EC2 / Client / create_nat_gateway
create_nat_gateway#
- EC2.Client.create_nat_gateway(**kwargs)#
Creates a NAT gateway in the specified subnet. This action creates a network interface in the specified subnet with a private IP address from the IP address range of the subnet. You can create either a public NAT gateway or a private NAT gateway.
With a public NAT gateway, internet-bound traffic from a private subnet can be routed to the NAT gateway, so that instances in a private subnet can connect to the internet.
With a private NAT gateway, private communication is routed across VPCs and on-premises networks through a transit gateway or virtual private gateway. Common use cases include running large workloads behind a small pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and communicating between overlapping networks.
For more information, see NAT gateways in the Amazon Virtual Private Cloud User Guide .
See also: AWS API Documentation
Request Syntax
response = client.create_nat_gateway( AllocationId='string', ClientToken='string', DryRun=True|False, SubnetId='string', TagSpecifications=[ { 'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'ipam-resource-discovery'|'ipam-resource-discovery-association', 'Tags': [ { 'Key': 'string', 'Value': 'string' }, ] }, ], ConnectivityType='private'|'public', PrivateIpAddress='string', SecondaryAllocationIds=[ 'string', ], SecondaryPrivateIpAddresses=[ 'string', ], SecondaryPrivateIpAddressCount=123 )
- Parameters:
AllocationId (string) – [Public NAT gateways only] The allocation ID of an Elastic IP address to associate with the NAT gateway. You cannot specify an Elastic IP address with a private NAT gateway. If the Elastic IP address is associated with another resource, you must first disassociate it.
ClientToken (string) –
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.
Constraint: Maximum 64 ASCII characters.
This field is autopopulated if not provided.
DryRun (boolean) – Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is
DryRunOperation. Otherwise, it isUnauthorizedOperation.SubnetId (string) –
[REQUIRED]
The ID of the subnet in which to create the NAT gateway.
TagSpecifications (list) –
The tags to assign to the NAT gateway.
(dict) –
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
Note
The
Valid Valueslists all the resource types that can be tagged. However, the action you’re using might not support tagging all of these resource types. If you try to tag a resource type that is unsupported for the action you’re using, you’ll get an error.ResourceType (string) –
The type of resource to tag on creation.
Tags (list) –
The tags to apply to the resource.
(dict) –
Describes a tag.
Key (string) –
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with
aws:.Value (string) –
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
ConnectivityType (string) – Indicates whether the NAT gateway supports public or private connectivity. The default is public connectivity.
PrivateIpAddress (string) – The private IPv4 address to assign to the NAT gateway. If you don’t provide an address, a private IPv4 address will be automatically assigned.
SecondaryAllocationIds (list) –
Secondary EIP allocation IDs. For more information about secondary addresses, see Create a NAT gateway in the Amazon Virtual Private Cloud User Guide .
(string) –
SecondaryPrivateIpAddresses (list) –
Secondary private IPv4 addresses. For more information about secondary addresses, see Create a NAT gateway in the Amazon Virtual Private Cloud User Guide .
(string) –
SecondaryPrivateIpAddressCount (integer) – [Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see Create a NAT gateway in the Amazon Virtual Private Cloud User Guide .
- Return type:
dict
- Returns:
Response Syntax
{ 'ClientToken': 'string', 'NatGateway': { 'CreateTime': datetime(2015, 1, 1), 'DeleteTime': datetime(2015, 1, 1), 'FailureCode': 'string', 'FailureMessage': 'string', 'NatGatewayAddresses': [ { 'AllocationId': 'string', 'NetworkInterfaceId': 'string', 'PrivateIp': 'string', 'PublicIp': 'string', 'AssociationId': 'string', 'IsPrimary': True|False, 'FailureMessage': 'string', 'Status': 'assigning'|'unassigning'|'associating'|'disassociating'|'succeeded'|'failed' }, ], 'NatGatewayId': 'string', 'ProvisionedBandwidth': { 'ProvisionTime': datetime(2015, 1, 1), 'Provisioned': 'string', 'RequestTime': datetime(2015, 1, 1), 'Requested': 'string', 'Status': 'string' }, 'State': 'pending'|'failed'|'available'|'deleting'|'deleted', 'SubnetId': 'string', 'VpcId': 'string', 'Tags': [ { 'Key': 'string', 'Value': 'string' }, ], 'ConnectivityType': 'private'|'public' } }
Response Structure
(dict) –
ClientToken (string) –
Unique, case-sensitive identifier to ensure the idempotency of the request. Only returned if a client token was provided in the request.
NatGateway (dict) –
Information about the NAT gateway.
CreateTime (datetime) –
The date and time the NAT gateway was created.
DeleteTime (datetime) –
The date and time the NAT gateway was deleted, if applicable.
FailureCode (string) –
If the NAT gateway could not be created, specifies the error code for the failure. (
InsufficientFreeAddressesInSubnet|Gateway.NotAttached|InvalidAllocationID.NotFound|Resource.AlreadyAssociated|InternalError|InvalidSubnetID.NotFound)FailureMessage (string) –
If the NAT gateway could not be created, specifies the error message for the failure, that corresponds to the error code.
For InsufficientFreeAddressesInSubnet: “Subnet has insufficient free addresses to create this NAT gateway”
For Gateway.NotAttached: “Network vpc-xxxxxxxx has no Internet gateway attached”
For InvalidAllocationID.NotFound: “Elastic IP address eipalloc-xxxxxxxx could not be associated with this NAT gateway”
For Resource.AlreadyAssociated: “Elastic IP address eipalloc-xxxxxxxx is already associated”
For InternalError: “Network interface eni-xxxxxxxx, created and used internally by this NAT gateway is in an invalid state. Please try again.”
For InvalidSubnetID.NotFound: “The specified subnet subnet-xxxxxxxx does not exist or could not be found.”
NatGatewayAddresses (list) –
Information about the IP addresses and network interface associated with the NAT gateway.
(dict) –
Describes the IP addresses and network interface associated with a NAT gateway.
AllocationId (string) –
[Public NAT gateway only] The allocation ID of the Elastic IP address that’s associated with the NAT gateway.
NetworkInterfaceId (string) –
The ID of the network interface associated with the NAT gateway.
PrivateIp (string) –
The private IP address associated with the NAT gateway.
PublicIp (string) –
[Public NAT gateway only] The Elastic IP address associated with the NAT gateway.
AssociationId (string) –
[Public NAT gateway only] The association ID of the Elastic IP address that’s associated with the NAT gateway.
IsPrimary (boolean) –
Defines if the IP address is the primary address.
FailureMessage (string) –
The address failure message.
Status (string) –
The address status.
NatGatewayId (string) –
The ID of the NAT gateway.
ProvisionedBandwidth (dict) –
Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.
ProvisionTime (datetime) –
Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.
Provisioned (string) –
Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.
RequestTime (datetime) –
Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.
Requested (string) –
Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.
Status (string) –
Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.
State (string) –
The state of the NAT gateway.
pending: The NAT gateway is being created and is not ready to process traffic.failed: The NAT gateway could not be created. Check thefailureCodeandfailureMessagefields for the reason.available: The NAT gateway is able to process traffic. This status remains until you delete the NAT gateway, and does not indicate the health of the NAT gateway.deleting: The NAT gateway is in the process of being terminated and may still be processing traffic.deleted: The NAT gateway has been terminated and is no longer processing traffic.
SubnetId (string) –
The ID of the subnet in which the NAT gateway is located.
VpcId (string) –
The ID of the VPC in which the NAT gateway is located.
Tags (list) –
The tags for the NAT gateway.
(dict) –
Describes a tag.
Key (string) –
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with
aws:.Value (string) –
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
ConnectivityType (string) –
Indicates whether the NAT gateway supports public or private connectivity.
Examples
This example creates a NAT gateway in subnet subnet-1a2b3c4d and associates an Elastic IP address with the allocation ID eipalloc-37fc1a52 with the NAT gateway.
response = client.create_nat_gateway( AllocationId='eipalloc-37fc1a52', SubnetId='subnet-1a2b3c4d', ) print(response)
Expected Output:
{ 'NatGateway': { 'CreateTime': datetime(2015, 12, 17, 12, 45, 26, 3, 351, 0), 'NatGatewayAddresses': [ { 'AllocationId': 'eipalloc-37fc1a52', }, ], 'NatGatewayId': 'nat-08d48af2a8e83edfd', 'State': 'pending', 'SubnetId': 'subnet-1a2b3c4d', 'VpcId': 'vpc-1122aabb', }, 'ResponseMetadata': { '...': '...', }, }