An Overview of Internet
Gateway (IGW) in AWS.
Scope:
- The concept: Internet Gateway,
- Core Functions of an IGW,
- How Internet Gateway Works,
- Configuration Sample,
- Traffic Flow Sample (Public
Instance)
- Contrast: IGW vs NAT Gateway,
- Advanced Notes,
- Visual Diagram for Internet Gateway.
The concept: Internet Gateway
- An Internet Gateway (IGW) is a AWS-managed component that allows communication between twtech VPC and the public Internet.
- An Internet Gateway (IGW) is horizontally scaled, redundant, and highly available.
- An Internet Gateway (IGW) serves two main purposes:
- Outbound access: Enables instances in public subnets to send traffic to the Internet.
- Inbound access: Allows Internet-based clients to reach instances in public subnets (if permitted by routing and security rules).
Core Functions of an
IGW
|
Function |
Description |
|
Traffic translation |
Translates private IP traffic (via Elastic IPs or public IPs) for
Internet communication. |
|
Routing target |
Acts as a target for public
routes in the VPC route table (0.0.0.0/0
→ IGW). |
|
Bidirectional
communication |
Enables both inbound and outbound
Internet communication (if routing,
NACLs, and SGs allow). |
|
Elastic scaling |
AWS automatically scales IGWs to
handle traffic loads—no provisioning or scaling required. |
|
No cost |
There’s no cost for creating or
using an IGW (twtech pays only for
data transfer). |
How Internet Gateway
Works
1, Public
Subnet Association
A subnet is public when:
- Its route
table has a default route (0.0.0.0/0) that targets
the Internet Gateway.
2, Instance
Accessibility
An EC2 instance in a public subnet can reach the Internet
if:
- It has a public
IPv4 address or Elastic IP.
- The route table has a default route to IGW.
- Security
groups and NACLs allow outbound traffic.
3, Return
Traffic
NB:
Return traffic is automatically
routed back through the IGW (AWS tracks connection state).
Configuration Sample: Step-by-Step Setup
- Create/Attach IGW
# bash
aws ec2 create-internet-gateway
aws ec2 attach-internet-gateway
--vpc-id vpc-xxxxxx --internet-gateway-id igw-xxxxxx
- Update Route Table
- Public route table → 0.0.0.0/0 → Internet Gateway (igw-xxxxxx)
- Assign Public IP or EIP
- EC2 → Networking → “Auto-assign Public IPv4 address: Enabled”
- or associate an Elastic IP manually.
- Verify Security
- Security Group: Allow outbound (0.0.0.0/0) and inbound
(e.g., port 22 or 80) if needed.
- NACLs: Ensure inbound/outbound rules allow
traffic.
Traffic Flow Sample (Public Instance)
Inbound Path (Internet → Instance):
Contrast: IGW vs NAT
Gateway
|
Feature |
Internet
Gateway |
NAT
Gateway |
|
Purpose |
Public Internet access (bidirectional) |
Outbound-only Internet access for
private subnets |
|
Subnet
type |
Used with public subnets |
Used with private subnets |
|
IP
mapping |
Uses public/elastic IPs |
Uses NAT EIP |
|
Inbound
traffic |
Allowed (if configured) |
Not allowed |
|
Outbound
traffic |
Allowed |
Allowed (for private subnets) |
Advanced Notes
- One IGW per VPC (though twtech
can detach and reattach to another VPC).
- Supports IPv6 natively (no NAT
required).
- Highly available across all Availability Zones
automatically.
- Not stateful in itself — relies on VPC stateful rules and
connection tracking.
Visual Diagram for Internet
Gateway
No comments:
Post a Comment