Lab Steps

Logging in to the Amazon Web Services Console
Creating a VPC
Creating a VPC Internet Gateway
Creating a Public Subnet
Creating a Bastion Host
Creating a Private Subnet
Creating a Network ACL for a Private Subnet
Adding Rules to a Private Network ACL
Launching an EC2 Instance on a Private Subnet
Launching a Network Address Translation (NAT) instance
Testing access of Private Subnet Instances
Highlights of Securing your VPC
Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.


An Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. It imposes no availability risks or bandwidth constraints on your network traffic. An Internet gateway serves two purposes:

  1. Provide a target in your VPC route tables for Internet-routable traffic
  2. Perform network address translation (NAT) for instances that have been assigned public IP addresses. (Note: It does not do this for instances with private IP addresses.)

You can create a new Internet Gateway for your previously created VPC using the AWS Management Console.



1. From the VPC Dashboard, click Internet Gateways in the left navigation pane. The Internet Gateways page lists all previously created gateways:


 Note: Your student account may already have an Internet gateway. If it does, it is likely attached to a default VPC. Regardless, this Lab Step will walk you through creating your own.


2. Click Create Internet Gateway to begin creating a new gateway. Creating a gateway is a one step operation. You only need to choose a meaningful name.

  • Name tag: Enter labs-gw


 Click Create Internet Gateway when ready to proceed. The State of your Internet Gateway will be detached to start. Now you need to attach the new gateway to the VPC you created earlier.


3. Click ActionsAttach to VPC.


4. In the Attach to VPC form, select the cloudacademy-labs VPC from the drop-down menu:


Note: The ID of your VPC will differ slightly. 

An Internet Gateway can only be attached to one VPC. Therefore, even if you have another Internet Gateway, and it's already attached to the default VPC, the drop-down menu when attaching your Internet Gateway will only include the detached VPC.

Click Attach Internet Gateway when ready to proceed.


5. View the Summary tab. Your new Internet Gateway is attached and available to be used by EC2 instances of the attached VPC:




In this Lab Step you created an Internet Gateway, and attached it to the VPC that you created earlier. Instances in the public subnet will route traffic destined for the public internet through the internet gateway. If you think back to the lab environment diagram on the lab landing page, so far you have created the VPC and the Internet Gateway. You will continue creating other resources from the diagram, mostly in a left-to-right fashion. That is, next you will create a public subnet (and resources within it), then a private subnet (and resources within it). However, the NAT instance in the public subnet will be created last.

Validation checks
Attached Internet Gateway

Attached the Internet Gateway to the non-default VPC

Networking for AWS