Do I need NAT gateway and route table in a VPC if I don't want internet access?

2
votes

I am going to build a Lambda and a RDS aurora for my application. The RDS aurora needs to be inside a VPC and it doesn't need internet access. I have read a lot articles about VPC setup for database and all of them mentioned that need to create VPC, public/private subnets, route table, NAT gateway and internet gateway.

However, in my case, I don't need internet access in the database VPC. So my question is do I need NAT gateway and route table at all? I know each VPC has a default route table, is the default route table good enough? If I just create a VPC with 3 private subnets and attach the VPC to my lambda. Does it work?

1
amazon-web-servicesaws-lambdaamazon-vpcamazon-aurora

1 Answers

2
votes

Your understanding is correct and you don't need any NAT.

NAT is specifically used for accessing public internet from private subnet, but it doesn't seem to be required here.

Just make sure your Lambda doesn't need to access any external entity or AWS Service as well (Like S3). If you are required to access an AWS Service, you may create a VPC Endpoint for it. (Linked example is for S3)