Lab Details
This lab will show you how to create a VPC that is IPv6 enabled, and launch an EC2 instance from it. Next, you'll configure and create the Egress-only IGW in your VPC and learn its purpose.
The lab will be practiced using VPC or EC2.
Duration: 90 minutes
AWS Region: US East, N. Virginia us-east-1
Introduction
What is an "Egress only" Internet Gateway?
An egress-only gateway is a vertically scaled redundant and highly available VPC component.
It allows you to communicate over IPv6 between instances within your VPC and the internet. The internet cannot establish an IPv6 connection to your instances.
IPv6 addresses are unique globally and therefore are public by default.
An egress-only gateway is an internet gateway that allows your instance to connect to the internet.
A stateful egress-only gateway to the internet is one that forwards traffic from instances in the subnet to other AWS services or the internet, and then returns the response to the instances.
What is a VPC and what does it do?
VPC stands to Virtual Private Cloud.
It is a virtual network that you have created within AWS Cloud.
Users can create and implement their own network by logically creating it.
Primary components include: Subnets and IP addresses, NAT devices (Instances & Gateways), Route Tables. Internet & Virtual Private Gateways. Access Control Lists. Security groups. VPC Endpoints.
A subnet is a segment within the VPC IP Address range that allows us to launch EC2 Instances and RDS as well as other AWS resources.
The subnet can be further classified as Private and Public.
The Internet can access public subnets that contain resources.
These are the common attributes that can be used to identify instances in Public Subnets.
Elastic IP (EIP), or Public IP address attached the EC2 instance.
IGW attached the VPC
A subnet must contain a route table entry with destination internet gateway (IGW).
NACLs and security groups should not prevent access.
Public subnets can be associated with a routetable that directs subnet traffic towards the internet via an Internet Gateway.
Private subnets contain resources that can be accessed within the VPC network.
Multiple subnets may be associated with one route table. A single subnet can't be associated with multiple routes tables.
Route tables contain a set of rules called routes, which are used to direct traffic.
Each subnet of a VPC can be linked to the route tables.
Your VPC will automatically include the Primary and Main route tables. They are responsible for routing all subnets not associated with any other route tables.
It is impossible to delete the default route table.
You can create custom route tables for your VPC and add routes as required.
If you don't need them, custom route tables can be removed.
Internet Gateway (IGW), a virtual router that connects a VPC to the Internet, is called Internet Gateway.
Instances that are launched from a VPC can not communicate with the Internet by default. Internet gateway was required to connect to the VPC to enable Internet access.
Public subnets are connected to IGW via route tables in order to be accessed over Internet.
Internet Gateways can be scaled horizontally, are highly available, and redundant.
AWS uses EIP (Elastic IP Address) to manage its dynamic cloud computing services.
It can be associated with an AWS Account and used to mask instances that fail. For example, if one server fails, we can map the IP address to another server so that you can continue your work without interruption.
A NAT device can be an instance or gateway residing in a Public subnet (to which an EIP has been assigned).
NAT devices allow instances of Private subnets to interact with the Internet.
The Access Control List (ACL), an optional layer of security, acts as a firewall to control network traffic within and outside the subnet.
The ACL defines rules for allowing and denying network traffic on ports or IP addresses.
