KodeKloud Notes

In this lesson, we'll explore how Internet Gateways enable internet access for subnets in an Amazon Virtual Private Cloud (VPC), effectively converting private subnets into public ones.

By default, all newly created subnets are private: instances cannot reach the internet, nor can external clients initiate connections to them. Attaching an Internet Gateway to your VPC and updating route tables provides the necessary ingress and egress paths for internet communication.

Key Characteristics of Internet Gateways

Feature	Description
Attachment Limit	One Internet Gateway per VPC
VPC Association	An Internet Gateway can only be attached to a single VPC at a time
High Availability	Region-resilient across all Availability Zones

Note

Internet Gateways are highly available within an AWS region and handle both ingress and egress traffic for your VPC.

Steps to Make a Subnet Public

Create an Internet Gateway
```
aws ec2 create-internet-gateway
```

Attach the Internet Gateway to Your VPC

aws ec2 attach-internet-gateway \
  --internet-gateway-id igw-0123456789abcdef0 \
  --vpc-id vpc-0abcdef1234567890

Create a Custom Route Table

aws ec2 create-route-table --vpc-id vpc-0abcdef1234567890

Add a Default Route (0.0.0.0/0)
Point to the Internet Gateway:

aws ec2 create-route \
  --route-table-id rtb-0abcdef1234567890 \
  --destination-cidr-block 0.0.0.0/0 \
  --gateway-id igw-0123456789abcdef0

Associate the Public Subnet with the Custom Route Table

aws ec2 associate-route-table \
  --subnet-id subnet-01234abcde5678fgh \
  --route-table-id rtb-0abcdef1234567890

The image illustrates the setup of an Internet Gateway within a VPC, showing steps like creating the gateway, attaching it to the VPC, creating a custom route table, and configuring the default route. It includes a diagram of a region with a VPC, availability zone, public subnet, and route table.

The default route (0.0.0.0/0 → igw-xxxxxxxx) ensures that any traffic not matching more specific routes is forwarded to the Internet Gateway. Associating your subnet with this route table makes it a public subnet, enabling instances to send and receive internet traffic.

Public IP Assignment

Instances in a public subnet only receive a private IP address (e.g., 192.168.1.1) by default. To allow access from the internet, enable Auto-assign Public IPv4 address on the subnet or assign a public IP when launching the instance. This allocates a public IP (e.g., 1.1.1.1) and automatically maps it to the private IP.

From the instance’s perspective:

Incoming requests target the public IP.
AWS Network Address Translation (NAT) translates the public IP to the instance’s private IP.
The instance processes traffic using its private IP, unaware of the public endpoint.

The image illustrates a network diagram of an AWS Cloud setup, showing a public subnet with a resource that has both a private IP (192.163.1.1) and a public IP (1.1.1.1), accessible by a user.

If an instance has multiple Elastic Network Interfaces (ENIs), each interface can have its own public IP address mapped to a private IP. AWS uses these mappings to direct internet traffic to the correct interface.

Summary

Summary Point	Details
Purpose of Internet Gateway	Provides a path for internet traffic into and out of your VPC
Attachment Rules	One Internet Gateway per VPC; one VPC per Internet Gateway
Public Subnet Requirement	Route table must include a default route pointing to the Internet Gateway
Public IP for External Accessibility	Instances need a public IPv4 address (auto-assigned or manually added)

The image is a summary slide with three key points about internet gateways and VPCs, highlighting connectivity, attachment, and limitations.

References

Watch Video

Watch video content