How-To

How To Provide Internet Connectivity to AWS VPCs, Part 2

In the second part of the series, Brien Posey shows how to manually create an Internet gateway and associate it with a VPC.

• By Brien Posey
• 04/23/2018

In my first article, I explained the role of an Internet gateway in an Amazon Web Services (AWS) environment and I showed you how to tell whether or not an Internet gateway would be associated with a VPC. In this post, I want to continue the discussion by showing you how to manually create an Internet gateway and associate it with a VPC.

Create an Internet Gateway
In some real-world situations the creation of an Internet gateway is tied to the creation of a subnet. If you think back to the previous article, however, you'll recall that I created a new VPC and defined a subnet (a CIDR range) as part of the creation process. Because this subnet already exists, I'm going to use it as the basis for my new Internet gateway. If, however, you need additional subnets, then AWS will certainly allow you to create them.

To get started, open the VPC Dashboard and then click on the Internet Gateways tab. From there, click on the Create Internet Gateway button. This takes you to the Create Internet Gateway screen. As you can see in Figure 1, the only thing that you have to do on this screen is to enter a name for the gateway that you're creating, and then click on the Create button.

After a few seconds, you should see a message telling you that the gateway was created. Click the Close button to return to the Internet Gateways screen. As you can see in Figure 2, my new gateway (which I called Custom Gateway) was created, but it's currently in a detached state. In other words, the new gateway exists, but it doesn't do anything yet.

Attaching the Internet Gateway to a VPC
Because the newly created Internet gateway isn't yet connected to anything, the next step in the process is to attach it to a VPC. To do so, select the Internet gateway (as shown in Figure 2), and then choose the Attach to VPC command from the Actions menu. This will take you to the Attach to VPC screen shown in Figure 3. Just select the VPC that you want to use, as I have done, and click the Attach button. After a few seconds, you should be taken back to the Internet Gateways screen, and you should see that the gateway's state is now listed as Attached, as shown in Figure 4.

Modifying the Routing Table
When you create a VPC, a routing table is automatically created. This routing table automatically points to any new subnets that you add to the VPC. It does not, however, contain a route to the Internet gateway. For that, you're going to have to create a custom routing table. Fortunately, this is easier to do than it sounds.

Select the Route Tables tab and click on the Create Route Table button. Next, enter a name for the new routing table, and select a VPC, as shown in Figure 5. Click the create button to create the new routing table.

Once the new routing table is created, select it, and then select the Routes tab at the bottom of the screen. Click the Edit button, followed by the Add Another Route button. Now, enter 0.0.0.0/0 into the Destination field, and select the Internet gateway ID in the Target field, as shown in Figure 6. Now, click the Save button.

If there are any subnets for which you want to provide Internet access, you'll need to explicitly associate those subnets. To do so, go to the Subnet Associations tab, and click the Edit button. Select the Associate checkbox for each subnet, and click Save.

Wrapping Up
As you can see, it's relatively easy to create an Internet gateway and link it to a VPC. Keep in mind, however, that there is still a bit of work that will need to be done before EC2 instances within the VPC will be able to access the Internet. Specifically, you may need to assign a new IP address to the EC2 instance, and you'll need to check your port rules to ensure that Internet traffic is allowed.