Let's quickly go through some more important concepts related to NAT gateways:

• NAT gateways are maintained by AWS and AWS takes care of patching, availability, and scaling. 
• NAT gateways are not associated with any security groups.
• NAT gateways are redundant within an AZ, but cannot span an AZ. Therefore, for better availability, we may need to create a NAT gateway per region.
• NAT is currently not supported for IPv6 traffic. We need to use an egress-only internet gateway instead of NAT for IPv6 traffic. We can create an egress-only internet gateway from the VPC dashboard.

NAT gateways are always preferred to NAT instances and we should be using NAT gateways. Still, if you want to learn or experiment with NAT instances, you can follow the Setting up and configuring NAT instances recipe in Chapter 6, Working with EC2 Instances.