AWScloud~5 mins

Internet Gateway for public access in AWS - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

When you want your cloud servers to talk to the internet, you need a way to connect them. An Internet Gateway lets your servers send and receive data from the internet safely and easily.

When you want a web server in your cloud to be reachable by anyone on the internet.

When you need to download software updates directly from the internet to your cloud machines.

When you want to allow your cloud applications to access external APIs or services on the internet.

When you want to host a public website or app that users can visit from anywhere.

When you need to enable cloud resources to send data to internet-based monitoring or logging services.

Config File - main.tf

main.tf

provider "aws" {
  region = "us-east-1"
}

resource "aws_vpc" "example_vpc" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "example-vpc"
  }
}

resource "aws_internet_gateway" "example_igw" {
  vpc_id = aws_vpc.example_vpc.id
  tags = {
    Name = "example-igw"
  }
}

resource "aws_subnet" "example_public_subnet" {
  vpc_id            = aws_vpc.example_vpc.id
  cidr_block        = "10.0.1.0/24"
  map_public_ip_on_launch = true
  availability_zone = "us-east-1a"
  tags = {
    Name = "example-public-subnet"
  }
}

resource "aws_route_table" "example_public_rt" {
  vpc_id = aws_vpc.example_vpc.id
  tags = {
    Name = "example-public-rt"
  }
}

resource "aws_route" "default_route" {
  route_table_id         = aws_route_table.example_public_rt.id
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = aws_internet_gateway.example_igw.id
}

resource "aws_route_table_association" "public_subnet_association" {
  subnet_id      = aws_subnet.example_public_subnet.id
  route_table_id = aws_route_table.example_public_rt.id
}

This Terraform file creates a virtual private cloud (VPC) with a public subnet. It attaches an Internet Gateway to the VPC, which allows traffic to and from the internet. A route table is created with a default route sending all internet traffic (0.0.0.0/0) to the Internet Gateway. The public subnet is associated with this route table, enabling instances in that subnet to have public internet access.

Commands

This command initializes Terraform in the current directory. It downloads the AWS provider plugin and prepares Terraform to manage the infrastructure.

Terminal

terraform init

Expected OutputExpected

Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/aws... - Installing hashicorp/aws v4.0.0... - Installed hashicorp/aws v4.0.0 (signed by HashiCorp) Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure.

This command applies the Terraform configuration to create the VPC, Internet Gateway, subnet, route table, and associations. The -auto-approve flag skips manual approval to speed up deployment.

Terminal

terraform apply -auto-approve

Expected OutputExpected

aws_vpc.example_vpc: Creating... aws_vpc.example_vpc: Creation complete after 2s [id=vpc-0abcd1234efgh5678] aws_internet_gateway.example_igw: Creating... aws_internet_gateway.example_igw: Creation complete after 1s [id=igw-0abcd1234efgh5678] aws_subnet.example_public_subnet: Creating... aws_subnet.example_public_subnet: Creation complete after 2s [id=subnet-0abcd1234efgh5678] aws_route_table.example_public_rt: Creating... aws_route_table.example_public_rt: Creation complete after 1s [id=rtb-0abcd1234efgh5678] aws_route.default_route: Creating... aws_route.default_route: Creation complete after 1s aws_route_table_association.public_subnet_association: Creating... aws_route_table_association.public_subnet_association: Creation complete after 1s Apply complete! Resources: 6 added, 0 changed, 0 destroyed.

→

-auto-approve - Automatically approve the apply without prompting

This AWS CLI command checks that the Internet Gateway is attached to the VPC by filtering Internet Gateways attached to the specific VPC ID.

Terminal

aws ec2 describe-internet-gateways --filters Name=attachment.vpc-id,Values=vpc-0abcd1234efgh5678

Expected OutputExpected

{ "InternetGateways": [ { "InternetGatewayId": "igw-0abcd1234efgh5678", "Attachments": [ { "VpcId": "vpc-0abcd1234efgh5678", "State": "available" } ] } ] }

→

--filters - Filter results to show only Internet Gateways attached to the specified VPC

Key Concept

If you remember nothing else from this pattern, remember: an Internet Gateway connects your cloud network to the internet, enabling public access for resources in public subnets.

Common Mistakes

Not associating the public subnet with a route table that has a route to the Internet Gateway.

Without this association, instances in the subnet cannot send traffic to the internet even if the Internet Gateway exists.

Always create a route table with a default route to the Internet Gateway and associate it with your public subnet.

Forgetting to enable 'map_public_ip_on_launch' on the subnet.

Instances launched in the subnet won't get public IP addresses automatically, so they won't be reachable from the internet.

Set 'map_public_ip_on_launch = true' in the subnet configuration to assign public IPs automatically.

Summary

Initialize Terraform to prepare for deployment with 'terraform init'.

Apply the configuration to create VPC, Internet Gateway, subnet, and routing with 'terraform apply'.

Verify the Internet Gateway is attached to your VPC using AWS CLI commands.