Cloud Gateway
A gateway refers to the route that instances within a VPC subnet use to establish communications with other subnets in the same VPC, subnets in other VPCs, or over the Internet.
- Each subnet within a VPC can either be private or public
- To configure a public subnet:
- Internet gateway (virtual router) must be attached to the VPC configuration
- performs 1:1 NAT to route traffic
- Internet gateway must be configured as the default route for each public subnet
- if default route is not configured
- subnet remains private
- if default route is not configured
- Internet gateway (virtual router) must be attached to the VPC configuration
Info
- The instance network interface is not configured with this public IP address
- configured with an IP address for the subnet
- The public address is used by the virtualization management layer only
- Public IP addresses can be assigned from
- your own pool
- from a CSP-managed service
- e.g., Amazon’s Elastic IP
- Other ways to provision external connectivity for a subnet:
- NAT gateway
- allows an instance to connect out to the Internet or to other AWS services
- does not allow connections initiated from the Internet
- VPN
- various options to establish connections
- using VPNs are software-layer
- or CSP-managed features
- various options to establish connections
- NAT gateway
Info
- Internet gateway and a NAT gateway use NAT, but in different ways
- Internet gateway
- is a two-way gateway
- requires the VM to be associated with a public IP address instance
- NAT gateway
- is a one-way (outbound only) gateway
- does not require the VM to be associated with a public IP