Consider following scenario: There is a VPC with public subnet. It has a default route table. The instances present in the subnet have elastic ip addresses. The route table associated to this subnet has rules that will allow HTTP traffic to and from the instances in the subnet. This is sufficient for the instances in the subnet to hit internet and vice versa. Then why we need another device called Internet Gateway? If the route table, Network ACL, Security Group are in place for a subnet, what is that additional thing an Internet Gateway is doing?
Thanks, Nilesh
CodePudding user response:
The route table associated to this subnet has rules that will allow HTTP traffic to and from the instances in the subnet. This is sufficient for the instances in the subnet to hit internet and vice versa.
No, that is not sufficient. If you did not have a route to an internet gateway in the route table associated with the subnet, the instances would not be able to talk to the internet (regardless of whether they had a public ip or not).
For connectivity to the internet, you either need an internet gateway or a NAT gateway.