Post

AWS - VPC Gateway - IGW

Posted
By Grace L
1 min read

Internet gateway (IGWs)

IGW

pic

pic

  • The key: whether it can access internet

  • IGW is resilient by design
    • a scalable, redundant, and highly available VPC component
      • horizontally scaled out, redundant, and highly available by default.
    • provide all subnets in all AZs with resilient internet connectivity
  • one IGW one VPC
    • Default VPC already has IGW
    • cannot assign more than one IGW to a VPC.

  • No network riskdor bandwidth constraints on network traffic.

  • allows communication between instances in your VPC and the internet
    • provide a way to get access to the internet
    • allow traffic on the internet to come by providing a target in the subnet route tables

      for internet-routable traffic.

      • Because the instance has a public IP address, the internet can access the public instance with the public IP address.
    • IGW has to add routing rules to the route table for resources in a public subnet to reach the internet

    • rules are not automatically created.

    • IGW two purposes

      :

      • to provide a target in VPC route tables for internet-routable traffic
        • To make subnet public
        • attach an internet gateway
        • add a route to the route table:
          • send non-local traffic through the internet gateway to the internet (0.0.0.0/0).
          • Public IPv4 addresses are never attached to the resource’s network interface.
      • to perform SNAT network address translation for instances that were assigned public IPv4 addresses
        • a record has the mappings of private to public IPs,
        • and the IGW performs SNAT on the associated resource.
          • When the IGW receives a packet from a resource with a public IP
          • it will adjust the packets.
          • It replaces the private IP with the associated public IP address
          • This process is known as SNAT.
  • enable access to or from the internet for instances in a VPC subnet, you must ensure:
    • Create an internet gateway
    • Attach an internet gateway to VPC
    • subnet's route table points to the internet gateway
      • Add a route to your subnet’s route table that directs internet-bound traffic to the internet gateway.
    • instances in subnet have public / Elastic IP addresses
      • (public IPv4 address, Elastic IP address, or IPv6 address)
    • NACLs and security groups

      allow the relevant traffic to flow to and from your instance.

.

01AWS, Network
AWS Network VPC
This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.