Cloud NAT
Definition
Cloud NAT (Network Address Translation) is a managed service provided by cloud platforms that allows virtual machines (VMs) in private networks to access the internet without exposing their private IP addresses. It provides outbound connectivity for VMs without requiring them to have external IP addresses, enhancing security by keeping the VMs isolated from inbound internet traffic.
Secure Settings Example
# Example configuration for Google Cloud NAT using Terraform
resource "google_compute_router" "router" {
name = "example-router"
network = "example-vpc"
}
resource "google_compute_router_nat" "nat" {
name = "example-nat"
router = google_compute_router.router.name
nat_ip_allocate_option = "AUTO_ONLY"
source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
log_config {
enable = true
filter = "ERRORS_ONLY"
}
}
Insecure Settings Example
# Example of insecure Cloud NAT configuration
resource "google_compute_router_nat" "nat" {
name = "insecure-nat"
router = google_compute_router.router.name
nat_ip_allocate_option = "MANUAL_ONLY"
source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
# Logging is disabled, which is not recommended
log_config {
enable = false
}
}