AWS vpc documentation change
Summary
Updated terminology and grammar (e.g., 'can't' to 'cannot'), consolidated routing rule explanations, and clarified packet handling for NAT Gateways
Security assessment
Changes are grammatical improvements and clarifications of existing NAT Gateway functionality. No mention of vulnerabilities, exploits, or security controls. Routing rule updates describe technical limitations rather than security features.
Diff
diff --git a/vpc/latest/userguide/nat-gateway-basics.md b/vpc/latest/userguide/nat-gateway-basics.md index 68165bb69..39e327862 100644 --- a/vpc/latest/userguide/nat-gateway-basics.md +++ b/vpc/latest/userguide/nat-gateway-basics.md @@ -21 +21 @@ The following characteristics and rules apply to NAT gateways: - * Each IPv4 address can support up to 55,000 simultaneous connections to each unique destination. A unique destination is identified by a unique combination of destination IP address, the destination port, and protocol (TCP/UDP/ICMP). You can increase this limit by associating up to 8 IPv4 addresses to your NAT gateways (1 primary IPv4 address and 7 secondary IPv4 addresses). You are limited to associating 2 Elastic IP addresses to your public NAT gateway by default. You can increase this limit by requesting a quota adjustment. For more information, see [Elastic IP addresses](./amazon-vpc-limits.html#vpc-limits-eips). + * Each IPv4 address can support up to 55,000 simultaneous connections to each unique destination. A unique destination is identified by a unique combination of destination IP address, the destination port, and protocol (TCP/UDP/ICMP). You can increase this limit by associating up to 8 IPv4 addresses to your NAT Gateways (1 primary IPv4 address and 7 secondary IPv4 addresses). You are limited to associating 2 Elastic IP addresses to your public NAT gateway by default. You can increase this limit by requesting a quota adjustment. For more information, see [Elastic IP addresses](./amazon-vpc-limits.html#vpc-limits-eips). @@ -23 +23 @@ The following characteristics and rules apply to NAT gateways: - * You can pick the private IPv4 address to assign to the NAT gateway or have it automatically assigned from the IPv4 address range of the subnet. The assigned private IPv4 address persists until you delete the private NAT gateway. You can't detach the private IPv4 address and you can't attach additional private IPv4 addresses. + * You can pick the private IPv4 address to assign to the NAT gateway or have it automatically assigned from the IPv4 address range of the subnet. The assigned private IPv4 address persists until you delete the private NAT gateway. You cannot detach the private IPv4 address and you cannot attach additional private IPv4 addresses. @@ -25 +25 @@ The following characteristics and rules apply to NAT gateways: - * You can't associate a security group with a NAT gateway. You can associate security groups with your instances to control inbound and outbound traffic. + * You cannot associate a security group with a NAT gateway. You can associate security groups with your instances to control inbound and outbound traffic. @@ -29 +29 @@ The following characteristics and rules apply to NAT gateways: - * A NAT gateway receives a network interface. You can pick the private IPv4 address to assign to the interface or have it automatically assigned from the IPv4 address range of the subnet. You can view the network interface for the NAT gateway using the Amazon EC2 console. For more information, see [Viewing details about a network interface](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#view_eni_details). You can't modify the attributes of this network interface. + * A NAT gateway receives a network interface. You can pick the private IPv4 address to assign to the interface or have it automatically assigned from the IPv4 address range of the subnet. You can view the network interface for the NAT gateway using the Amazon EC2 console. For more information, see [Viewing details about a network interface](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#view_eni_details). You cannot modify the attributes of this network interface. @@ -31,3 +31 @@ The following characteristics and rules apply to NAT gateways: - * You can't route traffic to a NAT gateway through a VPC peering connection. - - * You can't route traffic to a NAT gateway from Site-to-Site VPN or Direct Connect using a virtual private gateway. You can route traffic to a NAT gateway from Site-to-Site VPN or Direct Connect if you use a transit gateway instead of a virtual private gateway. + * You can't route traffic to a NAT gateway through a VPC peering connection. You can't route traffic through a NAT Gateway when traffic arrives over a hybrid connection (Site to Site VPN or Direct Connect) through a Virtual Private Gateway. You can route traffic through a NAT Gateway when traffic arrives over a hybrid connection (Site to Site VPN or Direct Connect) through a transit gateway. @@ -39 +37 @@ The following characteristics and rules apply to NAT gateways: - * Packets larger than 8500 bytes that arrive at the NAT gateway are dropped (or fragmented, if applicable). + * Packets larger than 8500 bytes that arrive at the NAT Gateway are dropped (or fragmented, if applicable).