- regionally resilient gateway
- one gateway per VPC is enough
- A IGW (internet gateway) is a bidirection, one-to-one NAT. When a resource in a VPC gets assigned a public IPv4 address, the address is not directly assigned to the resource, but to the IGW. When the IGW receives traffic, it maps the public address to the private address and forwards the traffic to the resource.
- VPC can have max 1 IGW, and IGW can be attached to 1 VPC max.
- Routes traffic between VPC, internet, and AWS public zones (SQS, S3, etc)
- IGW can be used as a VPC route target.
- Needed to make a VPC subnet public
- Attach an IGW to VPC.
- Create custom route table and attach it to subnet.
- Add IGW as a default route in the route table.
- Configure the subnet to auto-allocate public IPv4/6 addresses to resources.
- Note that the resource (e.g. EC2 instance) is not aware of the public IP address (i.e. you can’t use
ip addr
to view the public address). The address is managed by IGW’s internal NAT.