From edb9d851c5f978a548fff2ec08dd70e141fd00fc Mon Sep 17 00:00:00 2001
From: Corey Quinn <corey@sequestered.net>
Date: Wed, 20 Dec 2017 16:16:22 -0800
Subject: [PATCH] Added NAT gateway caveat

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 2474699..dea3502 100644
--- a/README.md
+++ b/README.md
@@ -1575,6 +1575,8 @@ VPCs, Network Security, and Security Groups
 -	❗If you delete the default VPC, you can [recreate it via the CLI or the console](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html#create-default-vpc).
 -	❗Be careful with VPC VPN credentials! If lost or compromised, the VPN endpoint must be deleted and recreated. See the instructions for [Replacing Compromised Credentials](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html#CompromisedCredentials).
 -	❗Security Groups and Route Tables apply entries separately for IPv4 and IPv6, so one must ensure they add entries for both protocols accordingly.
+- 	💸Managed NAT gateways are a convenient alternative to 
+manually managing [NAT instances](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPCNATInstance.html), but they do come at a cost per gigabyte. Consider alternatives if you're transferring many terrabytes from private subnets to the internet.
 
 KMS
 ---