Egress Only Internet Gateway: - https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html
- An egress-only Internet gateway is a horizontally scaled,
redundant, and highly available VPC component that allows outbound
communication over IPv6 from instances in your VPC to the Internet and prevents
the Internet from initiating an IPv6 connection with your instances.
- Example: private subnet w IPv6 wants to access internet:
- In IPv4 - this would require a NAT g/w
- In IPv6 - an Egress-only Intertext g/way is created
- A route in a Route Table for the Gateway needs to be added: ::/0->eigw-xxx
- The gateway is stateful – if request went out, response will be
allowed back in.
- Requests originated on internet are not allowed
- Only one EGW per VPC is allowed
- EGW doesn’t have a concept of a Security Groups – use Route tables and
NACLs on your VPC
No comments:
Post a Comment