A NAT gateway works well to provide outgoing-only internet access to the private IPv4 resources, but what if we want the IPv6 resources to have outgoing-only internet access?

AWS IPv6 addresses are global unicast addresses and are publicly routable by default; therefore, there is no concept of private IPv6 addresses in AWS. We can use an egress-only internet gateway to allow outgoing-only internet access from an IPv6 resource while disregarding all incoming requests from the internet.

A single egress-only internet gateway can only be attached to one Virtual Private Cloud (VPC) and vice versa. It is a regional resilient service that serves in all Availability Zones, thereby ensuring high availability.

Steps to create an egress-only internet gateway

The steps to create an egress-only internet gateway and associate it with a private IPv6 subnet’s route table are as follows:

  1. Create an egress-only internet gateway.

  2. Add the route to the private subnet’s route table.

Create an egress-only internet gateway

An egress-only internet gateway only works with IPv6 resources; ensure that the VPC has an IPv6 CIDR associated with it in order to create IPv6 resources within the subnet.

The following command can be used to create an egress-only internet gateway:

Get hands-on with 1200+ tech skills courses.