Egress-Only Internet Gateway Flashcards
What is an Egress-Only Internet Gateway?
An Egress-Only Internet Gateway is a type of network gateway in AWS that allows outbound communication over IPv6 from instances in a VPC to the internet, while preventing the internet from initiating an inbound connection to those instances.
Example sentence: An Egress-Only Internet Gateway is essential for securely enabling outbound IPv6 traffic in AWS.
Why use an Egress-Only Internet Gateway?
It’s used primarily to provide secure internet access for IPv6-enabled resources within a VPC without allowing unsolicited inbound connections, enhancing the security for environments that only need to initiate outbound communications.
Additional information: Egress-Only Internet Gateway helps in maintaining a secure network perimeter in AWS.
What are common use cases for an Egress-Only Internet Gateway?
- Updating Software: Allowing instances to reach out to the internet for updates while maintaining a secure posture against inbound threats.
- Sending Data: For applications that need to push data to other internet services without exposing themselves to incoming connections.
Example sentence: Common use cases for an Egress-Only Internet Gateway include updating software securely and sending data to external services.
How do you configure an Egress-Only Internet Gateway?
- Create Gateway: First, create an Egress-Only Internet Gateway in the VPC.
- Attach to VPC: Attach the gateway to your VPC.
- Route Configuration: Update the route table associated with your VPC subnet to direct all IPv6 traffic to the Egress-Only Internet Gateway.
Example sentence: Configuring an Egress-Only Internet Gateway involves creating the gateway, attaching it to the VPC, and updating the route table.
How does an Egress-Only Internet Gateway compare to a NAT Gateway?
Unlike a NAT Gateway, which supports both IPv4 and IPv6 for outbound traffic but also allows inbound initiated responses, an Egress-Only Internet Gateway supports only IPv6 and strictly blocks all inbound traffic that isn’t a response to a request made by an instance in the VPC.
Additional information: Egress-Only Internet Gateway provides a more secure outbound communication option compared to NAT Gateway in AWS.