Since NAT gateway only have redundancy within a single AZ, if I want to have a public/private pair of subnets in every AZ for the purpose of multi-AZ redundancy, I should have a NAT gateway in every AZ, shouldn't I?

Otherwise, if I have only one NAT, if the AZ goes down, all the subnets in all AZs go down with it, thus defeating the purpose of this multi-AZ deployment.

Am I right or wrong?

Yes, ideally you would have one NAT gateway per Availability Zone (AZ).

AWS documents this advice at Comparison of NAT Instances and NAT Gateways:

Highly available: NAT gateways in each Availability Zone are implemented with redundancy. Create a NAT gateway in each Availability Zone to ensure zone-independent architecture.

A single NAT gateway in a single AZ has redundancy within that AZ only, so if there were zonal issues then instances in other AZs would have no route to the internet.

Note: there are per hour charges for each NAT gateway as well as per GB data processed (see VPC Pricing). See How can I reduce data transfer charges for my NAT gateway?

From the AWS official NAT Gateway doc:

If you have resources in multiple Availability Zones and they share one NAT gateway, in the event that the NAT gateway's Availability Zone is down, resources in the other Availability Zones lose internet access, To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone.

The NAT Gateway enables outgoing Internet connectivity for a private subnet. It is important to note that you need to create a NAT Gateway for every Availability Zone that you have created private subnets to achieve high availability.

The described network architecture consisting of public subnets, private subnets, and HA NAT gateways

Considerations

• If keeping costs to a minimum is essential, the baseline costs of $32.00 per month per NAT Gateway could be a show stopper. When using three AZs, you will pay $96.00 per month for three NAT Gateways.
• The NAT Gateway also increases costs for outbound traffic. You have to pay a premium of $0.045 per GB flowing from a private subnet to the Internet. That’s raising the costs for outgoing traffic by 50%.

Extra Points!

• Terraform Infra as Code module simple VPC example

...

 azs             = ["us-east-1a", "us-east-1b", "us-east-1c"]
 private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
 public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]

 enable_nat_gateway = true
 single_nat_gateway = false # to get 1 NGW x AZ

...

Ref Link: https://cloudonaut.io/advanved-aws-networking-pitfalls-that-you-should-avoid/

This is a matter of 3 factors:

1. Redundancy requirements and implications.
   • If there is an interruption to NAT service in a given AZ how much impact can your application tolerate?
   • What is the likelihood of an interruption to more than one AZ being something other than an interruption affecting the entire region?
   • Redundant NATGWs do not fully insulate you from service interruptions. When a NATGW becomes unavailable all connections through that NATGW will be terminated. Similarly when that NATGW comes back the connections will be terminated again as the underlying routing will change back.
2. Per-NATGW cost.
   • Each NATGW currently costs about USD$32.40/mo
3. Intra-AZ bandwidth cost.
   • If you need to egress traffic via a NATGW that is not in the same AZ you will incur intra-AZ bandwidth costs of USD$0.01/GB in addition to the USD$0.045/GB NATGW bandwidth.

Depends on your use case.

Before creating a NAT GTW in each AZ, I would consider the specific use case and amount of traffic you use.

I suggest to read this great SO answer:

Amazon EC2 instances in private subnets can use a NAT Gateway as follows:

• The NAT Gateway is launched in a public subnet in the same VPC.
• The Route Table for the private subnet(s) require an additional entry that directs all Internet-bound traffic (0.0.0.0/0) to the NAT Gateway.

...

(*) The basic and trivial use case is that for DEV environment, you don't need 3 NAT GTW. You can even run in one AZ, because availability is more relevant for Production (and for Staging if it is decided that they should be a mirror of each other).