Private subnet in the VPC will not be able to directly communicate with the internet. While connecting your private subnet to internet Nat Gateway and Nat instance comes into the picture.
NAT Gateway is highly available gateway as one NAT Gateway per availability zone and it is used to connect the private subnet to the internet without setting it as public. Elastic IP is compulsory for NAT Gateway.
Don’t worry about maintenance as it’s taken care by AWS.
NAT instance, firstly we need to disable the source and destination checks. It will translate the source IP to the public IP of the NAT instances. It’s same as an ec2 instance which Aws offers as nat instance in their AMI. In case of maintenance like OS updates, patching, it’s all customers responsibilities.