NAT allows instances in private subnets to talk to the internet and perform activities such as patching, downloading software, and more. NAT is the process of remapping the IP address of a packet by modifying its IP header while it's in transit. AWS provides two ways to achieve NAT with VPCs: NAT gateways and NAT instances. In this recipe, we learned how to create and configure NAT instances. We launched our NAT instance from a community AMI. Then, we searched for NAT in the Community AMIs tab to list all the NAT instance AMIs. AWS recommends using the latest one that's available. 

After creating the NAT instance, we disabled the source/destination check for our NAT instance. By default, AWS expects an EC2 instance to be either the source or the destination of IP traffic. However, a NAT instance forwards requests between our private subnet and the internet, so it acts as both the source and destination. We also created a route to our NAT instance in our main route table. We added the route to our main route table since our private subnets are associated with the main route table. If our architecture has a different route table for private subnets, we need to add our route there.

NAT gateways are not associated with any security groups, while NAT instances are. For our NAT instance, we created a security group with inbound rules that allow HTTP, HTTPS, and All ICMP - IPv4 from our private subnet. An ICMP protocol was added to help in debugging. The ICMP protocol is used for pings. For outbound rules, we enabled HTTP, HTTPS, and ICMP for the internet by specifying the CIDR range as 0.0.0.0/0.