Tutorial: Setting Up a Direct Connection Between Instances in a VPC and the Internet
The goal of this tutorial is to enable instances in a subnet to directly connect to the Internet using an Internet gateway and External IPs (EIPs).
In this tutorial, you learn how to:
-
Set up an Internet gateway for your VPC
-
Configure your route tables and security groups for a direct connection to the Internet
Before you begin:
|
-
Create an Internet gateway. For more information, see Creating an Internet Gateway.
-
Attach the Internet gateway to the VPC. For more information, see Attaching an Internet Gateway to a VPC.
-
In the route table associated with the subnet in which your instances are, create a route with 0.0.0.0/0 as destination and the ID of the Internet gateway as target. For more information, see Creating a Route.
You can use the
0.0.0.0/0CIDR block as destination to scope all the destinations that are not explicitly routed in the route table, or you can use a smaller range of IPs corresponding, for example, to the public IPs of your internal network. -
To allow flows from your instances to the Internet, add a rule allowing outbound flows to the Internet (0.0.0.0/0 CIDR block, or a smaller range of public IPs) to the security group used for instances in your subnet. For more information, see Adding Rules to a Security Group.
To allow the Internet to initiate connections to your instances, add another rule allowing inbound flows from the Internet.
-
Associate an EIP with each instance launched in your subnet that you want to directly connect to the Internet. For more information, see Associating an EIP with an Instance or a Network Interface.
This EIP is the public IP used by the instance to be accessed from and to access to the Internet through the Internet gateway. For more information, see About Internet Gateways.
Instances in your subnet that are associated with an EIP are directly connected to the Internet using the Internet gateway.
Related Pages