diff --git a/infrastructure/global/vpc/endpoints.tf b/infrastructure/global/vpc/endpoints.tf
index ee123f0dcb..77e7df7e12 100644
--- a/infrastructure/global/vpc/endpoints.tf
+++ b/infrastructure/global/vpc/endpoints.tf
@@ -3,7 +3,6 @@ resource "aws_vpc_endpoint" "s3" {
   service_name      = "com.amazonaws.eu-central-1.s3"
   vpc_endpoint_type = "Gateway"
   route_table_ids = concat(
-    [for route in aws_route_table.private : route.id],
     [for route in aws_route_table.public : route.id]
   )
 }
diff --git a/infrastructure/global/vpc/nat.tf b/infrastructure/global/vpc/nat.tf
deleted file mode 100644
index 333ed5891b..0000000000
--- a/infrastructure/global/vpc/nat.tf
+++ /dev/null
@@ -1,104 +0,0 @@
-resource "aws_eip" "nat_instance" {
-  domain = "vpc"
-  tags = {
-    Name = "nat public ip"
-  }
-}
-
-resource "aws_security_group" "nat" {
-  name        = "nat-instance-security-group"
-  description = "Allow NAT traffic"
-  vpc_id      = aws_vpc.default.id
-
-  ingress {
-    description = "HTTP traffic"
-    from_port   = 80
-    to_port     = 80
-    protocol    = "tcp"
-    cidr_blocks = [aws_vpc.default.cidr_block]
-  }
-
-  ingress {
-    description = "HTTPs traffic"
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = [aws_vpc.default.cidr_block]
-  }
-
-  ingress {
-    description = "Postgres traffic"
-    from_port   = 5432
-    to_port     = 5432
-    protocol    = "tcp"
-    cidr_blocks = [aws_vpc.default.cidr_block]
-  }
-
-  ingress {
-    description = "Clamav traffic"
-    from_port   = 3310
-    to_port     = 3310
-    protocol    = "tcp"
-    cidr_blocks = [aws_vpc.default.cidr_block]
-  }
-
-  egress {
-    from_port   = 80
-    to_port     = 80
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  egress {
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  egress {
-    from_port   = 5432
-    to_port     = 5432
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  egress {
-    from_port = 3310
-    to_port =  3310
-    protocol = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  tags = {
-    Name = "nat instance security group"
-  }
-}
-
-data "template_file" "nat_user_data" {
-  template = file("${path.module}/nat_instance_user_data.sh")
-}
-
-resource "aws_instance" "nat_instance" {
-  ami                    = "ami-0c058ff13c7598bc3"
-  instance_type          = "t4g.nano"
-  availability_zone      = "eu-central-1a"
-  subnet_id              = aws_subnet.public["eu-central-1a"].id
-  vpc_security_group_ids = [aws_security_group.nat.id]
-  source_dest_check      = false
-  user_data              = data.template_file.nat_user_data.rendered
-  key_name               = "pretix"
-
-  root_block_device {
-    volume_size = 8
-  }
-
-  tags = {
-    Name = "nat instance"
-  }
-}
-
-resource "aws_eip_association" "nat_instance_ip_assoc" {
-  instance_id   = aws_instance.nat_instance.id
-  allocation_id = aws_eip.nat_instance.id
-}
diff --git a/infrastructure/global/vpc/nat_instance_user_data.sh b/infrastructure/global/vpc/nat_instance_user_data.sh
deleted file mode 100644
index 0fe55efae4..0000000000
--- a/infrastructure/global/vpc/nat_instance_user_data.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-
-sudo yum install iptables-services -y
-sudo systemctl enable iptables
-sudo systemctl start iptables
-
-sudo touch /etc/sysctl.d/custom-ip-forwarding.conf
-sudo chmod 666 /etc/sysctl.d/custom-ip-forwarding.conf
-sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/custom-ip-forwarding.conf
-sudo sysctl -p /etc/sysctl.d/custom-ip-forwarding.conf
-
-sudo /sbin/iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE
-sudo /sbin/iptables -F FORWARD
-sudo service iptables save
diff --git a/infrastructure/global/vpc/private_subnet.tf b/infrastructure/global/vpc/private_subnet.tf
index 1a2f8eabcf..5136431b2a 100644
--- a/infrastructure/global/vpc/private_subnet.tf
+++ b/infrastructure/global/vpc/private_subnet.tf
@@ -10,27 +10,3 @@ resource "aws_subnet" "private" {
     AZ   = each.key
   }
 }
-
-resource "aws_route_table" "private" {
-  for_each = toset(keys(local.private_azs_cidr))
-  vpc_id   = aws_vpc.default.id
-
-  route {
-    cidr_block           = "0.0.0.0/0"
-    network_interface_id = aws_instance.nat_instance.primary_network_interface_id
-  }
-
-  tags = {
-    Name = "private subnet route table ${each.value}"
-  }
-
-  depends_on = [
-    aws_instance.nat_instance
-  ]
-}
-
-resource "aws_route_table_association" "private_subnet_to_private_route" {
-  for_each       = toset(keys(local.private_azs_cidr))
-  route_table_id = aws_route_table.private[each.value].id
-  subnet_id      = aws_subnet.private[each.value].id
-}
diff --git a/infrastructure/global/vpc/public_subnet.tf b/infrastructure/global/vpc/public_subnet.tf
index d48287abe2..00bedee100 100644
--- a/infrastructure/global/vpc/public_subnet.tf
+++ b/infrastructure/global/vpc/public_subnet.tf
@@ -36,8 +36,6 @@ resource "aws_route_table_association" "public_subnet_to_public_route" {
   subnet_id      = aws_subnet.public[each.value].id
 }
 
-# Internet gateway
-
 resource "aws_internet_gateway" "default" {
   vpc_id = aws_vpc.default.id
 }