An Internet Gateway allows communication between resources in a VPC (such as EC2 instances) and the public Internet.
Key Characteristics
- Enables bidirectional Internet access for resources in the VPC.
- Scales horizontally, providing high availability and redundancy.
- Must be created separately from the VPC.
- One-to-one relationship: one IGW can be attached to only one VPC, and a VPC can have only one IGW attached.
Important Notes
- Attaching an IGW alone does not provide Internet access.
- You must also update the VPC’s Route Table to send traffic destined for the Internet (
0.0.0.0/0) through the IGW.
- Only subnets with such a route and with public IPs assigned to their instances are considered public subnets.
Example Structure
- Region → AWS geographical location
- VPC → Logical isolated network in the region
- Availability Zone → Physical data center inside the region
- Subnets:
- Private Subnet → No direct Internet route
- Public Subnet → Route to the IGW for Internet access
- Internet Gateway → Connects public subnet resources to the Internet
To enable internet access for EC2 instances in a public subnet, you must configure the Route Table associated with the subnet