Bird
Raised Fist0
AWScloud~10 mins

Internet Gateway for public access in AWS - Step-by-Step Execution

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Process Flow - Internet Gateway for public access
Create VPC
Create Internet Gateway
Attach Internet Gateway to VPC
Create Public Subnet in VPC
Update Route Table
Add Route: 0.0.0.0/0 -> Internet Gateway
Launch Public Resources
Resources have public internet access
This flow shows how to create and attach an Internet Gateway to a VPC, then update routing so public subnet resources can access the internet.
Execution Sample
AWS
resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_internet_gateway" "gw" {
  vpc_id = aws_vpc.main.id
}

resource "aws_route_table" "public" {
  vpc_id = aws_vpc.main.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.gw.id
  }
}
This code creates a VPC, an Internet Gateway attached to it, and a route table with a route sending all internet traffic to the gateway.
Process Table
StepActionResource Created/UpdatedState ChangeResult
1Create VPCaws_vpc.mainVPC with CIDR 10.0.0.0/16 createdVPC ready
2Create Internet Gatewayaws_internet_gateway.gwIGW created but not attachedIGW exists
3Attach IGW to VPCaws_internet_gateway.gwIGW attached to VPCVPC has IGW
4Create Route Tableaws_route_table.publicRoute table created for VPCRoute table ready
5Add Route 0.0.0.0/0 -> IGWaws_route_table.publicRoute added to send all traffic to IGWPublic route active
6Associate Route Table with Subnetaws_route_table_association.public_assocSubnet uses public route tableSubnet routes internet traffic
7Launch Public ResourcesEC2 instances in public subnetResources get public IP and routeResources have internet access
8End--Internet Gateway setup complete
💡 All steps complete, public subnet resources can access the internet via the Internet Gateway
Status Tracker
VariableStartAfter Step 1After Step 3After Step 5After Step 7Final
VPCNoneCreated with CIDR 10.0.0.0/16Attached IGWRoute table createdSubnet associatedReady with IGW and routes
Internet GatewayNoneCreatedAttached to VPCRoute added to route tableUsed by subnetActive for internet access
Route TableNoneNoneCreatedRoute 0.0.0.0/0 -> IGW addedAssociated with subnetRoutes internet traffic
SubnetNoneNoneNoneNoneCreated and associatedPublic subnet with internet access
Key Moments - 3 Insights
Why do we need to attach the Internet Gateway to the VPC?
Attaching the Internet Gateway to the VPC (Step 3) connects the VPC to the internet. Without this, the gateway exists but cannot route traffic for the VPC, so public access won't work.
What happens if we don't add the route 0.0.0.0/0 to the Internet Gateway?
Without the route (Step 5), the subnet's traffic won't know to use the Internet Gateway to reach the internet. So even if the gateway is attached, resources won't have internet access.
Why associate the route table with the subnet?
Associating the route table with the subnet (Step 6) tells the subnet to use the routes defined, including the internet route. Without this, the subnet uses the default route table which may not have internet access.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, at which step is the Internet Gateway attached to the VPC?
AStep 2
BStep 5
CStep 3
DStep 6
💡 Hint
Check the 'Action' and 'State Change' columns in the execution table rows.
According to the variable tracker, what is the state of the Route Table after Step 5?
ARoute 0.0.0.0/0 -> IGW added
BRoute table created with no routes
CRoute table associated with subnet
DRoute table deleted
💡 Hint
Look at the 'Route Table' row under 'After Step 5' in the variable tracker.
If the route 0.0.0.0/0 -> IGW was missing, what would be the result?
AInternet Gateway would not be created
BSubnet traffic would not reach the internet
CResources still have internet access
DVPC would be deleted
💡 Hint
Refer to the key moment about the importance of the route in the execution table step 5.
Concept Snapshot
Internet Gateway connects a VPC to the internet.
Create IGW, attach to VPC.
Add route 0.0.0.0/0 in route table pointing to IGW.
Associate route table with public subnet.
Resources in subnet get internet access.
Full Transcript
This visual execution shows how to set up an Internet Gateway for public access in AWS. First, a VPC is created with a CIDR block. Then an Internet Gateway is created and attached to the VPC. A route table is created and a route is added to send all internet traffic (0.0.0.0/0) to the Internet Gateway. This route table is associated with a public subnet. Finally, resources launched in this subnet receive public IPs and can access the internet through the Internet Gateway. Key points include attaching the gateway to the VPC, adding the correct route, and associating the route table with the subnet to enable internet access.

Practice

(1/5)
1. What is the main purpose of an Internet Gateway in AWS?
easy
A. To allow communication between a VPC and the internet
B. To store data securely in the cloud
C. To manage user permissions in AWS
D. To create private subnets within a VPC

Solution

  1. Step 1: Understand the role of an Internet Gateway

    An Internet Gateway is a component that connects a Virtual Private Cloud (VPC) to the internet, enabling resources in the VPC to access or be accessed from the internet.

  2. Step 2: Identify the correct purpose

    Among the options, only allowing communication between a VPC and the internet matches the Internet Gateway's function.

  3. Final Answer:

    To allow communication between a VPC and the internet -> Option A

  4. Quick Check:

    Internet Gateway = Connects VPC to internet [OK]
Hint: Internet Gateway connects VPC to internet, not storage or permissions [OK]
Common Mistakes:
  • Confusing Internet Gateway with storage services
  • Thinking it manages user permissions
  • Assuming it creates private subnets
2. Which AWS resource must an Internet Gateway be attached to for it to provide internet access?
easy
A. An EC2 instance
B. A Virtual Private Cloud (VPC)
C. An S3 bucket
D. A Security Group

Solution

  1. Step 1: Identify the attachment requirement of an Internet Gateway

    An Internet Gateway must be attached to a VPC to enable internet access for resources inside that VPC.

  2. Step 2: Match the correct AWS resource

    Among the options, only a VPC is the correct resource to attach an Internet Gateway to.

  3. Final Answer:

    A Virtual Private Cloud (VPC) -> Option B

  4. Quick Check:

    Internet Gateway attaches to VPC [OK]
Hint: Internet Gateway attaches only to VPC, not instances or buckets [OK]
Common Mistakes:
  • Trying to attach Internet Gateway directly to EC2
  • Confusing with storage like S3 buckets
  • Thinking it attaches to Security Groups
3. Given the following AWS setup, what will happen if the Internet Gateway is not attached to the VPC?
VPC: vpc-1234
Internet Gateway: igw-5678 (created but not attached)
EC2 Instance: in public subnet with route to igw-5678
medium
A. The EC2 instance will not have internet access
B. The EC2 instance will be terminated automatically
C. The EC2 instance will have internet access
D. The EC2 instance will have internet access only for outbound traffic

Solution

  1. Step 1: Understand Internet Gateway attachment requirement

    An Internet Gateway must be attached to the VPC to enable internet traffic flow. Without attachment, the gateway is inactive for that VPC.

  2. Step 2: Analyze the effect on EC2 instance

    Even if the route table points to the Internet Gateway, since it is not attached, the EC2 instance cannot send or receive internet traffic.

  3. Final Answer:

    The EC2 instance will not have internet access -> Option A

  4. Quick Check:

    Internet Gateway unattached = no internet access [OK]
Hint: Internet Gateway must be attached to VPC for internet access [OK]
Common Mistakes:
  • Assuming route table alone enables internet
  • Thinking instance auto-terminates without internet
  • Believing outbound-only access works without attachment
4. You created an Internet Gateway and attached it to your VPC, but your EC2 instance in the public subnet still cannot access the internet. What is the most likely cause?
medium
A. The Internet Gateway is not attached to the VPC
B. The EC2 instance is stopped
C. The route table for the subnet does not have a route to the Internet Gateway
D. The security group allows all traffic

Solution

  1. Step 1: Confirm Internet Gateway attachment

    The question states the Internet Gateway is attached to the VPC, so this is not the issue.

  2. Step 2: Check route table configuration

    For internet access, the subnet's route table must have a route directing 0.0.0.0/0 traffic to the Internet Gateway. Missing this route blocks internet access.

  3. Final Answer:

    The route table for the subnet does not have a route to the Internet Gateway -> Option C

  4. Quick Check:

    Route table missing IGW route = no internet [OK]
Hint: Check route table for 0.0.0.0/0 route to IGW [OK]
Common Mistakes:
  • Ignoring route table routes
  • Assuming attachment alone grants internet
  • Confusing security group rules with routing
5. You want to provide internet access to instances in a public subnet of your VPC. Which combination of steps is required to achieve this?
hard
A. Create a VPN connection and update the route table to route 0.0.0.0/0 to the VPN
B. Create a NAT Gateway, attach it to the VPC, and assign private IPs to instances
C. Attach an Internet Gateway to the subnet directly and assign Elastic IPs to instances
D. Create and attach an Internet Gateway to the VPC, update the subnet's route table to route 0.0.0.0/0 to the Internet Gateway, and ensure instances have public IPs

Solution

  1. Step 1: Attach Internet Gateway to VPC

    Internet Gateway must be created and attached to the VPC to enable internet connectivity.

  2. Step 2: Update subnet route table

    The route table for the public subnet must have a route sending all internet-bound traffic (0.0.0.0/0) to the Internet Gateway.

  3. Step 3: Assign public IPs to instances

    Instances need public IP addresses to communicate over the internet directly.

  4. Final Answer:

    Create and attach an Internet Gateway to the VPC, update the subnet's route table to route 0.0.0.0/0 to the Internet Gateway, and ensure instances have public IPs -> Option D

  5. Quick Check:

    IGW + route + public IP = internet access [OK]
Hint: Internet Gateway + route + public IP = public internet access [OK]
Common Mistakes:
  • Confusing NAT Gateway with Internet Gateway for public subnet
  • Trying to attach IGW to subnet directly
  • Forgetting to assign public IPs to instances