You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Cloud NAT (Network Address Translation) enables instances without external IP addresses to access the internet for outbound connections — for example, to download software updates, call external APIs, or push data to third-party services. It provides outbound connectivity while keeping your instances hidden from direct inbound access, improving security.
In a secure GCP environment, best practice is to not assign external IP addresses to instances. This prevents direct inbound access from the internet. However, instances often need outbound internet access for legitimate reasons:
Cloud NAT solves this problem by providing outbound NAT without requiring external IPs on instances.
Cloud NAT is a regional, managed, software-defined NAT service. It is not a physical device or a VM — it is implemented in Google's Andromeda software-defined networking stack. Traffic from instances is translated to use NAT IP addresses before leaving the VPC.
| Property | Detail |
|---|---|
| Scope | Regional — one gateway per region per VPC |
| Managed | Fully managed by Google; no instances to maintain |
| Protocol support | TCP, UDP, and ICMP |
| High availability | Automatically distributed across zones; no single point of failure |
| No inbound | Cloud NAT does not enable inbound connections from the internet |
Cloud NAT can use:
# Reserve a static IP for NAT
gcloud compute addresses create nat-ip-1 --region=europe-west2
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.