An Internet Gateway is a VPC component that enables communication between the VPC and the Internet. It does so by performing two key functions:
- Provide a target in VPC route tables for internet-routable traffic
- Perform Network Address Translation (NAT) for instances that have been assigned IPv4 addresses.
NAT is simply a mapping translation between private IP address and public IP address (or pool of addresses, in case of Dynamic NAT)
Key Points for Internet Gateway
- Internet Gateway is horizontally scaled, redundant and highly available.
- There can only be one Internet Gateway per VPC.
- Internet Gateway supports both IPv4 and IPv6 traffic.
- There is no additional charge for Internet Gateway.
Following diagram shows a simple Subnet connected to internet via Internet Gateway:
Image courtesy of AWS
Note: in order for Subnet to be public, it must have:
- a Public IP Address
- associated with an Internet Gateway
- a Route (in Route Table) allowing traffic to Internet Gateway
- a NACL rule allowing traffic to Internet Gateway
- a Security Group rule allowing traffic to Internet Gateway
You can provide internet access to private Subnet instances by using a NAT device – which will perform translation between private IP address of an instance and outside public IP address.
External Resources