Archives April 2019

AWS NAT Instances using ARM A1 Instance Type

If you host AWS EC2 instances in a private subnet, you will often need to configure a NAT Instance or NAT Gateway so your EC2 instances can communicate with other Amazon Web Services (e.g. RDS, SQS, SNS, SES) and/or so your EC2 instances download OS and software updates.

Pricing Comparison

NAT Gateway $0.045/hour + $0.045/GB
Built in Redundancy (single AZ), Network Performance Up to 45 Gbps

NAT Instance (m5.large) $0.096/hour
No Redundancy, Network Performance Up to 10 Gbps

NAT Instance (a1.medium) $0.0255/hour
No Redundancy, Network Performance Up to 10 Gbps

NAT Instance (t3.nano) $0.0052/hour
No Redundancy, Network Performance Up to 5 Gbps

NAT Instance (t2.nano) $0.0058/hour
No Redundancy, Network Performance “Low”

NAT Gateway vs NAT Instance

The NAT Gateway is the best option for most production workloads since it is managed by AWS and has built-in fault tolerance (in a single AZ), but can become expensive for high traffic applications. Each NAT gateway is created in a specific Availability Zone and implemented with redundancy in that zone. You must deploy (and pay for) multiple NAT Gateways in a region for Multi-AZ redundancy.

The NAT Instance is often a good option for low traffic dev/test environments since small EC2 instances running NAT Instance can cost 10x less than the NAT Gateway managed service.

If you prefer managing your own NAT Instance(s) and need moderate network performance, you could use T3 instances (up to 5 Gbps) or M5 instances (up to 10 Gbps). With the introduction of ARM-based instances, you can also leverage low-cost A1 instances (up to 10 Gbps).

ARM-Based NAT Instance

AWS has not yet published an ARM-based community AMI designed for use as a NAT Instance, but you can launch an existing ARM-based AMI and configure it for use as a NAT Instance. You need to enable packet forwarding at a minimum, and should lookup a guide to harden the OS if you are using the NAT Instance in production.

Follow existing AWS instructions (or this step-by-step guide) to configure your subnets and your NAT Instance. When you follow the guide(s), use the latest Debian arm64 image (currently “debian-stretch-hvm-arm64-gp2-2019-02-19-26259”) AMI for ARM processors instead of using the AWS NAT Instance AMI (or the Ubuntu AMI). Then login to your new Debian-based ARM Instance and run the following commands to enable IP forwarding and setup NAT rules.

echo '#!/bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -j MASQUERADE
' | sudo tee /etc/network/if-pre-up.d/nat-setup
sudo chmod +x /etc/network/if-pre-up.d/nat-setup
sudo /etc/network/if-pre-up.d/nat-setup

The instances on my private subnet were not able to immediately communicate with the internet. I rebooted my new Debian-based NAT Instance and restarted the test instances on my private subnet, then traffic began passing through the NAT Instance just fine.

Using Mobile Internet/Data while Connected to a WiFi Network (iOS/Android)

Are you trying to connect your mobile phone or other device with 4G/5G mobile data access to a WiFi network or WiFi-enabled device that does not have Internet access? Would you like to force the device to use your Mobile Internet connection even if your WiFi network has Internet access?

Situations might include connecting directly to a camera that broadcasts a WiFi network or controlling your smart home devices after cancelling your home internet service.

Great news! This CAN be done. See below for instructions for iOS devices (iPhone or iPad) and Android devices (Samsung Galaxy, Google Pixel, etc)

iOS devices

NOTE: iOS 12 / iOS 13 / iOS 14 may automatically detect that your WiFi network does NOT have Internet and allow you to access other devices on the WiFi network while automatically using your mobile Internet. If not, you can follow these steps to FORCE iOS to use mobile Internet while connected to a WiFi network.

iOS 12 / iOS 13 / iOS 14 Instructions (use mobile data for specific WiFi network)

  1. Go to “Settings” then “WiFi”
  2. Connect to your WiFi network
  3. Click the Info (i) icon next to your current WiFi network to view network info
  4. Make note of your IP Address and Subnet Mask
  5. Change “Configure IP” from “Automatic” to “Manual” and enter the IP Address and Subnet Mask. DO NOT CONFIGURE ROUTER. The “Router” setting should be BLANK/EMPTY!
  6. Save your changes. iOS will show “No Internet Connection” next to your WiFi device. iOS should no longer attempt to connect to Internet through this WiFi network.

The change above will only affect the WiFi network you are currently connected to. If you connect to another WiFi network, your iOS device will try to use that network’s Internet connection unless you repeat these steps.

Android devices

You may be able to manually configure your WiFi network connection similar to the iOS method above. If not, you can force your phone to always use your mobile data connection.

Android 9 instructions (use mobile data for specific WiFi network)

  1. Go to Settings > Connections > WiFi
  2. Tap and hold your WiFi network name until a menu appears
  3. Click “Manage Network Settings”
  4. Make note of your IP Address and Subnet Mask
  5. Change “IP Settings” from “DHCP” to “Static”
  6. Remove the IP address from “Gateway” so that “Gateway” is blank.
  7. DO NOT CHANGE any other settings. Be sure to leave “IP Address” or “Network Prefix Length” alone. The “Router” setting should be BLANK/EMPTY!
  8. Save your changes. Android should no longer attempt to connect to Internet through this WiFi network.

Recent versions of Android OS also allow users to force the OS to always use Mobile Data. This is not as ideal as the iOS settings above, so only use as a last resort. You must toggle this setting whenever you DO want to use a WiFi Internet Connection.

Android 9 instructions (always use mobile data)

Enable Developer Mode

  1. Go to Settings > System > About Phone
  2. Tap “Build Number” until Developer Mode is enabled

Toggle Mobile Data Setting

  1. Go to Settings > System > Developer Options
  2. Toggle “Mobile Data Always Active”

Android 8 Instructions (always use mobile data)

Enable Developer Mode

  1. Go to Settings > About Phone > Software Information
  2. Tap “Build Number” (~7 times) until “Developer Mode has been turned on” is displayed

Toggle Mobile Data Setting

  1. Go to Settings > Developer Options > Network
  2. Toggle “Keep Mobile data turned on”

WARNING: Enabling this option will force your device to ALWAYS use mobile data. Your device will NEVER try to access the Internet through your WiFi connection, even if you switch to a WiFi network that DOES have Internet access.

If you suspect Developer Options are causing any problems, you can go back to Developer Options (Settings > Developer Options) and change the very first toggle from “On” to “Off”.

Have you found a better way to configure iOS or Android to connect to a WiFi network while using mobile data? If so, please share details in the comments below!