Day 18: Internet Gateway
What is an Internet Gateway?
An Internet Gateway (IGW) is a critical component of a Virtual Private Cloud (VPC) that enables communication between resources within the VPC and the public internet. It acts as a virtual router that routes traffic between the VPC’s private network and the public internet.
Key Features of Internet Gateways
- Connectivity to the Internet: IGWs allow resources within a VPC, such as Amazon Elastic Compute Cloud (EC2) instances, to connect to the internet and access internet-based resources.
- Route Table Integration: IGWs are integrated with route tables within a VPC. To enable internet access, route tables must be configured to direct traffic destined for the internet to the IGW.
- One-to-One Relationship: A VPC can only be attached to one IGW, and an IGW can only be attached to one VPC. This ensures a controlled and secure connection between the VPC and the internet.
How Does an Internet Gateway Work?
When a resource within a VPC initiates a connection to the internet, the request is sent to the VPC’s route table. If the destination is the internet, the route table directs the traffic to the IGW. The IGW then routes the traffic to the appropriate external network.
Similarly, when a connection from the internet is initiated to a resource within a VPC, the internet gateway routes the traffic to the appropriate subnet within the VPC based on the public IP address of the destination resource.
Egress and Ingress Traffic
IGWs handle both egress and ingress traffic. Egress traffic refers to traffic originating from within the VPC and destined for the internet. Ingress traffic refers to traffic originating from the internet and destined for a resource within the VPC.
Network Address Translation (NAT)
For IPv4 traffic, IGWs perform Network Address Translation (NAT). NAT converts private IP addresses used within the VPC to public IP addresses that can be routed on the public internet. This is necessary because private IP addresses cannot be directly routed on the public internet.
Benefits of Using Internet Gateways
- Controlled Connectivity: IGWs provide a controlled and secure way for resources within a VPC to connect to the internet.
- Scalability: IGWs are horizontally scaled and highly available, ensuring that they can handle the traffic demands of even large VPCs.
- Security: IGWs can be integrated with security groups and network access control lists (ACLs) to further enhance the security of internet connectivity.
Creating and Managing Internet Gateways
IGWs can be created and managed using the Amazon Virtual Private Cloud (VPC) console, AWS Command Line Interface (CLI), or AWS SDKs.
Use case:
1. Providing Internet Access to EC2 Instances
A common use case for IGWs is to provide internet access to Amazon Elastic Compute Cloud (EC2) instances within a VPC. By attaching an IGW to a VPC and configuring the appropriate route table entries, EC2 instances can send and receive traffic to and from the internet, enabling them to access web servers, download updates, and communicate with other internet-based resources.
2. Hosting Web Applications
IGWs play a crucial role in hosting web applications within a VPC. By connecting the VPC to the internet, IGWs allow web servers running on EC2 instances to be accessible to users worldwide. This enables businesses to deploy their web applications in a secure and scalable environment on Amazon Web Services (AWS).
3. Accessing Cloud Storage
IGWs facilitate access to cloud storage services like Amazon Simple Storage Service (S3) from within a VPC. By attaching an IGW and configuring the route table, EC2 instances can securely upload, download, and manage data stored in S3 buckets. This enables businesses to leverage the scalability and reliability of S3 for their data storage needs.
