The Egress-Only Internet Gateway
Learn how to use an egress-only internet gateway and its benefits.
Introduction
A NAT gateway works well to provide outgoing-only internet access to the private IPv4 resources, but what if we want the IPv6 resources to have outgoing-only internet access?
AWS IPv6 addresses are global unicast addresses and are publicly routable by default; therefore, there is no concept of private IPv6 addresses in AWS. We can use an egress-only internet gateway to allow outgoing-only internet access from an IPv6 resource while disregarding all incoming requests from the internet.
A single egress-only internet gateway can only be attached to one Virtual Private Cloud (VPC) and vice versa. It is a regional resilient service that serves in all Availability Zones, thereby ensuring high availability.
Steps to create an egress-only internet gateway
The steps to create an egress-only internet gateway and associate it with a private IPv6 subnet’s route table are as follows:
Create an egress-only internet gateway.
Add the route to the private subnet’s route table.
Create an egress-only internet gateway
An egress-only internet gateway only works with IPv6 resources; ensure that the VPC has an IPv6 CIDR associated with it in order to create IPv6 resources within the subnet.
The following command can be used to create an egress-only internet gateway:
Get hands-on with 1200+ tech skills courses.