Create an egress only internet gateway

Hello Everyone

Welcome to CloudAffaire and this is Debjeet

In the last blog post, we have enabled internet connection to our IPv6 subnet.

https://cloudaffaire.com/connect-to-an-ipv6-subnet/

In this blog post, we are going to configure create egress only internet gateway to enable only outbound internet access to our IPv6 subnet. Below is the configuration diagram for this demo.

Create an egress only internet gateway

Step 1: Login to AWS console and navigate to ‘VPC’.

Step 2: Navigate to ‘Egress Only Internet Gateways’ and click ‘Create Egress Only Internet Gateway’.

Note: Egress only internet gateway only supports IPv6 address and used for outbound only internet access.

Step 3: Select your VPC and click ‘Create’.

One success message will be displayed, click ‘Close’.

Our Egress only internet gateway successfully created. Click ‘Close’.

Next, we are going to create a custom route table for this egress only internet gateway.

Step 4: Navigate to ‘Route Tables’ and click ‘Create route table’.

Provide a name and VPC for the route table and click ‘Create’.

One success message will be displayed, click ‘Close’.

Next, we are going to explicitly associate our IPv6 subnet (subnet 3) to this new route table.

Step 5: Select the new route table and click ‘Edit subnet associations’ located under ‘Subnet Associations’.

Select the IPv6 subnet and click ‘Save’.

IPv6 subnet (subnet 3) successfully associated with the new route table.

Next, we are going to create route entry for our egress only internet gateway in this route table.

Step 6: Click ‘Edit routes’ located under ‘Routes’.

Click ‘Add route’ and from the drop down select egress only internet gateway as the target. The destination will be ::/0. Click ‘Save routes’.

One success message will be displayed, click ‘Close’.

New route entry successfully created for the egress only internet gateway.

Next, we will check both outbound and inbound internet access.

Step 7: Connect to the instance3 from instance2 using putty with agent forwarding and ping www.google.com using ping6

Note: Outbound internet connection established with the instance.

Next, we will check the inbound internet access

IPv6 address is public address by default and can be accessed from anywhere in the world. But in order to access IPv6 address, you need your own IPv6 address in your host system. Unfortunately, our ISP doesn’t support IPv6 yet. Hence we will test the IPv6 address connectivity form an online site. http://www.ipv6now.com.au/pingme.php

Step 8: Open the above link in your browser. Provide your IPv6 address in the box and click ‘Ping now’.

Note: Inbound internet access disabled for the EC2 instance.

Cleanup: Delete your EC2 instances and VPC.

Hope you have enjoyed this blog post. In the next blog post, we are going to start with endpoints.

To get more details on VPC, please refer below AWS documentation

https://docs.aws.amazon.com/vpc/index.html