The AWS Managed NAT Gateway is Unpleasant and Not Recommended
The AWS Managed NAT Gateway is Unpleasant and Not Recommended
Corey has given plenty of grief to AWS’s Managed NAT Gateway service, but hasn’t laid out his problems with it in one place… until now. Corey not only explains the problems with NAT Gateway’s pricing, but also does the math on how it shakes out for clients whose AWS bills are through the roof. Watch this video to find out what Corey thinks should happen at AWS to improve the NAT Gateway experience.
DESCRIPTION
00:00 Intro
00:46 Corey dives into his problems with NAT Gateway
02:13 Ad - FusionAuth
https://snark.cloud/fusionauth
03:29 Despite its advantages as a service, NAT Gateway’s pricing has some serious flaws
04:58 Corey starts doing the egregious AWS math
05:57 The impact NAT Gateway pricing plays on Corey’s interactions with clients
08:19 Corey sums up his mixed feelings on AWS Managed NAT Gateways
09:24 re:Quinnvent 2022 promo video
Want to give your eyes and ears a break and read this as an article? You’re looking for this link:
https://www.lastweekinaws.com/blog/th…
- Never miss an episode -
► Join the Last Week in AWS newsletter: https://www.lastweekinaws.com/
► Subscribe wherever you get your podcasts
- Help the show -
► Share your feedback: https://www.lastweekinaws.com/feedback/
► Subscribe wherever you get your podcasts
- What’s Corey up to? -
► Follow Corey on Twitter (@quinnypig): https://twitter.com/quinnypig/
► See our recent work at the Duckbill Group: https://www.duckbillgroup.com/clients/
► Apply to work with Corey and the Duckbill Group to help lower your AWS bill: https://www.duckbillgroup.com/services/
Content
0.659 -> yes
3.39 -> [Music]
5.88 -> this episode is sponsored by fusionoth
9.24 -> I've given so much grief to the AWS
12.96 -> managed Nat Gateway over the last few
15.66 -> years that if I were to pass all of that
18.42 -> grief through one of the gateways
20.58 -> themselves it would bankrupt my company
23.16 -> you guys paid for all this
26.599 -> it occurred to me that while I've talked
29.279 -> about my problems with the service and
31.08 -> bits and pieces all over the place such
33.84 -> as on Twitter and incoherently over
36.719 -> drinks in Seattle I've never sat down
39.6 -> and laid out my problems with it in one
42.239 -> single place so it's definitely time to
44.76 -> fix that
45.719 -> let's start at the beginning
47.64 -> when you set up a subnet inside of an
50.52 -> AWS virtual private cloud or VPC you
54.719 -> have the option to Route its traffic to
57.059 -> an internet gateway if you do that it's
60.3 -> what's known as a public subnet if you
62.879 -> don't it's known as a private subnet
65 -> nodes in a private subnet might still
67.74 -> need to talk to things outside of that
69.78 -> specific Network to allow this you used
72.9 -> to have to build and run your own
74.939 -> network address translation or Nat
77.82 -> instances
79.14 -> this was a colossal pain in the butt it
82.439 -> required a lot of nuanced configuration
84.6 -> to an ec2 instance that you had to run
86.939 -> and those instances were effectively
89.1 -> single points of failure for an entire
91.619 -> subnet using Auto scaling groups or load
94.799 -> balancers to make them more available
96.24 -> was obnoxious and finicky
98.939 -> then in 2015 AWS launched a managed Nat
104.159 -> Gateway service and it was awesome
108.36 -> suddenly you didn't have to jump through
110.46 -> all of these hoops to run something
112.14 -> delicate and complicated yourself you
114.84 -> clicked a button in the console with
116.7 -> click Ops or you added a line of cloud
118.979 -> formation and it just worked so we
121.86 -> quickly entered a place where the only
123.659 -> people who ran their own Nat instances
125.939 -> themselves were either fossils from an
128.58 -> earlier time or folks with very specific
130.979 -> needs
132.18 -> but there was a problem
134.4 -> every application needs authentication
136.819 -> presumably but just like deciding to buy
139.98 -> a car rather than create your own there
142.86 -> are some things where it's safer not to
145.08 -> build it yourself from spare parts auth
148.02 -> is one of them in fact I dare say that
150.66 -> doing that with off would be awful
154.08 -> Fusion off is authentication built for
157.14 -> developers by developers they know how
160.44 -> to put developers in the driver's seat
162.48 -> but also how to keep them out of the
164.879 -> pilot seat because everyone flying their
167.16 -> own helicopter is both insane and
169.26 -> terrifying what's cool about Fusion Hoth
172.26 -> is that you can host it yourself
173.34 -> anywhere you want or if you're not into
176.28 -> that they will host it for you in a
178.739 -> private dedicated instance in the cloud
180.959 -> instead of a shared service
183.239 -> they have a free version that has no
185.04 -> limit on volume and thousands of
187.739 -> applications depend on it today they
190.62 -> know off they're not zeros if you know
193.5 -> what I'm putting down so before you
195.54 -> build it or get stuck with an expensive
198.12 -> alternative check them out at
200.36 -> snark.cloud slash Fusion
203.22 -> check them out at snark.cloud slash
206.22 -> Fusion off they're not awful
209.34 -> the managed Nat Gateway charges a fee
212.459 -> for every hour that it's running that's
215.58 -> four and a half cents per hour in the
217.739 -> tier one rages for larger Enterprise
220.14 -> customers that's very comfortably and
222.659 -> nobody cares territory
225 -> the trouble with this is an awful lot of
227.94 -> tutorials on the internet set up private
230.58 -> subnets as a matter of course and it's
233.099 -> not immediately obvious that a managed
235.56 -> Nat Gateway is included further there is
239.04 -> no free tier for this service so
241.68 -> therefore you have a student learner
243.78 -> firing up an account to play around with
246 -> a free tier and suddenly getting slapped
248.7 -> with a surprise fee when the monthly
251.58 -> bill hits you guys paid for all this
256.04 -> it's bad business and it leaves a very
259.32 -> sour taste of AWS when that's your first
262.8 -> encounter with its Billing System
264.9 -> now if this were its only billing
266.94 -> Dimension I would be annoyed but I would
269.46 -> have gotten over it years ago this is
272.4 -> annoying but it fits into my larger
275.1 -> please fix the AWS free tier campaign
279.54 -> the bigger problem is that AWS also
283.259 -> charges four and a half cents per
285.6 -> gigabyte passed through the Gateway as a
288.96 -> data processing fee that's completely
291.6 -> separate from any data transfer fees
294.54 -> assessed and that's where the whole
296.58 -> thing melts down
298.5 -> recall that in U.S east one or any other
301.56 -> tier one region moving data between
304.38 -> availability zones within a region as
307.08 -> well as between some other regions costs
310.02 -> at minimum 2 cents per gigabyte sending
313.74 -> that data to the internet cost nine
315.96 -> cents per gigabyte storing that data in
318.84 -> S3 for a month cost 2.3 cents per
322.02 -> gigabyte
323.16 -> sending that data to a satellite in
325.38 -> orbit by a ground Station cost I have no
327.84 -> idea how much because AWS ghosted me
329.88 -> when I asked I just think it's
331.32 -> incredibly Nifty that that's a real
332.759 -> thing you can do and not something out
334.8 -> of a Sci-Fi novel but I digress you guys
337.919 -> paid for all this
340.52 -> but the manage Nat Gateway data
343.32 -> processing fee remains fixed at four and
346.199 -> a half cents with no volume based price
348.78 -> breaks and it drives me up a wall just
351.96 -> because it's so egregious once you hit
354.72 -> non-trivial data transfer volumes
357.539 -> when I'm looking at a client's AWS Bill
359.88 -> and see significant managed Nat Gateway
362.639 -> data processing fees I get a sinking
364.979 -> feeling in my gut because I know that
367.56 -> they're not going to be happy with what
369.419 -> I've found there are a few ways that
371.639 -> conversation plays out and none of them
373.8 -> are Pleasant the customer invariably
375.96 -> gets a harsh introduction to The Facts
378.06 -> of Life as they discover just how
379.68 -> thoroughly they're being fleeced
382.56 -> we're putting a petabyte of data through
384.9 -> that thing in a month but you don't
386.34 -> understand we've got to get that data to
388.319 -> and from S3 yeah I get it I'm not
391.5 -> suggesting that you change your data
393.24 -> flow but if you add a completely free S3
396.18 -> Gateway endpoint to your private subnet
398.58 -> suddenly that petabyte of traffic to and
401.16 -> from as3 stops costing you forty five
404.52 -> thousand dollars a month and becomes
406.919 -> absolutely free for some God forsaken
409.86 -> reason this is not enabled by default
412.74 -> but we need to move a petabyte a month
414.9 -> to and from the internet and we can't
416.88 -> move the ec2 instances doing that into a
419.94 -> public subnet because of compliance look
423.18 -> I am not one to argue with compliance
425.16 -> requirements I assure you but in a
427.44 -> scenario like this setting up your own
429.419 -> manage Nat instances and running them is
432.12 -> a clear win yes it's finicky and
434.46 -> annoying yes it increases your team's
436.74 -> operational toil but how much does it
439.02 -> cost you to put that responsibility onto
441.72 -> an existing team or hire a third-party
444.36 -> consulting company that is not us whose
446.94 -> sole job is to run a set of nat
449.34 -> instances for you if the answer is less
452.46 -> than 495
454.8 -> 000 a year and it had done well better
457.08 -> be then you're coming out ahead here
459.599 -> but wait you're telling me that this one
461.52 -> change just paid for our entire
463.38 -> Consulting engagement with you folks yes
465.66 -> many times over and I promise this
468.3 -> brings me no joy whatsoever this is a
471.479 -> great example of why we only ever charge
473.46 -> a fixed fee for our projects can you
476.34 -> imagine how royally pissed off a client
479.099 -> would be at having to pay a percentage
481.74 -> of their manage Nat Gateway charges to
484.56 -> us via some sort of ridiculous we'll
486.599 -> charge you a percentage of the savings
488.52 -> cost model they'd be right to be upset
490.62 -> because this isn't high value on
492.78 -> differentiated work it's pointing out a
495.3 -> stick that AWS uses to smack an awful
498.06 -> lot of customers
499.5 -> my issue is not that the service is bad
501.78 -> far from it this is exactly what I want
504.599 -> AWS to be Building Services that reduce
507.06 -> toil and remove undifferentiated heavy
509.639 -> lifting that every company has to do
511.8 -> themselves running your own Nat
514.2 -> instances is a terrible practice that I
516.659 -> strive to avoid it's solving a global
519.539 -> problem locally and if we've got to do
521.459 -> that why are we even using Cloud
523.26 -> providers in the first place recently
525.54 -> not gateways also became able to
528 -> translate between ipv4 and IPv6 the
531.48 -> service is good
533.459 -> no my issue here is solely around the
536.339 -> pricing of the service at both ends of
538.98 -> the customer Spectrum in isolation a
541.92 -> managed Nat Gateway doesn't do anything
544.56 -> I can't spin up a managed Nat gateway to
547.32 -> serve web traffic or mine Bitcoin or
549.54 -> even misuse it as a database despite my
552.18 -> best attempts if you gave me a magic
554.94 -> wand I would either make the service
557.519 -> entirely free or I would offer a
560.04 -> generous free tier and wipe the data
562.74 -> processing fees entirely all in on red
566.56 -> [Music]
567.21 -> [Laughter]
573.47 -> [Music]
578.839 -> yeah it's Adam listen we need to raise
582.36 -> the price on that new machine learning
584.399 -> service we're launching it reinvent
586.68 -> by a lot
588.959 -> I mean a lot
594.779 -> more than that
597.42 -> add facility pricing conventions I don't
599.58 -> care
601.56 -> I'm not the doctor Matt
603.03 -> [Music]
Source: https://www.youtube.com/watch?v=xUvsOMC9aTc