Subnet,Internet Gateway

Here’s the best point-wise summary of Amazon VPC from your text:

Amazon VPC Overview

• Amazon VPC (Virtual Private Cloud) = your own logically isolated virtual network inside AWS.
• Comparable to having your own data center within AWS.
• Provides full control over networking (IP ranges, subnets, route tables, gateways).
• Each VPC is logically isolated from other VPCs.
• VPCs are region-wide.

Default VPC

• Created automatically for each account when EC2 resources are first provisioned.
• Exists in each region with one subnet per AZ.
• Default VPC = all-public subnets.
• Public subnet requirements:
  
  • “Auto-assign public IPv4 address” = Yes.
  • Subnet route table attached to an Internet Gateway.
• Instances in the default VPC get both public and private IPs.

VPC Limits & Tenancy

• Default limit = 5 VPCs per region (can be increased).
• Dedicated tenancy option = ensures instances launch on dedicated hardware (overrides instance-level setting).

Availability Zones (AZs)

• AZ names (e.g., ap-southeast-2a) are mapped differently for each user (not consistent across accounts).

Core VPC Components

• VPC → Isolated virtual network, user-defined IP address space.
• Subnet → Segment of VPC IP range; maps 1:1 with an AZ.
• Internet Gateway (IGW) → VPC’s connection to the Internet.
• NAT Gateway → Managed NAT service for private subnets to access the Internet.
• Hardware VPN Connection → VPN between VPC and on-premises datacenter/home/colo.
• Virtual Private Gateway (VGW) → AWS side of VPN connection.
• Customer Gateway (CGW) → On-premises side of VPN connection.
• Router → Directs traffic between subnets, IGW, NAT, and VPN gateways.
• Peering Connection → Enables traffic between two VPCs via private IPs.
• VPC Endpoints → Private connectivity to AWS services (no IGW/VPN/NAT required).
• Egress-only Internet Gateway → Outbound-only gateway for IPv6 traffic.

VPC Connectivity Options

1. Hardware VPN (Site-to-Site)
2. AWS Direct Connect
3. VPN CloudHub
4. Software VPN

Hands-On Learning

• AWS Hands-On Labs tutorial demonstrates:
  
  • Creating a custom VPC.
  • Adding subnets, route tables, and Internet Gateways.
  • Launching EC2 instances in the new VPC.
  • Testing connectivity.

Great question 👍 Let’s go step by step and make Internet Gateway (IGW) super clear, with simple examples and a diagram.

🔹 What is an Internet Gateway?

• An Internet Gateway (IGW) is a horizontally scaled, redundant, and highly available AWS component that connects your VPC to the Internet.
• It allows:
  
  1. Outbound traffic from VPC resources (e.g., EC2 → Internet).
  2. Inbound traffic from the Internet (e.g., Internet → EC2).
• Without an IGW, resources in your VPC cannot communicate with the Internet, even if they have public IPs.

🔹 How It Works (Beginner View)

1. You create a VPC (your own private network inside AWS).
2. You add subnets (smaller networks inside the VPC).
3. You attach an Internet Gateway to the VPC.
4. In the Route Table of a subnet, you add a route:
   
   • 0.0.0.0/0 → Internet Gateway
     (this means “send all Internet traffic through IGW”).
6. Instances in that subnet with public IP addresses can now send/receive Internet traffic.

🔹 Example

Scenario:

• You have an EC2 instance running a web server in a public subnet.
• You want people on the Internet to access it using a browser.

Steps:

1. Create VPC → 10.0.0.0/16.
2. Create a public subnet → 10.0.1.0/24.
3. Launch an EC2 instance in that subnet.
4. Attach an Internet Gateway to the VPC.
5. Update the subnet’s Route Table:
   
   • Add route: 0.0.0.0/0 → IGW.
7. Assign a public IP or Elastic IP to the EC2 instance.
8. Now:
   
   • You can SSH from your laptop into the EC2.
   • Users can access the EC2’s public IP via a browser.

🔹 Key Points

• Public subnet = subnet that has a route to IGW.
• Private subnet = subnet without a route to IGW (e.g., database servers).
• Security Groups + NACLs also control what traffic is allowed in/out.
• IGW is free of cost (you only pay for the traffic, not the gateway itself).

🔹 Diagram (Simple)

                 Internet

                    |

             +—————+

             | Internet GW   |

             +—————+

                     |

              (Route: 0.0.0.0/0)

                     |

              +—————+

              | Public Subnet |

              +—————+

                     |

             +—————–+

             | EC2 Web Server  |

             |  (Public IP)    |

             +—————–+

✅ In short:

An Internet Gateway is the bridge between your AWS VPC and the Internet. Without it, your VPC is fully private.