AWS beginner here. This question is about AWS VPC NAT instances.
As per the docs "You can use a network address translation (NAT) instance in a public subnet in your VPC to enable instances in the private subnet to initiate outbound IPv4 traffic to the Internet or other AWS services, but prevent the instances from receiving inbound traffic initiated by someone on the Internet."
But can this not be achieved by using a security group with the outbound rule: "0.0.0.0/0: All traffic" and restricting the inbound rule to receive only from within the VPC?
What am I missing here?