AWS for Beginners – How to Setup AWS Internet Gateway (VPC) – Part 85

Introduction to AWS internet gateway

An Internet Gateway (IGW) is a fundamental networking component in Amazon Web Services (AWS) that facilitates communication between your Virtual Private Cloud (VPC) and the public internet. It serves as a gateway or entry/exit point for network traffic, allowing resources within your VPC to access the internet and be accessed by external entities on the World Wide Web. In essence, an Internet Gateway acts as a bridge between your private cloud environment and the global internet.

Key Functions and Features of an Internet Gateway:

• Bidirectional Communication: An IGW enables both inbound and outbound communication. It allows resources in your VPC to send and receive data to and from the internet
• Public IP Addressing: Instances associated with an Internet Gateway can have public IP addresses. This means they can be directly accessed from the internet, making them suitable for hosting web servers, applications, and other services that require external access
• Inbound Traffic: An IGW allows incoming traffic from the internet to reach resources within your VPC. This is crucial for scenarios where you want to provide publicly accessible services to users or clients
• Outbound Traffic: Resources within your VPC can use the Internet Gateway to access external resources on the internet. This is useful for software updates, fetching data from external APIs, and other internet-dependent tasks
• Network Address Translation (NAT): An IGW also plays a role in NAT, allowing instances in private subnets (which don’t have public IP addresses) to initiate outbound connections to the internet while masking their private IP addresses
• Route Table Management: To enable internet connectivity, you update the route tables of your VPC’s subnets to include a route pointing to the Internet Gateway. This tells the VPC how to route traffic destined for the internet

Scenarios Where an Internet Gateway is Used:

• Hosting Public-Facing Services: Internet Gateways are commonly used to host web applications, APIs, and other services that need to be accessible to users on the internet
• Software Updates and Patching: Instances in private subnets can use an IGW to connect to external package repositories and fetch updates or patches
• Hybrid Cloud Configurations: An IGW is essential when establishing hybrid cloud setups where on-premises resources need to communicate with resources in the cloud
• External API Access: Resources in your VPC, such as Lambda functions or EC2 instances, can utilize the Internet Gateway to interact with third-party APIs and services over the internet

Important Considerations:

• Security: Proper security measures, such as firewalls, security groups, and network ACLs, should be configured to control and monitor traffic between the VPC and the internet
• Costs: Data transfer in and out of your VPC through the Internet Gateway might incur additional costs, so it’s important to be aware of your usage and optimize where possible
• Route Tables: To enable communication with the internet, you need to configure the appropriate route tables in your VPC

Amazon Web Services’ Internet Gateway is a fundamental component that empowers your VPC to seamlessly integrate with the global internet, enabling a wide range of cloud computing scenarios and facilitating the creation of robust and scalable applications and services.

Difference between public subnet and private subnet

A public subnet is a subnet that has a route to the internet gateway in the associated route table. A private subnet is a subnet that does not has a route to an internet gateway in its route table.

How to create AWS internet gateway

From the AWS Management Console, go to the “Services” dropdown, select “VPC”

In the VPC Dashboard, in the left navigation pane, click on “Internet Gateways”.

Click the “Create Internet Gateway” button.

Provide a name for your Internet Gateway (“demo-igw-01”) and click “Create Internet Gateway.”

When the internet gateway is created, it will be in detached state. You have to attach it to a VPC so that the resources in the VPC can use the internet gateway to connect to internet.

How to attach an Internet gateway to a VPC

Select the internet gateway (demo-igw-01) that you had created in the previous step and click on “Actions”. You can find an option “Attach to VPC”. Click on it.

In the next screen, select the VPC (demo-igw-vpc-01) under “Available VPCs” option and click on “Attach internet gateway”. This is will attach the internet gateway to that VPC. The status of internet gateway will now show as attached.

Add route tables within the VPC to enable traffic flow to internet

In order to allow traffic to flow through the Internet Gateway, you need to update the route tables associated with your subnets. When the internet gateway is associated in the route table of the subnet, the subnet becomes a public subnet.

In the VPC Dashboard, in the left navigation pane, click on “Route Tables”.

Select the route table associated with the VPC demo-igw-vpc-01.

Click the “Edit routes” button.

Add a new route with the destination CIDR block 0.0.0.0/0 and set the target to your Internet Gateway. This allows all traffic (0.0.0.0/0) to be routed through the Internet Gateway.

Step by step procedure to test Internet gateway

In this demo, we will use an EC2 instance with public IP and another EC2 instance without public IP and in a private VPC. We will create an internet gateway and check the connection to internet.

• EC2 instance:
  • Instance Name: demo-ec2-igw-01
  • Public IP: Yes
  • Private IP: Yes (10.0.0.129)
• Internet Gateway:
  • Internet gateway name: demo-igw-01
• VPC & Subnet:
  • VPC name: demo-igw-vpc-01
  • VPC IP CIDR block: 10.0.0.0/16
  • Subnet name: demo-igw-vpc-01-sub-01
  • Subnet range: 10.0.0.0/24

Scenarios to test internet gateway

1. Test incoming connections to EC2 through internet gateway, that is, test connection to EC2 instance with public IP address from local laptop before & after attaching the internet gateway to the VPC
2. Test outgoing connections through internet gateway, that is, test connection to internet from the EC2 instane to resources over internet

Scenario – 1: Test incoming connections to the EC2 instance

Test SSH connection to EC2 instance (demo-ec2-igw-01) from local laptop before attaching internet gateway to the VPC

We are trying to do SSH to the public IP of the EC2 instance demo-ec2-igw-01 from our local laptop. At this stage, the internet gateway is not attached to the VPC. We could see that the connection fails.

Test SSH connection to EC2 instance (demo-ec2-igw-01) from local laptop after attaching internet gateway to the VPC

After attaching the internet gateway to the VPC, now we are able to do SSH to the ec2 instance using the public IP attached to the EC2 instance and successfully test the connection to port 22.

Scenario – 2: Test outgoing connection to internet from the EC2 instance

Download files from the internet inside the EC2 instance (demo-ec2-igw-01) after attaching internet gateway to the VPC. In this example, we are trying to download an apache Maven package.

Conclusion:

In conclusion, the Internet Gateway (IGW) is a vital networking component within Amazon Web Services (AWS) Virtual Private Cloud (VPC) architecture. It serves as a link between your private cloud environment and the global internet, enabling secure and controlled communication between your AWS resources and external entities. The IGW facilitates both inbound and outbound traffic, making it an essential building block for a wide range of cloud computing scenarios.

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.