🔷

Internet Access – Recap

NAT Gateway (IPv4 only, in public subnet)

Allows private subnet IPv4 instances to access the internet
Uses an Elastic IP (e.g., 198.51.100.1)
Blocks unsolicited inbound traffic

Internet Gateway (IPv4 + IPv6)

Allows public subnet instances full two-way internet access
Required for public IPv4 and public IPv6 connectivity

Egress-only Internet Gateway (IPv6 only)

Allows private subnet IPv6 instances outbound-only access
Blocks inbound IPv6 connections initiated from the internet

Route Tables

Public Subnet

Destination	Target
`10.0.0.0/16`	local
`2001:db8:1234:1a00::/56`	local
`0.0.0.0/0`	igw-id
`::/0`	igw-id

Private Subnet

Destination	Target
`10.0.0.0/16`	local
`2001:db8:1234:1a00::/56`	local
`0.0.0.0/0`	nat-gateway-id
`::/0`	eigw-id