Skip to main content

Internet Gateway

Internet Gateway is a crucial VPC component that allows communication between your VPC and the Internet. You can connect to the Internet by adding a route toward the internet gateway to the route table associated with the subnet and connecting a public IP to a resource (e.g. BCS instance) on the subnet. Likewise, resources on the Internet can access resources on the subnet using public IP.

Internet gateway fundamentals

  • To communicate with the internet, an instance within a subnet needs to be associated with a public IP.
  • It's essential to configure security group policies to allow the intended internet traffic to and from instances.
  • Internet gateways are exclusive to public subnets.

Internet gateway by subnet type

  • Private subnet: Represents a subnet with no route to the internet gateway in the associated route table. Even if resources in a private subnet have public IPs attached, without an internet gateway, they cannot communicate with the Internet. One method to enable Internet access from private subnets is by using NAT instances.

  • Public subnet: Represents a subnet with a route to the internet gateway in the associated route table. Resources in a public subnet can access the Internet through this route.

Enable internet access

The following describes how to support Internet access using the internet gateway:

  1. Refer to Create VPC to create a public subnet. When creating a public subnet, it automatically generates a route table with an internet gateway route association.
  2. Create instances in the public subnet. Refer to Create and connect instance for more details.
  3. Attach public IPs to the created instances.
  4. Connect to the instances using SSH or remote desktop.

Disable internet access

The following describes how to disable Internet access from resources using the internet gateway:

  1. Disassociate any public IPs from resources linked to the subnets connected to the internet gateway.
  2. Remove the internet gateway route from the route table associated with the public subnet.