AWS Networking Fundamentals
Core Networking Services
Internet Gateways VPC
In this lesson, we'll explore how Internet Gateways enable internet access for subnets in an Amazon Virtual Private Cloud (VPC), effectively converting private subnets into public ones.
By default, all newly created subnets are private: instances cannot reach the internet, nor can external clients initiate connections to them. Attaching an Internet Gateway to your VPC and updating route tables provides the necessary ingress and egress paths for internet communication.
Key Characteristics of Internet Gateways
Feature | Description |
---|---|
Attachment Limit | One Internet Gateway per VPC |
VPC Association | An Internet Gateway can only be attached to a single VPC at a time |
High Availability | Region-resilient across all Availability Zones |
Note
Internet Gateways are highly available within an AWS region and handle both ingress and egress traffic for your VPC.
Steps to Make a Subnet Public
- Create an Internet Gateway
aws ec2 create-internet-gateway
- Attach the Internet Gateway to Your VPC
aws ec2 attach-internet-gateway \ --internet-gateway-id igw-0123456789abcdef0 \ --vpc-id vpc-0abcdef1234567890
- Create a Custom Route Table
aws ec2 create-route-table --vpc-id vpc-0abcdef1234567890
- Add a Default Route (
0.0.0.0/0
)
Point to the Internet Gateway:aws ec2 create-route \ --route-table-id rtb-0abcdef1234567890 \ --destination-cidr-block 0.0.0.0/0 \ --gateway-id igw-0123456789abcdef0
- Associate the Public Subnet with the Custom Route Table
aws ec2 associate-route-table \ --subnet-id subnet-01234abcde5678fgh \ --route-table-id rtb-0abcdef1234567890
The default route (0.0.0.0/0 → igw-xxxxxxxx
) ensures that any traffic not matching more specific routes is forwarded to the Internet Gateway. Associating your subnet with this route table makes it a public subnet, enabling instances to send and receive internet traffic.
Public IP Assignment
Instances in a public subnet only receive a private IP address (e.g., 192.168.1.1
) by default. To allow access from the internet, enable Auto-assign Public IPv4 address on the subnet or assign a public IP when launching the instance. This allocates a public IP (e.g., 1.1.1.1
) and automatically maps it to the private IP.
From the instance’s perspective:
- Incoming requests target the public IP.
- AWS Network Address Translation (NAT) translates the public IP to the instance’s private IP.
- The instance processes traffic using its private IP, unaware of the public endpoint.
If an instance has multiple Elastic Network Interfaces (ENIs), each interface can have its own public IP address mapped to a private IP. AWS uses these mappings to direct internet traffic to the correct interface.
Summary
Summary Point | Details |
---|---|
Purpose of Internet Gateway | Provides a path for internet traffic into and out of your VPC |
Attachment Rules | One Internet Gateway per VPC; one VPC per Internet Gateway |
Public Subnet Requirement | Route table must include a default route pointing to the Internet Gateway |
Public IP for External Accessibility | Instances need a public IPv4 address (auto-assigned or manually added) |
References
Watch Video
Watch video content