Not able to create NAT gateways in AWS playground under vpc

salonichauhan1101 · January 1, 2023, 5:12am

Not able to create NAT gateways in AWS playground under vpc section.
Error unauthorized

Alistair_KodeKloud · January 2, 2023, 7:45pm

Please see AWS section on Cloud Playground Support

Note that while it does say VPC, this does not imply everything under the VPC section of the AWS UI. For instance, we will likely never support Transit Gateway, since that is a very expensive resource.

There is an email address on the support page to which you can direct specific queries.

Thanks.

Alistair_KodeKloud · January 2, 2023, 7:46pm

If you need NAT functionality, you could always deploy a NAT instance on a t2.micro

Chetan-Singh-Bisht · February 27, 2023, 8:45pm

Hello @Alistair_KodeKloud , I tried creating a NAT Instance from one of the supported AMI → ami-0c1708a7af207e000 . However I get the following error : "Instance launch failed
You are not authorized to perform this operation. Encoded authorization failure message " . Can you please let me know which AMI is supported by policy for deploying a NAT instance.

Alistair_KodeKloud · February 28, 2023, 5:04am

Hi @Chetan-Singh-Bisht

What region are you trying to deploy this in?

Chetan-Singh-Bisht · February 28, 2023, 10:11am

Trying this in us-east-1 Region

Chetan-Singh-Bisht · March 1, 2023, 7:57pm

@Alistair_KodeKloud
Were you able to check

Alistair_KodeKloud · March 1, 2023, 8:12pm

Where did you get that AMI ID? I do not see it in us-east-1

Alistair_KodeKloud · March 1, 2023, 8:16pm

You should be able to configure one easily enough by launching an amazon linux 2 instance and following the configuration guide

J-Kode · March 8, 2023, 7:57pm

Creating NAT Instance is not a feasible option because

in real world scenarios NAT Gateway is used
setting up NAT instance would need few parameter tweaks like Source/Destination Flag and route entry pointing to Instance, managing security group

Also not able to launch instance with nat ami.

Most of the time would be wasted on things which aren’t used in real scenarios, so requesting you guys provide us permissions to create ONE NAT-GW atleast, using event driven approach delete off NAT-GW’s if more than one are attempted to provision.

Thanks!

Chetan-Singh-Bisht · March 14, 2023, 5:06pm

@J-Kode Agreed . The surprising thing is such functionalities were enabled before . I remember we could provision stuff like NAT gateways , EKS managed node groups etc via KodeKloud playgrounds . But now they have restricted many such features . The reason for renewing my subscription was to replicate the real world scenarios ( using Terraform to automate the Infra) . But with such restrictions in place , it really frustrates you . As @J-Kode mentioned we could have better restriction in place like one NAT gateway in certain region or only one EKS managed node group with max 2 free tier instances type . Disappointed with current restrictions in place .

J-Kode · March 31, 2023, 1:28pm

@Alistair_KodeKloud Can you please address this issue.

vinodkumar.5b9 · June 13, 2023, 9:18am

@Alistair_KodeKloud, I’m also having trouble with this while building NAT gateways. When I establish the VPCs for testing things in a three-tier architecture, this is a very fundamental necessity. Furthermore, this problem is preventing future development. Could you solve this problem?

Alistair_KodeKloud · June 13, 2023, 5:42pm

As far as I’m aware, NAT gateways are a resource that’s forbidden by SCP.
Perhaps @Tej-Singh-Rana can confirm that.

If you want unlimited access to all resources you should consider creating your own AWS account. It can be almost free if you are careful with what you create and remember to destroy expensive infrastructure promptly.