Purpose
- Provides outbound-only internet access for IPv6 traffic.
- Works similarly to a NAT Gateway, but exclusively for IPv6.
- Ensures instances in private subnets can initiate internet connections while blocking inbound traffic.
Behavior
- Instances in a private subnet can send outbound IPv6 traffic to the internet.
- Unsolicited inbound IPv6 traffic from the internet is automatically blocked.
- Must be explicitly referenced in the Route Table for IPv6 destinations.
Key Points
- Used only with IPv6-enabled VPCs.
- Complements the standard Internet Gateway (which supports both inbound and outbound IPv6).
- Common in dual-stack VPC designs where IPv4 uses NAT and IPv6 uses an egress-only gateway.
Architecture Example
- Public Subnet:
- Routes IPv6 traffic through Internet Gateway for full two-way connectivity.
- Private Subnet:
- Routes IPv6 traffic through Egress-only Internet Gateway.
- Outbound connections succeed; inbound connections are blocked.
Example IPv6 Allocation:
- Public subnet instance:
2001:db8::b1c2
- Private subnet instance:
2001:db8::e1c3