Sold by: Metaphor
Deployed on AWS
Metaphor Gateway is a high-performance eBPF NAT gateway for AWS that replaces AWS NAT Gateway at a fraction of the cost. Kernel-level packet processing, multi-Gbps throughput (often under 1% CPU overhead), includes a real-time traffic monitoring dashboard, and supports optional Cloudflare Connector tunnel integration for Zero Trust integrated egress and VPN routing options.
Overview
Metaphor Gateway is a next-generation NAT gateway purpose-built for AWS, using eBPF technology to process network traffic directly in the Linux kernel. Where AWS NAT Gateway charges hourly plus data processed, Metaphor Gateway runs on your own EC2 instances - delivering significant throughput with sub-millisecond latency, often under 1% CPU overhead.
Metaphor Gateway integrates natively with AWS Gateway Load Balancer (GWLB) via GENEVE encapsulation, enabling transparent insertion into your VPC traffic flow with automatic scaling and high availability. The included Scry dashboard gives you real-time visibility into every connection traversing your NAT - fleet health status, TCP state distribution, per-connection byte counters, top talkers, and critical event alerts. No more flying blind through your NAT layer.
For organizations that need secure egress, Metaphor Gateway supports optional Cloudflare Connector tunnel integration, routing user traffic through Cloudflare's global network for security filtering, while keeping health check traffic on the direct path. Deployment is simple via CloudFormation.
Highlights
- Replace AWS NAT Gateway and cut costs by up to 90%. Metaphor Gateway processes multi-Gbps on a t4g.medium, often with under 1% CPU overhead. A single instance, or multi-az deployment replaces AWS NAT Gateways, eliminating per-hour and per-GB data processing charges while giving you full control over your NAT infrastructure.
- Real-time traffic monitoring dashboard included. The Scry dashboard shows fleet health, live connection tracking, TCP state distribution, top talkers, and critical alerts. Giving you complete visibility into your NAT layer that AWS NAT Gateway simply doesn't provide.
- Simple deployment with GWLB integration and optional Cloudflare Zero Trust filtering and networking. Deploy via CloudFormation with native Gateway Load Balancer support, automatic GENEVE encapsulation, and VNI detection. Add Cloudflare Connector tunnel integration for secure egress with advanced networking options.
Details
Sold by
Categories
Delivery method
Delivery option
Load Balanced Metaphor NAT Gateway
Metaphor NAT Gateway
64-bit (Arm) Amazon Machine Image (AMI)
Latest version
Operating system
AmazonLinux 2023
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c8gn.medium Recommended | $0.01 |
m8g.12xlarge | $0.01 |
r8gn.4xlarge | $0.01 |
c8gn.12xlarge | $0.01 |
m7g.metal | $0.01 |
c7gn.xlarge | $0.01 |
r8gn.medium | $0.01 |
m8g.24xlarge | $0.01 |
c7gn.12xlarge | $0.01 |
c6gn.xlarge | $0.01 |
Vendor refund policy
All sales are final. This product is provided as-is without warranty of any kind, express or implied. No refunds will be issued. Customers are encouraged to test using the AWS free tier or a short-duration deployment before committing to ongoing use.
Support is available as a separate offering from Metaphor.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (Arm) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
First public release
Additional details
Usage instructions
Prerequisites
- A VPC with at least one public subnet (with internet gateway) and one private subnet.
- An IAM role with AmazonSSMManagedInstanceCore and CloudWatchAgentServerPolicy managed policies attached, plus permission to call cloudwatch:PutMetricData on namespace Flow NAT.
Launch the instance
- In the EC2 console, launch the Metaphor Gateway AMI into your public subnet.
- Select an ARM64/Graviton instance type (t4g.small or larger recommended).
- Attach the IAM role above as the instance profile.
- Disable Source/Dest Check - required for NAT forwarding. In the EC2 console, select the instance, go to Actions > Networking > Change source/destination check and disable it.
- Set the security group to allow all traffic from your VPC CIDR inbound, and all outbound.
Configure via User Data Provide the following as plain text in the User Data field (not a script - no shebang). Each line is a key=value pair written to /etc/flowd/environment at first boot:
ENABLE_CLOUDWATCH=true FLOW_LOG_GROUP=/flow/my-stack/nat/flowd GENEVE_ENABLED=false
For Cloudflare Connector egress (optional), add: WARP_TOKEN_SSM=/my/ssm/parameter/name CLOUDFLARE_ENABLED=true
All other settings (INTERNET_INTERFACE, NAT_INTERFACES) are auto-detected at boot.
Update private route tables For each private subnet that should route through this NAT instance, go to VPC > Route Tables, edit the route table, and add:
- Destination: 0.0.0.0/0
- Target: the NAT instance ID
Verify Connect via SSM Session Manager (no SSH key needed): aws ssm start-session --target <INSTANCE_ID> --region <REGION> Then on the instance: systemctl is-active flowd curl -sf http://localhost:8080/health iptables -t nat -L POSTROUTING -n
From a private subnet instance, confirm internet access: curl -sf --max-time 10 https://checkip.amazonaws.com
Support
Vendor support
Email support is available at support@metaphor.cloud for all Marketplace subscribers. Enterprise Support options are available.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Metaphor is the next evolution of the Data Catalog with fully automated support for Data Governance, Data Literacy, and Data Enablement using an extremely intuitive user interface that turns even the most non-technical user into a catalog fan. For private offers, please reach out to sales@metaphor.io.
This AI agent generates diverse article titles for technology content, creating four distinct variations (conservative, creative, metaphorical, and bold) that incorporate target keywords and follow industry best practices. It uses example titles as reference to maintain consistency with your brand voice while ensuring each title has a unique tone and style. Perfect for content marketers and tech writers who need compelling, SEO-optimized headlines quickly.
The NimbleStory: Organizational Alignment Kit helps internal teams build shared understanding around strategic change. Through guided, metaphor-driven narratives and collaborative storytelling tools, this package enables alignment across departments, functions, and leadership levels. It includes software licensing, templates, and facilitation services to accelerate adoption and drive clarity.
FICO® Decision Modeler enables business users to author, test, and optimize decision logic that delivers their organizations higher profitability, lower development costs, and the flexibility to rapidly iterate and adapt to current and future business climates. (Private Offer Only)
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.