replacement


The public subnet in which to create the NAT gateway.

Required: Yes

Type: String

Update requires: Replacement


Specifies an arbitrary set of tags (key–value pairs) to associate with this resource. Use tags to manage your resources.

Required: No

Type: Resource Tag

Update requires: No interruption

Return Value


When you pass the logical ID of an AWS::EC2::NatGateway resource to the intrinsic Ref function, the function returns the ID of the NAT gateway, such as nat-0a12bc456789de0fg.

For more information about using the Ref function, see Ref.


The following example creates a NAT gateway and a route that associates the NAT gateway with a route table. The route table must be associated with an Internet gateway so that the NAT gateway can connect to the Internet.


"NAT" : { "DependsOn" : "VPCGatewayAttach", "Type" : "AWS::EC2::NatGateway", "Properties" : { "AllocationId" : { "Fn::GetAtt" : ["EIP", "AllocationId"]}, "SubnetId" : { "Ref" : "Subnet"}, "Tags" : [ {"Key" : "foo", "Value" : "bar" } ] } }, "EIP" : { "Type" : "AWS::EC2::EIP", "Properties" : { "Domain" : "vpc" } }, "Route" : { "Type" : "AWS::EC2::Route", "Properties" : { "RouteTableId" : { "Ref" : "RouteTable" }, "DestinationCidrBlock" : "", "NatGatewayId" : { "Ref" : "NAT" } } }


NAT: DependsOn: VPCGatewayAttach Type: AWS::EC2::NatGateway Properties: AllocationId: Fn::GetAtt: - EIP - AllocationId SubnetId: Ref: Subnet Tags: - Key: foo Value: bar EIP: Type: AWS::EC2::EIP Properties: Domain: vpc Route: Type: AWS::EC2::Route Properties: RouteTableId: Ref: RouteTable DestinationCidrBlock: NatGatewayId: Ref: NAT