AWS Networking Fundamentals

Core Networking Services

Internet Gateways VPC

In this lesson, we'll explore how Internet Gateways enable internet access for subnets in an Amazon Virtual Private Cloud (VPC), effectively converting private subnets into public ones.

By default, all newly created subnets are private: instances cannot reach the internet, nor can external clients initiate connections to them. Attaching an Internet Gateway to your VPC and updating route tables provides the necessary ingress and egress paths for internet communication.

Key Characteristics of Internet Gateways

FeatureDescription
Attachment LimitOne Internet Gateway per VPC
VPC AssociationAn Internet Gateway can only be attached to a single VPC at a time
High AvailabilityRegion-resilient across all Availability Zones

Note

Internet Gateways are highly available within an AWS region and handle both ingress and egress traffic for your VPC.

Steps to Make a Subnet Public

  1. Create an Internet Gateway
    aws ec2 create-internet-gateway
    
  2. Attach the Internet Gateway to Your VPC
    aws ec2 attach-internet-gateway \
      --internet-gateway-id igw-0123456789abcdef0 \
      --vpc-id vpc-0abcdef1234567890
    
  3. Create a Custom Route Table
    aws ec2 create-route-table --vpc-id vpc-0abcdef1234567890
    
  4. Add a Default Route (0.0.0.0/0)
    Point to the Internet Gateway:
    aws ec2 create-route \
      --route-table-id rtb-0abcdef1234567890 \
      --destination-cidr-block 0.0.0.0/0 \
      --gateway-id igw-0123456789abcdef0
    
  5. Associate the Public Subnet with the Custom Route Table
    aws ec2 associate-route-table \
      --subnet-id subnet-01234abcde5678fgh \
      --route-table-id rtb-0abcdef1234567890
    

The image illustrates the setup of an Internet Gateway within a VPC, showing steps like creating the gateway, attaching it to the VPC, creating a custom route table, and configuring the default route. It includes a diagram of a region with a VPC, availability zone, public subnet, and route table.

The default route (0.0.0.0/0 → igw-xxxxxxxx) ensures that any traffic not matching more specific routes is forwarded to the Internet Gateway. Associating your subnet with this route table makes it a public subnet, enabling instances to send and receive internet traffic.

Public IP Assignment

Instances in a public subnet only receive a private IP address (e.g., 192.168.1.1) by default. To allow access from the internet, enable Auto-assign Public IPv4 address on the subnet or assign a public IP when launching the instance. This allocates a public IP (e.g., 1.1.1.1) and automatically maps it to the private IP.

From the instance’s perspective:

  • Incoming requests target the public IP.
  • AWS Network Address Translation (NAT) translates the public IP to the instance’s private IP.
  • The instance processes traffic using its private IP, unaware of the public endpoint.

The image illustrates a network diagram of an AWS Cloud setup, showing a public subnet with a resource that has both a private IP (192.163.1.1) and a public IP (1.1.1.1), accessible by a user.

If an instance has multiple Elastic Network Interfaces (ENIs), each interface can have its own public IP address mapped to a private IP. AWS uses these mappings to direct internet traffic to the correct interface.

Summary

Summary PointDetails
Purpose of Internet GatewayProvides a path for internet traffic into and out of your VPC
Attachment RulesOne Internet Gateway per VPC; one VPC per Internet Gateway
Public Subnet RequirementRoute table must include a default route pointing to the Internet Gateway
Public IP for External AccessibilityInstances need a public IPv4 address (auto-assigned or manually added)

The image is a summary slide with three key points about internet gateways and VPCs, highlighting connectivity, attachment, and limitations.

References

Watch Video

Watch video content

Previous
Route Table Demo