A one-way door for IPv6 traffic — your EC2 instances can reach the internet, but the internet cannot initiate connections back in.
It is the IPv6 equivalent of a NAT Gateway.
All IPv6 addresses are publicly routable by default, meaning anyone on the internet could directly connect to your EC2 instance — a major security risk.
The Egress-Only IGW solves this:
Outbound → EC2 → Egress-Only IGW → Internet ✓
Inbound → Internet → Egress-Only IGW → EC2 ✗ (blocked)
| NAT Gateway | Egress-Only IGW | |
|---|---|---|
| IP version | IPv4 | IPv6 |
| Outbound traffic | Allowed | Allowed |
| Inbound traffic | Blocked | Blocked |
| Route table update | Required | Required |
Step 1: Create the Egress-Only Internet Gateway and attach it to your VPC.
Step 2: Update the route table of your private subnet:
| Destination | Target |
|---|---|
::/0 (all IPv6) |
Egress-Only Internet Gateway |
Without this route, EC2 instances cannot use the gateway.
Phle simply Create krlo
then routing table pe allow krdo any ipv6 for engress