Step by step on how to add then Configure an Internet Gateway (IGW) to twtech Custom
VPC
Focus:
· From
concept to full routing and traffic flow.
Breakdown:
- The Concept: Internet Gateway (IGW)
- Step-by-Step Process,
- Step-1, Create or Identify twtech VPC,
- Step-2, Create an Internet Gateway,
- Step-3, Attach IGW to the VPC,
- Step-4, Update the Route Table,
- Step-5, Configure a Public Subnet,
- Step-6, Assign Public or Elastic IPs,
- Step-7, Update Security Groups & NACLs,
- Traffic Flow Sample,
- Important Tips.
The Concept: Internet
Gateway (IGW)
An Internet Gateway allows
resources in the VPC (such as EC2 instances) to:
- Access the Internet (outbound)
- Be accessed from the Internet (inbound)
NB:
Internet Gateway acts as the bridge between twtech VPC and the public Internet.
Step-by-Step Process
Step-2, Create or Identify Your VPC
If twtech already has a VPC, note its VPC
ID, Otherwise, create one:
# bash
aws ec2 create-vpc --cidr-block 10.0.0.0/16
Step-2, Create an Internet Gateway
# bash
aws
ec2 create-internet-gateway
Output example:
# json
{
"InternetGateway": {
"InternetGatewayId":
"igw-0abcd1234efgh5678",
"Attachments": [ ]
}
}
Step-3, Attach IGW to the VPC
Attach the IGW to your target VPC:
# bash
aws
ec2 attach-internet-gateway \
--vpc-id vpc-0abcd1234efgh5678 \
--internet-gateway-id igw-0abcd1234efgh5678
✅ This
establishes connectivity between the VPC and the Internet Gateway.
Step-4, Update the Route Table
Add a default route that
sends non-local traffic (0.0.0.0/0) to the Internet Gateway.
Example:
# bash
aws
ec2 create-route \
--route-table-id rtb-0123456789abcdef0 \
--destination-cidr-block 0.0.0.0/0 \
--gateway-id igw-0abcd1234efgh5678
NB:
This route tells instances in the public
subnet to send Internet-bound traffic to the IGW.
Step-5, Configure a Public Subnet
NB:
A subnet becomes public when
its route table includes a route to the IGW.
Example:
- Subnet CIDR: 10.0.1.0/24
- Route Table entry: 0.0.0.0/0
→ igw-xxxxxx
✅ Public subnet = Connected to Internet Gateway
❌ Private
subnet = Connected to NAT Gateway (or no external route)
Step-6, Assign Public or Elastic IPs
For EC2 instances to communicate
with the Internet:
- Auto-assign a public IP on launch, OR
- Associate an Elastic IP (EIP) afterward
NB:
Without a public IP, even a public subnet
instance cannot access the Internet directly.
Step-7, Update Security Groups & NACLs
- Security Group (SG):
- Allow outbound: 0.0.0.0/0
- Allow inbound (for example): SSH (22), HTTP (80),
HTTPS (443)
- Network ACL (NACL):
- Inbound: allow ephemeral & specific ports
- Outbound: allow responses to Internet traffic
Traffic Flow Sample
Outbound
(EC2 → Internet):
Inbound
(Internet → EC2):
Important Tips
|
Feature |
Description |
|
One IGW per VPC |
A VPC can only have one attached
IGW |
|
Free of charge |
No cost for IGW; you pay only for
data transfer |
|
Highly available |
AWS automatically replicates it
across AZs |
|
Works with IPv4
& IPv6 |
IPv6 doesn’t need NAT — uses IGW
directly |
Example Architecture
Project: Hands-On
How twtech adds then configure the internet Gateway to access
resources in its VPC
Search for AWS service: VPC
Step-1,
- twtech launch an EC2 instances into a custom VPC (twtechvpc). To verify that it has no internet access:
Launch instance:
Edit Network settings:
- Select the custom VPC (twtechvpc) and PublicSubnetA (initially created)
Step-2:
- Edit the Public Subnet (twtechPublicSubnetA) from console to: Enable auto Assign IPv4 address.
- Select and click open the Public Subnet (twtechPublicSubnetA) to enable.
From Action: edit the Subnet settings.
From: Unchecked (Disabled)
Auto-assign
IP settings:
- Enable AWS to automatically assign a public IPv4 or IPv6 address to a new primary network interface for an instance in this subnet.
To: checked (enabled)
- Save changes to subnet settings:
Step-3:
- Also Edit the Public Subnet (twtechPublicSubnetB) from console to: Enable auto Assign IPv4 address.
- Select and click open the Public Subnet (twtechPublicSubnetB) to enable.
From: Unchecked (Disabled)
Auto-assign IP settings
- Enable AWS to automatically assign a public IPv4 or IPv6 address to a new primary network interface for an instance in this subnet.
To: checked (enabled)
Save changes to subnet settings:
Step-4:
Return to EC2 instance console and complete network settings:
- The
auto-assign public IP should now be available for enable as well.
- If not refresh the page and restart steps in provisioning an ec2 in the custom vpc (twtechvpc)
Firewall (security groups):
- A security group is a set of firewall rules that control the traffic for twtech instance (twtechwebserver). Add rules to allow specific traffic to reach the instance.
Launch instance:
- Verify, then make sure the instance provisioned (twtechwebserver)
is running and fully
initialized:
- Select instance to see details: below it seen that the instance has been auto assigned a Public IPv4 address.
NB:
- The server has an IPV4 address but does not yet have public intern access (connectivity)
Step-5
- First, Let’s verify whether the instance has internet connection via: instance
connect
- Console output: error establishing connection to instance.
Step-6:
- How twtech adds internet connectivity via IGW (to allow public access) into the public subnets of its custom vpc created (twtechVPC).
Return to VPC console to add internet Gateway (IGW): to the Public subnets
- Create an Internet Gateway:
Create
internet gateway
- An internet gateway is a virtual router that connects a VPC to the internet. To create a new internet gateway specify the name for the gateway below.
- Create internet gateway:
Step-7:
- Attach the internet Gateway (twtecgIGW) to the VPC (twtechvpc)
- Seletec the VPC (twtechvpc) and attach the IGW (twtechIGW)
Step-8,
- Verify again if the VPC (twtechvpc) now has internet: using EC2 instance connect from
EC2 console
- There is still a problem connection to instance: How to get that fixed.
- Even though twtech now has internet gateway in its VPC, it needs yet
to be assigned a: Route table.
Step-9:
- Edit or create a special route table (rt) to: associate with the IGW
- Create route table: twtechPublicRT
- Create another route table: twtechPrivateRT
Step-10:
- Assign the subnets to the right route tables: Public
subnets to public route (subnet Association)
- Select the route table to be associated, then click on Subnet
association tab (below) and: edit subnet association.
Add all the Public subnets in the Public Route table
- Edit
subnet associations
- Change which subnets are associated with this route table.
Again:
- Assign the subnets to the right route tables: Private
subnets to Private route table.
- Both the public and private route tables have 2 subnets associated with them.
Step-11:
- Edit routes in the Public route table to add internet connect (Public access) to exist local access (within the vpc)
From: local connection within the VPC only
To: Add route for public internet
Save edited routes:
Step-12: Finally
- Verify again if the VPC (twtechvpc) now has internet: using EC2 instance connect from
EC2 console
Successfully,
- twtech has created a: custom VPC, subnets (private/public), Internet gateway (IGW) and associate with subnets, edited Public route table to add internet that is associated with the Public subnet.
- twtech also successfully connected into the instances created in its public subnet.
- All twtech resources provision in the public subnet of the custom vpc (twtechvpc) are now accessible from the Public internet.
Trying to ping some accounts:
ping think-with-tech.blogspot.com
No comments:
Post a Comment