An Internet Gateway is a VPC component that enables communication between the VPC and the Internet. It does so by performing two key functions:

  1. Provide a target in VPC route tables for internet-routable traffic
  2. Perform Network Address Translation (NAT) for instances that have been assigned IPv4 addresses.

NAT is simply a mapping translation between private IP address and public IP address (or pool of addresses, in case of Dynamic NAT)

 

Key Points for Internet Gateway

  • Internet Gateway is horizontally scaled, redundant and highly available.
  • There can only be one Internet Gateway per VPC.
  • Internet Gateway supports both IPv4 and IPv6 traffic.
  • There is no additional charge for Internet Gateway.

 

Following diagram shows a simple Subnet connected to internet via Internet Gateway:

Internet Gateway Overview

Image courtesy of AWS

 

Note: in order for Subnet to be public, it must have:

  1. a Public IP Address
  2. associated with an Internet Gateway
  3. a Route (in Route Table) allowing traffic to Internet Gateway
  4. a NACL rule allowing traffic to Internet Gateway
  5. a Security Group rule allowing traffic to Internet Gateway

You can provide internet access to private Subnet instances by using a NAT device – which will perform translation between private IP address of an instance and outside public IP address.

 


External Resources