What is it?

An Internet Gateway (IGW) is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. It provides a route for traffic between your VPC and the public internet.

Key Concepts:

1. Enables Internet Access:
   • An Internet Gateway allows EC2 instances within your VPC to access the Internet and enables incoming connections from the Internet (for public-facing instances).
2. Public IP/Elastic IP Requirement:
   • For instances to use the IGW to communicate with the internet, they must have a public IP address or an Elastic IP address assigned.
3. Stateless Routing:
   • The Internet Gateway handles outbound and inbound traffic without maintaining any state, but EC2 instances must be configured to allow such traffic (via Security Groups and Route Tables).
4. Attaching to a VPC:
   • You must explicitly attach an Internet Gateway to your VPC. Without an attached IGW, the VPC cannot communicate with the internet.

Important Points:

1. One IGW per VPC:
   • Each VPC can only be attached to one Internet Gateway at a time.
2. Route Table Configuration:
   • The Route Table must include a route directing 0.0.0.0/0 traffic (i.e., all internet traffic) to the Internet Gateway for instances in the VPC to communicate with the internet.
3. Public and Private Subnets:
   • Typically, you associate an IGW with public subnets (where EC2 instances have public IPs) while private subnets (e.g., for databases) do not route traffic through an IGW.

Best Used For:

• Public Web Applications:
  • If you need EC2 instances to be publicly accessible (e.g., web servers), they should be placed in a public subnet with routing to an Internet Gateway.
• Outbound Internet Access:
  • Instances in public subnets that need to access external internet resources (such as downloading packages or reaching external APIs) also require an IGW.

Best Practices:

1. Use Elastic IPs Wisely:
   • Assign Elastic IPs to instances when you need persistent public IP addresses, as EC2 instances with public IPs may lose them upon stopping and starting.