About Internet Gateways

Internet gateways enable instances in a Virtual Private Cloud (VPC) to be directly connected to the Internet. Internet gateways can be used as target in route tables for network traffic directed to the Internet.

An Internet gateway is a component that you can attach to a VPC to enable direct communication between your instances in this VPC and the Internet. To do so:

  • You need to create a route in the route table of one or more subnets directing Internet traffic to the Internet gateway.

  • Instances in these subnets must have an External IP (EIP) associated with them.

  • You need to add appropriate rules allowing traffic to and from the Internet to the security group of these subnets.

Public Subnet and Internet Gateway Architecture

sch General InternetGateways

As instances are only aware of the private IP space of the VPC and subnet, the Internet gateway performs Network Address Translation (NAT) for your instances using their EIP. When traffic leaves the VPC subnet to the Internet, the Internet gateway sets the reply address field to the EIP associated with the instance instead of the instance private IP. When traffic comes from the Internet to an EIP associated with an instance, the Internet gateway translates this EIP into the instance private IP before traffic reaches the VPC, enabling it to reach the instance.

When creating a route to the Internet gateway in the subnet route table, you can use the CIDR block as destination to scope all the destinations that are not explicitly routed in the route table, or you can use a smaller range of IPs corresponding, for example, to the public IPs of your internal network.

In a VPC, the Maximum Transmission Unit (MTU) is limited to 1500 bytes for packets directed to the Internet using an Internet gateway.

Related Pages