Sunday, November 2, 2025

Adding & Configuring Internet Gateway To AWS VPC | Deep Dive & Hands-On.

Adding & Configuring Internet Gateway (IGW) To AWS VPC - Overview & Hands-On.

Scope:

The Concept of Internet Gateway (IGW)
Step-by-Step Process,
Step-1, Create or Identify twtech VPC,
Step-2, Create an Internet Gateway,
Step-3, Attach IGW to the VPC,
Step-4, Update the Route Table,
Step-5, Configure a Public Subnet,
Step-6, Assign Public or Elastic IPs,
Step-7, Update Security Groups & NACLs,
Traffic Flow Sample,
Important Tips.

The Concept of Internet Gateway (IGW)

An Internet Gateway allows resources in the VPC (such as EC2 instances) to:

Access the Internet (outbound)
Be accessed from the Internet (inbound)

NB:

Internet Gateway acts as the bridge between twtech VPC and the public Internet.

Step-by-Step Process

Step-2, Create or Identify Your VPC

If twtech already has a VPC, note its VPC ID, Otherwise, create one:

# bash

aws ec2 create-vpc --cidr-block 10.0.0.0/16

Step-2, Create an Internet Gateway

# bash

aws ec2 create-internet-gateway

Output Sample:

# json

{
"InternetGateway": {
"InternetGatewayId": "igw-0abcd1234efgh5678",
"Attachments": [ ]
}
}

Step-3, Attach IGW to the VPC

Attaching the IGW to twtech target VPC:

# bash

aws ec2 attach-internet-gateway \
--vpc-id vpc-0abcd1234efgh5678 \
--internet-gateway-id igw-0abcd1234efgh5678

✅ NB:

This establishes connectivity between the VPC and the Internet Gateway (IGW).

Step-4, Update the Route Table

Add a default route that sends non-local traffic (0.0.0.0/0) to the Internet Gateway.

Sample:

# bash

aws ec2 create-route \
--route-table-id rtb-0123456789abcdef0 \
--destination-cidr-block 0.0.0.0/0 \
--gateway-id igw-0abcd1234efgh5678

NB:

This route tells instances in the public subnet to send Internet-bound traffic to the IGW.

Step-5, Configure a Public Subnet

NB:

A subnet becomes public when its route table includes a route to the IGW.

Sample:

Subnet CIDR: 10.0.1.0/24
Route Table entry: 0.0.0.0/0 → igw-xxxxxx

✅ Public subnet = Connected to Internet Gateway
❌ Private subnet = Connected to NAT Gateway (or no external route)

Step-6, Assign Public or Elastic IPs

For EC2 instances to communicate with the Internet:

Auto-assign a public IP on launch, OR
Associate an Elastic IP (EIP) afterward

NB:

Without a public IP, even a public subnet instance cannot access the Internet directly.

Step-7, Update Security Groups & NACLs

Security Group (SG):

Allow outbound: 0.0.0.0/0
Allow inbound (for example): SSH (22), HTTP (80), HTTPS (443)

Network ACL (NACL):

Inbound: allow ephemeral & specific ports
Outbound: allow responses to Internet traffic

Traffic Flow Sample

Outbound (EC2 → Internet):

Inbound (Internet → EC2):

Important Tips

Feature	Description
One IGW per VPC	A VPC can only have one attached IGW
Free of charge	No cost for IGW; twtech pays only for data transfer
Highly available	AWS automatically replicates it across AZs
Works with IPv4 & IPv6	IPv6 doesn’t need NAT — uses IGW directly

Sample Architectures

Project: Hands-On

How twtech adds then configure the internet Gateway to access resources in its VPC

Search for AWS service: VPC

Step-1,

twtech provisions an EC2 instances into a custom VPC (twtechvpc).

NB:

There is no internet access custom VPC.

That is why the custom VPC is recommended for Prod:

Launch instance:

Edit Network settings:

Select the custom VPC (twtechvpc) and PublicSubnetA (initially created)

Step-2:

Edit the Public Subnet (twtechPublicSubnetA) from console to Enable auto Assign IPv4 address.

Select and click open the Public Subnet (twtechPublicSubnetA) to enable.

From Action: edit the Subnet settings.

From: Unchecked (Disabled)

Auto-assign IP settings:

Enable AWS to automatically assign a public IPv4 or IPv6 address to a new primary network interface for an instance in this subnet.

To: checked (enabled)

Save changes to subnet settings:

Step-3:

Also Edit the Public Subnet (twtechPublicSubnetB) from console to Enable auto Assign IPv4 address.
Select and click open the Public Subnet (twtechPublicSubnetB) to enable auto Assign IPv4 address.

From: Unchecked (Disabled)

Auto-assign IP settings

Enable AWS to automatically assign a public IPv4 or IPv6 address to a new primary network interface for an instance in this subnet.

To: checked (enabled)

Save changes to subnet settings:

Step-4:

Return to EC2 instance console and complete network settings:

The auto-assign public IP should now be available for enable as well.
If not refresh the page and restart steps in provisioning an ec2 in the custom vpc (twtechvpc)

Firewall (security groups):

A security group is a set of firewall rules that control the traffic for twtech instance (twtechwebserver).
Add rules to allow specific traffic to reach the instance.

Launch instance:

Verify, then make sure the instance provisioned (twtechwebserver) is running and fully initialized:

Select instance to see details: below it seen that the instance has been auto assigned a Public IPv4 address.

NB:

The server has an IPV4 address but does not yet have public intern access (connectivity)

Step-5

Next,
twtech verifies whether the instance has internet connection via: EC2 instance connect

Console output: error establishing connection to instance.

Step-6:

Then, twtech adds internet connectivity via IGW (to allow public access) into the public subnets of its custom vpc created (twtechVPC).

Return to VPC console to add internet Gateway (IGW): to the Public subnets

Create an Internet Gateway:

Create internet gateway

An internet gateway is a virtual router that connects a VPC to the internet.
To create a new internet gateway specify the name for the gateway below.

Create internet gateway:

Step-7:

Attach the internet Gateway (twtecgIGW) to the VPC (twtechvpc)

Seletec the VPC (twtechvpc) and attach the IGW (twtechIGW)

Step-8,

Eventually, twtech needs to Verify again if the VPC (twtechvpc) at this point has internet: using EC2 instance connect from EC2 console

Not Yet

There is still a connectionproblem for instance to the internet:

Next:

How to get that fixed.

Even though twtech at this point has internet gateway (IGW) in its VPC, it needs yet to be assigned a: Route table.

Step-9:

twtech need to Edit existing route table or create a special route table (rt) to: associate with the IGW

Create route table: twtechPublicRT

Create another route table: twtechPrivateRT

Step-10:

Assign the subnets to the right route tables: Public subnets to public route

Also known as subnet Association.

Select the route table to be associated, then click on Subnet association tab (below) and: edit subnet association.

Add all the Public subnets in the Public Route table

Edit subnet associations
Change which subnets are associated with this route table.

Again:

Assign the subnets to the right route tables:

Private subnets to Private route table.

Both the public and private route tables have 2 subnets associated with them.

Step-11:

Edit routes in the Public route table to add internet connect (Public access) to exist local access (within the vpc)

From: local connection within the VPC only

To: Add route for public internet

Save edited routes:

Step-12: Finally

Verify again if the VPC (twtechvpc) now has internet: using EC2 instance connect from EC2 console

Successfully,

twtech has created a custom VPC, subnets (private/public), Internet gateway (IGW) and associate with:

subnets,
edited Public route table to add internet to Public subnet.

twtech also successfully connected (SSH) into the instance provision in its public subnet.
All twtech resources provision in the public subnet of the custom vpc (twtechvpc) are now accessible from the Public internet.