OCI NAT Gateway Terraform – Full Setup Guide (Updated 2025)

In this post, we’ll walk through a real oci nat gateway terraform scenario, revisiting one of the key building blocks of secure and scalable cloud networking — the OCI NAT Gateway, using a real example taken from Lesson 4 of my Flagship OCI Infrastructure Automation Course.

In the early days of OCI, providing outbound connectivity for private subnets required setting up and managing a custom NAT Instance — essentially a virtual machine acting as a router, with iptables configuration and manual maintenance.
👉 That approach is now obsolete. NAT Gateway has completely replaced it — it’s fully managed, scalable, and requires zero operational overhead.

🌐 Why Use NAT Gateway in OCI

When deploying backend servers in a private subnet, these machines typically do not have public IP addresses for security reasons. However, they often need to access the Internet for OS updates, installing packages, or communicating with external services.

The correct way to handle this scenario is to use NAT Gateway for outbound traffic. Internet Gateway is only used for public subnets; private subnets rely on NAT Gateway for secure outbound connections without exposing themselves publicly.

The diagram below shows the scenario from our flagship Terraform course. The web servers are placed inside a private subnet, hidden behind a public Load Balancer. Their outbound traffic flows through the NAT Gateway, not the Internet Gateway:

Figure 1. Example architecture showing private web servers accessing the Internet via OCI NAT Gateway, while inbound traffic is handled by a public Load Balancer and Internet Gateway.

🧱 Deploying OCI NAT Gateway with Terraform (oci nat gateway terraform)

Using Terraform, you can provision an OCI NAT Gateway in just a few lines of code. The example below shows the NAT Gateway and the associated private route table configuration:

resource "oci_core_nat_gateway" "FoggyKitchenNatGateway" {
  compartment_id = var.compartment_ocid
  display_name   = "Foggy Kitchen NAT Gateway"
  vcn_id         = oci_core_virtual_network.FoggyKitchenVCN.id
}

resource "oci_core_route_table" "FoggyKitchenPrivateRouteTable" {
  compartment_id = var.compartment_ocid
  vcn_id         = oci_core_virtual_network.FoggyKitchenVCN.id
  display_name   = "Foggy Kitchen Private Route Table"

  route_rules {
    destination       = "0.0.0.0/0"
    destination_type  = "CIDR_BLOCK"
    network_entity_id = oci_core_nat_gateway.FoggyKitchenNatGateway.id
  }
}

Here’s a minimal oci nat gateway terraform example you can use. 👉 Full Terraform code for this lesson is available on GitHub: network.tf

This snippet illustrates the core pattern used in many production deployments. The NAT Gateway acts as a single egress point for all private subnets, while routing is handled through the private route table.

📝 Key Considerations

✅ Use NAT Gateway for outbound Internet access from private subnets.
🌐 Internet Gateway is only for public subnets and inbound traffic.
🛡 No public IPs are needed on your backend servers.
🚀 NAT Gateway simplifies network architecture compared to legacy NAT Instances.

📚 Learn More

If you want to see this deployed end-to-end using Terraform, check out Lesson 4 of the Flagship Course.
The entire lab — including the Load Balancer, NAT Gateway, and Bastion host — is fully automated. You can also explore the GitHub repository to follow along.

🔑 Focus Keyword Recap

This article covered oci nat gateway terraform configuration, practical use cases, and code references. NAT Gateway remains the recommended way to provide secure outbound connectivity for private subnets in Oracle Cloud Infrastructure.

🚀 Master OCI Networking with Terraform

Learn how to build complete, production-grade OCI network topologies — including NAT Gateway, Load Balancer, Bastion hosts, and more — fully automated with Terraform.

🔒 Lifetime • ⏱️ Self-paced • 🧪 Real labs