Add egress-only internet access to a subnet
The following tasks describe how to create an egress-only (outbound) internet gateway for your private subnet and to configure routing for the subnet.
Tasks
1. Create an egress-only internet gateway
You can create an egress-only internet gateway for your VPC using the Amazon VPC console.
To create an egress-only internet gateway
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. In the navigation pane, choose Egress Only Internet Gateways.
Choose Create Egress Only Internet Gateway.
-
(Optional) Add or remove a tag.
[Add a tag] Choose Add new tag and do the following:
-
For Key, enter the key name.
-
For Value, enter the key value.
[Remove a tag] Choose Remove to the right of the tag’s Key and Value.
-
-
Select the VPC in which to create the egress-only internet gateway.
-
Choose Create.
2. Create a custom route table
To send traffic destined outside the VPC to the egress-only internet gateway, you must create a custom route table, add a route that sends traffic to the gateway, and then associate it with your subnet.
To create a custom route table and add a route to the egress-only internet gateway
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Route Tables, Create route table.
-
In the Create route table dialog box, optionally name your route table, then select your VPC and choose Create route table.
-
Select the custom route table that you just created. The details pane displays tabs for working with its routes, associations, and route propagation.
-
On the Routes tab, choose Edit routes, specify
::/0in the Destination box, select the egress-only internet gateway ID in the Target list, and then choose Save changes. -
On the Subnet associations tab, choose Edit subnet associations, and select the check box for the subnet. Choose Save.
Alternatively, you can add a route to an existing route table that's associated with your subnet. Select your existing route table, and follow steps 5 and 6 above to add a route for the egress-only internet gateway.
For more information about route tables, see Configure route tables.
3. Delete an egress-only internet gateway
If you no longer need an egress-only internet gateway, you can delete it. Any
route in a route table that points to the deleted egress-only internet gateway
remains in a blackhole status until you manually delete or update the
route.
To delete an egress-only internet gateway
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Egress Only Internet Gateways, and select the egress-only internet gateway.
-
Choose Delete.
-
Choose Delete Egress Only Internet Gateway in the confirmation dialog box.
Command line overview
You can perform the tasks described on this page using the command line.
Create an egress-only internet gateway
create-egress-only-internet-gateway
(AWS CLI) New-EC2EgressOnlyInternetGateway (AWS Tools for Windows PowerShell)
Describe an egress-only internet gateway
describe-egress-only-internet-gateways
(AWS CLI) Get-EC2EgressOnlyInternetGatewayList (AWS Tools for Windows PowerShell)
Delete an egress-only internet gateway
delete-egress-only-internet-gateway
(AWS CLI) Remove-EC2EgressOnlyInternetGateway (AWS Tools for Windows PowerShell)
