Internet Gateway, NAT, and Routing

Connectivity is controlled through route tables.

Every subnet is associated with a route table. A route table defines where traffic is sent.

Internet Gateway (IGW):

• Enables inbound and outbound internet access.
• Must be attached to the VPC.
• Public subnets route 0.0.0.0/0 to the IGW.

NAT Gateway:

• Allows private subnets to access the internet outbound only.
• Prevents inbound internet traffic.
• Deployed inside a public subnet.

Architectural importance:

Public-facing resources (like load balancers) live in public subnets. Application servers and databases live in private subnets.

This layered structure:

Internet → Load Balancer → Application → Database

Routing enforces traffic flow control.

Production insights:

• Deploy a NAT Gateway per AZ for high availability.
• Avoid placing databases in public subnets.
• Use explicit route table separation for clarity.

In this section, I learned:

0 of 4 completed

How route tables workWhat an Internet Gateway doesWhat a NAT Gateway doesWhy private subnets should not have direct internet access