Beta

AWS Networking Fundamentals

Core Networking Services

Internet Gateway Demo

In this tutorial, you’ll convert a private subnet into a public subnet by attaching an Internet Gateway and updating the route table. After completing these steps, any EC2 instance launched in your public subnet will have Internet access.

Overview

StepDescription
1Create a VPC & Subnet
2Launch an EC2 instance in the public subnet
3Verify default connectivity (should fail)
4Create & attach an Internet Gateway
5Configure the route table for Internet access
6Test Internet connectivity (should succeed)

Prerequisites

  • An AWS account with permissions to manage VPCs and EC2.
  • A generated SSH key pair (for example, aws-demo.pem).

Note

You can refer to the AWS VPC Documentation for more details on VPC components.

1. Create a VPC and Public Subnet

  1. In the AWS Console, go to VPC > Your VPCs and click Create VPC.
  2. Set the IPv4 CIDR block to 10.0.0.0/16. Optionally add an IPv6 block.
  3. Click Create VPC.

The image shows an AWS Management Console screen displaying details of a Virtual Private Cloud (VPC) named "vpcdemo," including its ID, state, and network configurations. The left sidebar lists various VPC-related options like subnets and route tables.

  1. Navigate to Subnets > Create subnet:
    • Name tag: public-subnet
    • VPC: your newly created VPC
    • IPv4 CIDR block: 10.0.1.0/24
  2. Click Create subnet.

2. Launch an EC2 Instance in the Public Subnet

  1. Open EC2 Console > Instances > Launch instances.
  2. For Name, enter my-public-server.
  3. Choose Amazon Linux 2023 under Application and OS Images (AMI).

The image shows an AWS EC2 instance setup page, where a user is configuring a new instance with Amazon Linux 2023 AMI and a t2.micro instance type.

  1. Select the t2.micro instance type (free tier).
  2. Under Key pair, choose aws-demo.pem.
  3. Expand Network settings > Edit and configure:
    • VPC: your new VPC
    • Subnet: public-subnet
    • Auto-assign public IP: Enable

The image shows an AWS EC2 instance launch configuration screen, detailing instance type, key pair, network settings, and a summary of the selected options.

  1. Under Security group, allow SSH (port 22) from 0.0.0.0/0. Optionally add ICMP for ping.

The image shows an AWS EC2 instance launch configuration screen, detailing security group settings and a summary of the instance specifications, including the instance type and storage volume.

  1. Click Launch instance and wait for it to switch to running.

3. Verify Default Connectivity (Should Fail)

After your instance is running, copy its public IP (example: 54.159.89.36) and test connectivity:

The image shows an AWS EC2 Management Console with details of two instances, one terminated and one running, including instance IDs, states, and public IP addresses.

ping 54.159.89.36
ssh -i aws-demo.pem [email protected]
# Connection hangs.

By default, there’s no Internet route, so the instance remains unreachable despite having a public IP.

4. Create and Attach an Internet Gateway

  1. In the VPC Console, select Internet Gateways and click Create internet gateway.
    • Name tag: my-internet-gateway
  2. Click Create internet gateway.
  3. Select the newly created gateway, choose Actions > Attach to VPC, and select your VPC.

The image shows an AWS Management Console screen displaying details of a newly created subnet within a Virtual Private Cloud (VPC). The subnet is listed as available with its associated VPC and IPv4 CIDR block.

The image shows an AWS Management Console screen displaying details of an internet gateway that is successfully attached to a VPC. It includes information such as the gateway ID, state, VPC ID, and tags.

Pinging still fails because the route table isn’t updated yet.

5. Configure the Route Table for Internet Access

  1. Go to VPC > Route Tables and click Create route table.
    • Name tag: public-route-table
    • VPC: your demo VPC
  2. Click Create route table.
  3. Select the new route table, open Subnet associations, click Edit subnet associations, check public-subnet, and save.

The image shows an AWS VPC management console displaying a list of subnets and details of a selected subnet's route table. The interface includes subnet names, IDs, states, and associated VPCs.

  1. In the Routes tab, click Edit routes > Add route:
    • Destination: 0.0.0.0/0
    • Target: my-internet-gateway
  2. Save the route.

The image shows an AWS Management Console screen displaying details of a route table within a Virtual Private Cloud (VPC). It includes route information and subnet associations.

6. Test Internet Connectivity (Should Succeed)

Now retry ping and SSH using the public IP:

ping 54.159.89.36
ssh -i aws-demo.pem [email protected]
# Welcome to your public EC2 instance!

Congratulations! Your public-subnet is now internet-enabled, and any EC2 instances launched into it can be accessed from the Internet.

Additional Resources

Watch Video

Watch video content

Previous
Internet Gateways VPC
Next
NAT Gateways VPC