An Internet Gateway (IGW) is a horizontally scaled, redundant, and highly available VPC component that enables communication between instances in your VPC and the internet. It serves as a target in your VPC route tables for internet-routable traffic and performs network address translation (NAT) fo…An Internet Gateway (IGW) is a horizontally scaled, redundant, and highly available VPC component that enables communication between instances in your VPC and the internet. It serves as a target in your VPC route tables for internet-routable traffic and performs network address translation (NAT) for instances that have been assigned public IPv4 addresses.<br><br>Key characteristics of Internet Gateways include:<br><br>**Purpose and Function:**<br>Internet Gateways provide a pathway for resources within a VPC to access the internet and allow internet users to reach resources inside your VPC. They support both IPv4 and IPv6 traffic and impose no availability risks or bandwidth constraints on your network traffic.<br><br>**Configuration Requirements:**<br>To enable internet access, you must attach an IGW to your VPC, ensure your subnet route table points to the IGW for internet-bound traffic (0.0.0.0/0 for IPv4 or ::/0 for IPv6), verify that your instances have public IP addresses or Elastic IP addresses, and confirm that security groups and network ACLs allow the relevant traffic.<br><br>**Important Considerations:**<br>- Only one Internet Gateway can be attached to a VPC at any time<br>- There is no additional charge for having an Internet Gateway<br>- The IGW itself does not cause availability risks or bandwidth bottlenecks<br>- It supports both inbound and outbound traffic flows<br><br>**Route Table Configuration:**<br>For a subnet to be considered public, it must have a route to an Internet Gateway. A typical route entry would be destination 0.0.0.0/0 with the target set to your IGW ID (igw-xxxxxxxx).<br><br>**Security Best Practices:**<br>Always use security groups and network ACLs to control traffic flow through the Internet Gateway. Only resources that require internet access should be placed in subnets with routes to the IGW, keeping other resources in private subnets for enhanced security.
Internet Gateways - AWS SysOps Administrator Associate Guide
What is an Internet Gateway?
An Internet Gateway (IGW) is a horizontally scaled, redundant, and highly available VPC component that enables communication between instances in your VPC and the internet. It serves as a target in your VPC route tables for internet-routable traffic and performs network address translation (NAT) for instances with public IPv4 addresses.
Why is an Internet Gateway Important?
Internet Gateways are fundamental to AWS networking for several reasons:
• Internet Connectivity: They provide the essential link between your VPC and the public internet • High Availability: IGWs are fully managed by AWS and are inherently redundant across Availability Zones • No Bandwidth Constraints: They do not impose availability risks or bandwidth bottlenecks on your network traffic • Public Subnet Enablement: Required for any subnet that needs to host publicly accessible resources • Cost-Effective: There is no additional charge for having an Internet Gateway attached to your VPC
How Does an Internet Gateway Work?
The Internet Gateway operates through a straightforward process:
Step 1: Create an Internet Gateway and attach it to your VPC (one IGW per VPC)
Step 2: Update route tables in your subnets to point internet-bound traffic (0.0.0.0/0) to the IGW
Step 3: Ensure instances have public IP addresses or Elastic IP addresses assigned
Step 4: Configure security groups and network ACLs to allow the required traffic
For outbound traffic, the IGW performs source NAT, translating the private IP to the public IP. For inbound traffic, it performs destination NAT, translating the public IP to the private IP.
Key Characteristics to Remember:
• Only one IGW can be attached to a VPC at a time • An IGW cannot be detached from a VPC while there are active resources using it • Supports both IPv4 and IPv6 traffic • For IPv6, the IGW performs no NAT since IPv6 addresses are globally unique • An IGW must be created separately and then attached to the VPC
Internet Gateway vs NAT Gateway:
• IGW: Allows resources WITH public IPs to access the internet and be accessed FROM the internet • NAT Gateway: Allows resources with only private IPs to initiate outbound connections to the internet
Exam Tips: Answering Questions on Internet Gateways
Tip 1: When a question mentions instances cannot reach the internet, check for: IGW attached, route table configuration, public IP assignment, and security group rules - in that order.
Tip 2: Remember that an Internet Gateway alone is not sufficient. You must also have a route in the route table pointing to the IGW and instances must have public IPs.
Tip 3: If a question asks about making a subnet public, the answer involves: attaching an IGW to the VPC and adding a route 0.0.0.0/0 pointing to the IGW in that subnet's route table.
Tip 4: Questions about high availability - remember IGWs are inherently highly available and redundant. You do NOT need multiple IGWs for redundancy.
Tip 5: For IPv6 questions, remember that IGWs support IPv6 and that Egress-Only Internet Gateways are used when you want to allow outbound IPv6 traffic but prevent inbound connections.
Tip 6: If instances in a private subnet need internet access, the answer is NAT Gateway, not Internet Gateway. IGW is for public subnets.
Tip 7: When troubleshooting connectivity issues, remember the complete path: Instance → Security Group → Network ACL → Route Table → IGW → Internet.