Internet Connectivity

In this section, we will deploy an Internet Gateway (IGW) and NAT Gateway into our VPC.

An Internet Gateway establishes outside connectivity for EC2 instances that will be deployed into the VPC and provides both inbound and outbound connectivity to workloads running in public subnets whereas a NAT Gateway provides outbound connectivity for workloads running in private subnets.

Deploy an Internet Gateway

1. In the left hand panel click on Internet Gateways and click on Create internet gateway

   

2. Enter VPC A IGW as the name and click Create internet gateway in the bottom right corner

   

3. On the success screen for the newly created IGW and click on Attach to VPC:

   

4. Select VPC A from the dropdown list for Available VPCs and click Attach internet gateway

   

5. The Internet Gateway should attach successfully.

   

   We now have an internet access point for our VPC, but in order to utilize the newly created Internet Gateway, we need to update VPC routing tables to point the default routes for our public subnets to this Internet Gateway.

   Update Route Table for Public Subnets

6. In left hand panel of the VPC Dashboard click on Route Tables and select VPC A Public Route Table

   

7. Scroll down to the Routes tab

   

   As you can see there is only a local route, so we're going to enable internet access by adding a route to the Internet Gateway

8. Click on Edit Routes

9. In the resulting screen

   • Click on Add route
   • Enter 0.0.0.0/0 in the Destination
   • Select Internet Gateway from the Target dropdown

   

10. Choose VPC A IGW

    

11. Click Save changes and confirm that a new route has been added to the Routes tab

    

    Next we will add outbound connectivity from the private subnets by deploying a NAT Gateway in a public subnet for use by workloads that should not be directly exposed to the internet.

    Create NAT Gateway

12. In the left hand panel of the VPC Dashboard click on NAT Gateways and click on Create NAT gateway

    

13. In the Create NAT gateway screen

    • Enter VPC A NATGW as the name
    • Choose VPC A Public Subnet AZ1
    • Click Allocate Elastic IP
    • Click Create NAT gateway

    

14. Upon creation the NAT Gateway details are displayed

    

    Important

    In this workshop, we only created one NAT Gateway in AZ1. It is best practice to create a NAT Gateway in each AZ that is utilized.

    Update Route Table for Private Subnets

    Now that we have a NAT Gateway in a public subnet we need to create a route to it from the private subnets and we will do that by adding an entry to the Route Table for the private subnets.

15. In the left hand panel of the VPC Dashboard click on Route Tables

16. Select VPC A Private Route Table, scroll down to the Routes tab and click on Edit routes

    

17. In the Edit routes screen

    • Click on Add route
    • Enter 0.0.0.0/0 in the Destination
    • Select NAT Gateway from the Target dropdown

    

18. Choose VPC A NATGW and click on Save changes

    

19. Confirm the new route appears in the Routes tab of the resulting screen

    

We have now gone through the bread and butter of AWS networking and built a networking foundation of public and private subnets across two availability zones with internet access.