1.07. VPC Routing, Internet Gateway & Bastion Hosts

What does the VPC router do?

Routes traffic between subnets and to/from external targets via route tables.

Is the VPC router highly available?

Yes, it's regionally resilient and present in all Availability Zones used by the VPC.

What IP does the VPC router use in each subnet?

The network+1 address (e.g., .1 in the subnet range).

What determines how traffic exits a subnet?

The route table associated with that subnet.

How many route tables can a subnet have?

One. But a route table can be associated with many subnets.

What is the "local" route in a VPC route table?

A default route to allow intra-VPC communication. It cannot be modified or deleted.

How is route priority determined?

By prefix length: the more specific (e.g., /32), the higher the priority.

What is the purpose of an internet gateway (IGW)?

To enable VPC resources with public IPs to access the internet and AWS public zone.

How many IGWs can be attached to a VPC?

Only one. A VPC can have either zero or one internet gateway.

Does an IGW need to be created per Availability Zone?

No, it is regionally resilient and covers all AZs in the VPC’s region.

What steps make a subnet public?

Attach IGW, route 0.0.0.0/0 to IGW, and enable auto-assign public IPv4.

Are public IPv4 addresses assigned to EC2 at OS level?

No. The IGW maps public IPs externally; EC2 OS only sees private IPs.

How does the IGW handle IPv4 packets?

It translates private source IPs to the public IP and vice versa on return.

Do EC2 instances see their IPv6 addresses?

Yes, IPv6 addresses are publicly routeable and visible on the OS.

What is a bastion host or jumpbox?

A public EC2 instance used to SSH into private VPC resources securely.

What is the main use case for a bastion host?

As the only entry point for managing private VPC resources.