Internet Gateway
π What is an Internet Gateway (IGW)?¶
An Internet Gateway is a horizontally-scaled, redundant AWS-managed gateway that allows your resources (like EC2 instances) in a VPC to connect to the internet.
It enables:
-
Outbound traffic: EC2 to internet
-
Inbound traffic: Internet to EC2 (if allowed by security)
ποΈ How Internet Access Works in AWS¶
For an EC2 instance to reach the internet, ALL these must be true:
| Component | Must Be Present β |
|---|---|
| Internet Gateway | Attached to the VPC |
| Route Table | Has 0.0.0.0/0 β IGW route |
| Subnet | Associated with above route table |
| Public IP / EIP | Instance must have one |
| Security Group | Must allow HTTP, SSH, etc. |
| NACL | Must allow traffic |
π Example Architecture¶
VPC: 10.0.0.0/16
β
βββ Subnet: 10.0.1.0/24 (Public)
β βββ EC2 instance (public IP)
β βββ Route table: 0.0.0.0/0 β Internet Gateway
β
βββ Internet Gateway (IGW)
βοΈ How to Create and Attach an IGW¶
β Using AWS Console¶
-
Go to VPC Dashboard
-
Click Internet Gateways > Create Internet Gateway
-
Give it a name
-
Click Attach to VPC, select your VPC
β Using AWS CLI¶
# Create IGW
aws ec2 create-internet-gateway --tag-specifications 'ResourceType=internet-gateway,Tags=[{Key=Name,Value=MyIGW}]'
# Attach it to your VPC
aws ec2 attach-internet-gateway \
--internet-gateway-id igw-0abc12345678 \
--vpc-id vpc-0123456789abcdef0
π Route Table Example (to connect public subnet to IGW)¶
aws ec2 create-route \
--route-table-id rtb-0123456789abcde \
--destination-cidr-block 0.0.0.0/0 \
--gateway-id igw-0abc12345678
π‘οΈ Security Considerations¶
| Area | Rule |
|---|---|
| Security Group | Must allow inbound traffic (e.g., port 80, 443, 22) |
| NACL | Should allow desired inbound and outbound ports |
| Public IP | EC2 must have a public IP or Elastic IP |
π« What IGW does not do¶
-
It doesnβt NAT private IPs. For that, use NAT Gateway or NAT Instance.
-
It doesnβt apply any firewall or filtering β that's the job of Security Groups and NACLs.
β Internet Gateway vs NAT Gateway¶
| Feature | Internet Gateway | NAT Gateway |
|---|---|---|
| Purpose | Connect public subnets to internet | Allow private subnets to access internet |
| Inbound Traffic | β Allowed | β Blocked |
| Public IP Needed? | β Yes (on EC2) | β No (uses NAT IP) |
| Cost | Free | Paid (hourly + GB data) |
π§ Summary¶
| Item | Description |
|---|---|
| What is IGW? | Connects VPC to the internet |
| Required for public? | β Yes, must route 0.0.0.0/0 β IGW |
| Public IP needed? | β Instance must have one |
| IGW cost | Free |
| CLI Create Steps | create-internet-gateway, attach-internet-gateway |
| Common Mistake | Not adding IGW route in route table |