Internet Gateways and Route Tables


Getting Started with VPC
Introduction to VPC
Create your first VPC
PREVIEW10m 21s
Advanced concepts
7m 52s
Practical Example
Start course

Amazon VPCs - virtual networks allowing you to to provision a logically isolated section of your cloud where you can deploy AWS resources and have full control over your virtual networking environment - are a cornerstone of AWS computing. VPCs provide unique and customizable IP address ranges, subnets, route tables, and network gateways. They play an important role in a wide range of scenarios, from the complex to the relatively straightforward.

Mastering VPC concepts is not easy, so our expert Linux System Administrator David Clinton created this course to help you to get started. When you're done, you should be able to intelligently integrate VPC configuration into your cloud architecture. You learn about basic VPC usage, how to create a subnet, and how to deploy a whole virtual intranet in your cloud.

Who should take this course

As this is an intermediate to advanced course, you will need some previous experience with AWS to fully understand it. Basic knowledge about EC2 and IAM will be taken for granted, and in particular you should have a good knowledge of the TCP/IP stack to fully appreciate some course elements.

If you'd like to improve your EC2 and general AWS knowledge, check out our other courses. Also, you may want to challenge yourself with our questions if you want to test your knowledge after taking this course.


Hi, and welcome to's video series on VPCs, Amazon's virtual private clouds. In this video, we're gonna talk about internet gateways and routing tables. By default when a VPC is created, it comes with an internet gateway and a routing table that allows internet access from the instances in your VPC out to the internet and back, assuming of course that your security groups and ACL policies allow it. When however you create a new subnet manually, it by default has no access to the internet. That obviously could be a problem. You'll therefore have to make sure that a routing table exists, and that that routing table is pointed to an internet gateway. Let's see how you do that. Let's take a look at our VPCs, and let us display only the myvpc VPC. Let's take a look at Internet Gateways. There is one internet gateway that exists so far.

Its address, its ID is igw, igw obviously stands for internet gateway, 74ca1d11. We don't have to memorize that.

In fact, we don't even have to copy and paste it somewhere safe, even though we're gonna use it later, because Amazon knows what we're after by and large. Sometimes that could be a bit spooky, but Amazon does tend to know what we want. Let's now take a look at the route tables as they exist right now. There are two. There's one that's associated with a subnet that is not the main routing table. The second one, rtb-f06, is the main routing table.

That's the one that was created with the VPC. But it currently has no association with an internet gateway. Let's take a look at its routes, and we see that any traffic to destination, that is to anywhere besides the local network, will end up in a black hole, meaning it doesn't go anywhere. It's not currently associated with an IG, with an internet gateway. Let's now create a subnet. Create a new subnet. Let's name it newnet. We'll of course associate it with this VPC. Its availability zone is no preference to us.

And the CIDR block, that is the subnet address, we will make that 10.0.3, because the other two subnets in this VPC are .0 and .1. We'll go with .3, it could have been .2. .0 I should say / 24. Let's create.

The new subnet exists. Let's take a look at its routing table. It doesn't go anywhere. Just like the subnet that wasn't associated with an internet gateway we saw previously, that is the private subnet. This one also, its destination, that is any traffic going out anywhere else besides the local network will end up effectively nowhere. That doesn't do us a lot of good. So let's create a new route table. Create Route Table.

We'll call it newtable. We will of course associate it with the VPC, myvpc. Let's click on Subnet Associations. We see our new network, newnet is there but it's not yet associated with any routing table and especially not this one. Let's change that. Let us associate newnet, our new subnet with this routing table.

Successful. Now let's go back to our subnet, newnet. Click on routing table. And we see that it is associated with newtable. And you see here again another proof that naming your devices is very useful. When you have to look or choose from a long list of obscure IDs, a human readable name can actually make a big difference. So we now have a new subnet.

It is associated with a routing table. Let's take another look at the routing table. Click on routes, edit. Then let's add this internet gateway. We will create as a destination all destinations, We'll click outside the box, and save. And we now have a new subnet.

The subnet is associated with a routing table called newtable. And the routing table newtable is associated in turn with the internet gateway, 74ca1d11, which will get us out to the internet, and get anything out on the internet that we'd like back to us. Assuming of course that this is all in conformance with the policies of our security groups and ACLs.

About the Author
David Clinton
Linux SysAdmin
Learning Paths

David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.

Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.

Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.

His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.