Internet Gateway and Route Tables
Attach an internet gateway to enable outbound internet access and configure route tables for public subnets.
Internet Gateway: The VPC Door to the Internet
An Internet Gateway (IGW) is a horizontally scaled, redundant, highly available VPC component that enables communication between your VPC and the internet. It performs Network Address Translation (NAT) for instances with public IPv4 addresses—translating their private IP to their Elastic IP or auto-assigned public IP for outbound traffic, and reversing the translation for inbound. One IGW per VPC; attaching an IGW to your VPC does not automatically give instances internet access—you must also update route tables and ensure the instances have public IPs.
# Create and attach an internet gateway
aws ec2 create-internet-gateway \
--tag-specifications 'ResourceType=internet-gateway,Tags=[{Key=Name,Value=prod-igw}]'
aws ec2 attach-internet-gateway \
--internet-gateway-id igw-12345678 \
--vpc-id vpc-12345678Route Tables: Traffic Direction
A route table is a set of rules (routes) that determine where network traffic from a subnet or gateway is directed. Every VPC has a main route table that all subnets use by default unless you explicitly associate a different route table with a subnet. Routes have a destination (CIDR block) and a target (local, internet gateway, NAT gateway, peering connection, etc.). The most specific route (longest prefix match) wins when multiple routes match a packet's destination.
# Create a route table for public subnets
aws ec2 create-route-table \
--vpc-id vpc-12345678 \
--tag-specifications 'ResourceType=route-table,Tags=[{Key=Name,Value=public-rt}]'All lessons in this course
- VPC Architecture and CIDR Blocks
- Internet Gateway and Route Tables
- NAT Gateway and Private Subnets
- Network ACLs vs Security Groups