How to Create a NAT Gatewaypublic

Validated on 28 Aug 2025 • Last edited on 28 Aug 2025

A Virtual Private Cloud (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks are inaccessible from the public internet and other VPC networks, and traffic on them doesn’t count against bandwidth usage. You can link VPC networks to each other using VPC peering connections.

VPC Network Address Translation (NAT) Gateway is a software-defined NAT Gateway service that centralizes outbound internet access for VPC resources within a datacenter. This enables isolating backend IPs while maintaining secure internet access.

You can create NAT gateways using the control panel, the command line doctl, or the DigitalOcean API.

Create a NAT Gateway Using the CLI

To create a NAT gateway, you need to provide the ID of a VPC network to place the gateway in. You can find a list of your VPC networks and their IDs using the doctl vpcs list command.

How to Create a NAT Gateway Using the DigitalOcean CLI
  1. Install doctl, the official DigitalOcean CLI.
  2. Create a personal access token and save it for use with doctl.
  3. Use the token to grant doctl access to your DigitalOcean account. 
    doctl auth init
  4. Finally, run doctl compute vpc-nat-gateway create. Basic usage looks like this, but you can read the usage docs for more details: 
    doctl compute vpc-nat-gateway create [flags]

When provisioning of the gateway starts, the state of the gateway displayed in the State column, updates to PROVISIONING instead of NEW. Then, it changes to ACTIVE when the provisioning process completes.

Next, you can set up your backend resources to route traffic through the gateway, as described in How to Configure Droplets for NAT Gateway or How to Configure DOKS for NAT Gateway.

Create a NAT Gateway Using the API

To create a NAT gateway, you need to provide the ID of a VPC network. You can find a list of your VPC networks and their IDs by using the /v2/vpcs endpoint.

How to Create a NAT Gateway Using the DigitalOcean API
  1. Create a personal access token and save it for use with the API.
  2. Send a POST request to https://api.digitalocean.com/v2/vpc_nat_gateways.

cURL

Using cURL:

curl -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
  -d '{
    "name": "test-vpc-nat-gateways",
    "type": "PUBLIC",
    "region": "tor1",
    "size": 1,
    "vpcs": [
      {
        "vpc_uuid": "0eb1752f-807b-4562-a077-8018e13ab1fb"
      }
    ],
    "udp_timeout_seconds": 30,
    "icmp_timeout_seconds": 30,
    "tcp_timeout_seconds": 30
  }' \
  "https://api.digitalocean.com/v2/vpc_nat_gateways"

The state of the gateway is NEW until PROVISIONING starts, then it becomes ACTIVE when the provisioning process completes.

Read How to Configure Droplets for NAT Gateway or How to Configure DOKS for NAT Gateway to set up your backend resources to route traffic through the gateway.

Create a NAT Gateway Using the Control Panel

To create a NAT gateway using the control panel, click Networking in the left menu, then click the VPC tab. In the VPC tab, click Actions, then Create a NAT Gateway.

On the Create NAT Gateway page, configure the following options:

Choose a region

Choose the NAT gateway’s datacenter region.

Select a VPC

Select a VPC network from any datacenter within the chosen region. The VPC network list is automatically filtered based on the selected region and the search terms.

Choose a size

The NAT gateway’s size scales the cost, available bandwidth, and outbound data transfer allotment.

Timeouts

Enter the desired idle timeouts in seconds for TCP, UDP, and ICMP connections.

Finalize

Finalize the NAT gateway by optionally creating a unique name for it. You can change the name at any time.

Review your total cost in the summary area at the upper-right corner of the control panel, then click Create NAT Gateway to create the NAT gateway.

After the provisioning completes, you can see an overview of the NAT gateway’s configuration and costs in the Overview tab.

Screenshot of a NAT gateway details page showing the Overview tab with Configuration Details, Monthly Cost, and Connection Details cards

Note the Routing table IP address, which you need to configure your Droplet or DOKS routing tables to send traffic through the gateway. Read How to Configure Droplets for NAT Gateway or How to Configure DOKS for NAT Gateway for instructions.

We can't find any results for your search.

Try using different keywords or simplifying your search terms.