Home › Forums › AWS › AWS Certified Solutions Architect Associate › IGW
-
Considering the use of IGW for inbound and outbound traffic control, it is stated that, in one of the wrong answers, IGW does not control outbound traffic when attached to a public subnet hosting an EC2. Can someone please clear that for me?
Here is the option,
“The option that says: Launch the EC2 instance to a public subnet and attach an Internet Gateway to the VPC to allow outbound IPv6 communication to the internet. Use Traffic Mirroring to set up the required rules for traffic inspection and traffic filtering is incorrect because an Internet Gateway does not limit or control any outgoing IPv6 connection. Take note that the requirement is to prevent the Internet from initiating an inbound IPv6 connection to your instance. This solution allows all kinds of traffic to initiate a connection to your EC2 instance hence, this option is wrong.”
looking at just the part about IGW, I am confused because i googled my question and found this,
“Yes, an Internet Gateway (IGW) in AWS allows you to control both inbound and outbound communication between your VPC and the public internet,..”
Please and Thank You,
-
Hello Toti,
Good day!
Thank you for posting here. Attaching an Internet Gateway to the VPC enables communication between instances in your VPC and the Internet, supporting both IPv4 and IPv6 traffic. When an Internet Gateway is attached to a VPC, it allows instances in public subnets to communicate with the Internet, facilitating both inbound and outbound traffic. However, the security policy requires that inbound IPv6 connections from the Internet be blocked. Simply attaching an Internet Gateway does not provide this level of control without additional configuration.
To fully meet these requirements, you would need to implement significant additional configurations. This makes using an Internet Gateway more complex compared to using an Egress-Only Internet Gateway and AWS Network Firewall, which can meet the requirements with less configuration.
I hope this clarifies things.
Thank you.
Regards,
Neil @ tutorials dojo
-
Thank you very kindly. I think you’ve cleared it for me and if i understood you correctly, i should pay attention to where the instances in the vpc are placed, a public subnet or a private one, that will determine whether inbound or outbound is allowed.
Thank You.
-
Hello Toti,
Good day!
You’re most welcome. Please don’t hesitate to reach out if you ever need assistance or have any questions—we’re always happy to help.
Best regards,
Neil @ Tutorials Dojo
-
Log in to reply.