Join Brian Eiler for an in-depth discussion in this video Internet gateways, part of Amazon Web Services: Implementing and Troubleshooting IaaS Products.
- [Instructor] Now that we've seen how to setup a VPC and we have an idea as to what it is, it leaves the question as to how do we get out of the VPC and that depends on where you're going. We're going to look now at internet gateways. An internet gateway is a service within the VPC that allows traffic to communicate with the internet. It supports both IPv4 and IPv6. You can add an internet gateway to your VPC if you would like the machines within that particular VPC to be able to communicate with the internet.
You can only ever have one internet gateway and it's actually shared across all of the availability zones in that particular region. It's considered highly available and redundant and it scales horizontally so we really don't need more than one of these gateways. Internet gateways are often associated with the public IP subnets which is how they maintain their connection to the internet. If you happen to be using IPv6, the machines that you will use will actually have a fully qualified internet address which means that they'll be able to communicate on the internet and people would be able to communicate with them directly because there is no need for network address translation.
In order to solve the problem that it basically creates by allowing people to communicate with your machines, if you would like to masquerade their IP addresses, we can use something called an IPv6 egress-only gateway. What this does is effectively operate in a sense like NAT for IPv4 in that it masquerades the source address of your machines even though they are using IPv6 and they don't normally need any sort of translation, this particular internet gateway protects them, well at least anonymizes them in the sense of it eliminates the possibility of somebody directly communicating with them.
The traffic flowing through is stageful which means that we don't need to set up special rules that allow traffic in and out. The gateway itself knows that if traffic is initiated from one of your IPv6 servers that it's going to allow the replies back in, but it's not going to allow unsolicited connections into those servers. Now like the internet gateway, it scales horizontally as well, highly redundant, and it's highly available.
And again, the big use case for this guy is when you do not want unsolicited inbound communication coming into your IPv6 instances, but yet you still want those IPv6 instances to have access to the internet.
- AWS global infrastructure
- VPC use cases
- EC2 instance types
- EC2 purchasing and troubleshooting
- Creating AMIs
- Using AWS storage solutions such as EBS, EFS, S3, and Glacier
- Versioning and cross-region replication on S3
Skill Level Intermediate
Amazon Web Services: High Availabilitywith Sharif Nijim2h 17m Intermediate
Amazon Web Services: Monitoring and Metricswith Sharif Nijim2h 4m Intermediate
Amazon Web Services: Storage and Data Managementwith Brandon Rich3h 50m Intermediate
Amazon Web Services: Design and Implement Systemswith Lynn Langit2h 51m Intermediate
1. Global Infrastructure
5. AWS Storage
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.