Create An Egress Only Internet Gateway

Create An Egress Only Internet Gateway

Create an egress only internet gateway

Hello Everyone

Welcome to CloudAffaire and this is Debjeet

In the last blog post, we have enabled internet connection to our IPv6 subnet.

https://cloudaffaire.com/connect-to-an-ipv6-subnet/

In this blog post, we are going to configure create egress only internet gateway to enable only outbound internet access to our IPv6 subnet. Below is the configuration diagram for this demo.

Create an egress only internet gateway

Create an egress only internet gateway

Step 1: Login to AWS console and navigate to ‘VPC’.

Create an egress only internet gateway

Step 2: Navigate to ‘Egress Only Internet Gateways’ and click ‘Create Egress Only Internet Gateway’.

Create an egress only internet gateway

Note: Egress only internet gateway only supports IPv6 address and used for outbound only internet access.

Step 3: Select your VPC and click ‘Create’.

Create an egress only internet gateway

One success message will be displayed, click ‘Close’.

Create an egress only internet gateway

Our Egress only internet gateway successfully created. Click ‘Close’.

Create an egress only internet gateway

Next, we are going to create a custom route table for this egress only internet gateway.

Step 4: Navigate to ‘Route Tables’ and click ‘Create route table’.

Create an egress only internet gateway

Provide a name and VPC for the route table and click ‘Create’.

Create an egress only internet gateway

One success message will be displayed, click ‘Close’.

Create an egress only internet gateway

Next, we are going to explicitly associate our IPv6 subnet (subnet 3) to this new route table.

Step 5: Select the new route table and click ‘Edit subnet associations’ located under ‘Subnet Associations’.

Create an egress only internet gateway

Select the IPv6 subnet and click ‘Save’.

Create an egress only internet gateway

IPv6 subnet (subnet 3) successfully associated with the new route table.

Create an egress only internet gateway

Next, we are going to create route entry for our egress only internet gateway in this route table.

Step 6: Click ‘Edit routes’ located under ‘Routes’.

Create an egress only internet gateway

Click ‘Add route’ and from the drop down select egress only internet gateway as the target. The destination will be ::/0. Click ‘Save routes’.

Create an egress only internet gateway

One success message will be displayed, click ‘Close’.

Create an egress only internet gateway

New route entry successfully created for the egress only internet gateway.

Create an egress only internet gateway

Next, we will check both outbound and inbound internet access.

Step 7: Connect to the instance3 from instance2 using putty with agent forwarding and ping www.google.com using ping6

Create an egress only internet gateway

Note: Outbound internet connection established with the instance.

Next, we will check the inbound internet access

IPv6 address is public address by default and can be accessed from anywhere in the world. But in order to access IPv6 address, you need your own IPv6 address in your host system. Unfortunately, our ISP doesn’t support IPv6 yet. Hence we will test the IPv6 address connectivity form an online site. http://www.ipv6now.com.au/pingme.php

Step 8: Open the above link in your browser. Provide your IPv6 address in the box and click ‘Ping now’.

Create an egress only internet gateway

Note: Inbound internet access disabled for the EC2 instance.

Cleanup: Delete your EC2 instances and VPC.

Create an egress only internet gateway

Hope you have enjoyed this blog post. In the next blog post, we are going to start with endpoints.

To get more details on VPC, please refer below AWS documentation

https://docs.aws.amazon.com/vpc/index.html

 

Leave a Reply

Close Menu