This article explains how Internet Gateways provide internet access for subnets in an AWS VPC, converting private subnets into public ones.

In this lesson, we'll explore how Internet Gateways enable internet access for subnets in an Amazon Virtual Private Cloud (VPC), effectively converting private subnets into public ones.

By default, all newly created subnets are private: instances cannot reach the internet, nor can external clients initiate connections to them. Attaching an Internet Gateway to your VPC and updating route tables provides the necessary ingress and egress paths for internet communication.

Key Characteristics of Internet Gateways¶

Internet Gateways are highly available within an AWS region and handle both ingress and egress traffic for your VPC.

Steps to Make a Subnet Public¶

1. Create an Internet Gateway bash theme={null} aws ec2 create-internet-gateway
2. Attach the Internet Gateway to Your VPC bash theme={null} aws ec2 attach-internet-gateway \ --internet-gateway-id igw-0123456789abcdef0 \ --vpc-id vpc-0abcdef1234567890
3. Create a Custom Route Table bash theme={null} aws ec2 create-route-table --vpc-id vpc-0abcdef1234567890
4. Add a Default Route (0.0.0.0/0)\ Point to the Internet Gateway: bash theme={null} aws ec2 create-route \ --route-table-id rtb-0abcdef1234567890 \ --destination-cidr-block 0.0.0.0/0 \ --gateway-id igw-0123456789abcdef0
5. Associate the Public Subnet with the Custom Route Table bash theme={null} aws ec2 associate-route-table \ --subnet-id subnet-01234abcde5678fgh \ --route-table-id rtb-0abcdef1234567890

The default route (0.0.0.0/0 → igw-xxxxxxxx) ensures that any traffic not matching more specific routes is forwarded to the Internet Gateway. Associating your subnet with this route table makes it a public subnet, enabling instances to send and receive internet traffic.

Public IP Assignment¶

Instances in a public subnet only receive a private IP address (e.g., 192.168.1.1) by default. To allow access from the internet, enable Auto-assign Public IPv4 address on the subnet or assign a public IP when launching the instance. This allocates a public IP (e.g., 1.1.1.1) and automatically maps it to the private IP.

From the instance’s perspective:

• Incoming requests target the public IP.
• AWS Network Address Translation (NAT) translates the public IP to the instance’s private IP.
• The instance processes traffic using its private IP, unaware of the public endpoint.

If an instance has multiple Elastic Network Interfaces (ENIs), each interface can have its own public IP address mapped to a private IP. AWS uses these mappings to direct internet traffic to the correct interface.

Summary¶

References¶

• AWS Internet Gateways
• AWS VPC Documentation
• Amazon EC2 User Guide

Quand on créer un subnet par défault il est private (Ce qui est créer dans le subnet n'as pas accès à internet) Il faut créer une internetGateway attach to vpc couvre toutes les AZ public associate to the private ip of the instances/object

• Enable resources to connect to internet
• Internet Gateways attach to a VPC and are region resilient
• VPC can only have max 1 internet gateway, and an internet gateway can only be attached to max 1 VPC
• A subnet is made public once a default route points to the internet gateway in the VPC

This tutorial explains how to convert a private subnet into a public subnet by attaching an Internet Gateway and updating the route table.

In this tutorial, you’ll convert a private subnet into a public subnet by attaching an Internet Gateway and updating the route table. After completing these steps, any EC2 instance launched in your public subnet will have Internet access.

Overview¶

Prerequisites¶

• An AWS account with permissions to manage VPCs and EC2.
• A generated SSH key pair (for example, aws-demo.pem).

You can refer to the AWS VPC Documentation for more details on VPC components.

1. Create a VPC and Public Subnet¶

1. In the AWS Console, go to VPC > Your VPCs and click Create VPC.
2. Set the IPv4 CIDR block to 10.0.0.0/16. Optionally add an IPv6 block.
3. Click Create VPC.

1. Navigate to Subnets > Create subnet:
2. Name tag: public-subnet
3. VPC: your newly created VPC
4. IPv4 CIDR block: 10.0.1.0/24
5. Click Create subnet.

2. Launch an EC2 Instance in the Public Subnet¶

1. Open EC2 Console > Instances > Launch instances.
2. For Name, enter my-public-server.
3. Choose Amazon Linux 2023 under Application and OS Images (AMI).

1. Select the t2.micro instance type (free tier).
2. Under Key pair, choose aws-demo.pem.
3. Expand Network settings > Edit and configure:
4. VPC: your new VPC
5. Subnet: public-subnet
6. Auto-assign public IP: Enable

1. Under Security group, allow SSH (port 22) from 0.0.0.0/0. Optionally add ICMP for ping.

1. Click Launch instance and wait for it to switch to running.

3. Verify Default Connectivity (Should Fail)¶

After your instance is running, copy its public IP (example: 54.159.89.36) and test connectivity:

```bash theme={null} ping 54.159.89.36 ssh -i aws-demo.pem ec2-user@54.159.89.36

Connection hangs.¶

By default, there’s no Internet route, so the instance remains unreachable despite having a public IP.

***

## 4. Create and Attach an Internet Gateway

1. In the **VPC Console**, select **Internet Gateways** and click **Create internet gateway**.
   * **Name tag**: `my-internet-gateway`
2. Click **Create internet gateway**.
3. Select the newly created gateway, choose **Actions > Attach to VPC**, and select your VPC.

<Frame>
  ![The image shows an AWS Management Console screen displaying details of a newly created subnet within a Virtual Private Cloud (VPC). The subnet is listed as available with its associated VPC and IPv4 CIDR block.](https://kodekloud.com/kk-media/image/upload/v1752863231/notes-assets/images/AWS-Networking-Fundamentals-Internet-Gateway-Demo/aws-management-console-subnet-details-vpc.jpg)
</Frame>

<Frame>
  ![The image shows an AWS Management Console screen displaying details of an internet gateway that is successfully attached to a VPC. It includes information such as the gateway ID, state, VPC ID, and tags.](https://kodekloud.com/kk-media/image/upload/v1752863232/notes-assets/images/AWS-Networking-Fundamentals-Internet-Gateway-Demo/aws-management-console-internet-gateway-vpc.jpg)
</Frame>

> Pinging still fails because the route table isn’t updated yet.

***

## 5. Configure the Route Table for Internet Access

1. Go to **VPC > Route Tables** and click **Create route table**.
   * **Name tag**: `public-route-table`
   * **VPC**: your demo VPC
2. Click **Create route table**.
3. Select the new route table, open **Subnet associations**, click **Edit subnet associations**, check `public-subnet`, and save.

<Frame>
  ![The image shows an AWS VPC management console displaying a list of subnets and details of a selected subnet's route table. The interface includes subnet names, IDs, states, and associated VPCs.](https://kodekloud.com/kk-media/image/upload/v1752863233/notes-assets/images/AWS-Networking-Fundamentals-Internet-Gateway-Demo/aws-vpc-management-console-subnets.jpg)
</Frame>

4. In the **Routes** tab, click **Edit routes** > **Add route**:
   * **Destination**: `0.0.0.0/0`
   * **Target**: `my-internet-gateway`
5. Save the route.

<Frame>
  ![The image shows an AWS Management Console screen displaying details of a route table within a Virtual Private Cloud (VPC). It includes route information and subnet associations.](https://kodekloud.com/kk-media/image/upload/v1752863235/notes-assets/images/AWS-Networking-Fundamentals-Internet-Gateway-Demo/aws-management-console-route-table-vpc.jpg)
</Frame>

***

## 6. Test Internet Connectivity (Should Succeed)

Now retry ping and SSH using the public IP:

```bash  theme={null}
ping 54.159.89.36
ssh -i aws-demo.pem ec2-user@54.159.89.36
# Welcome to your public EC2 instance!

Congratulations! Your public-subnet is now internet-enabled, and any EC2 instances launched into it can be accessed from the Internet.

Additional Resources¶

• AWS VPC User Guide
• AWS EC2 User Guide