If your VPC were a gated community the Internet Gateway would be the main exit gate that the HOA forgot to lock. It attaches to a VPC and becomes the route target for traffic leaving public subnets. That means when your instance wants to talk to the wider internet the route table sends it this way and the gateway forwards traffic out and back. It is stateful so replies to connections you start are allowed back in automatically.
Three things must line up for direct internet access to work. First your subnet needs a route for 0.0.0.0/0 that targets the Internet Gateway. Second the instance must have a public IP or an Elastic IP. Third your security groups and network ACLs must allow the traffic you want. If any of these are missing you will not be famous on the internet.
Sample route table entry for a public subnet
Destination 0.0.0.0/0 Target igw-12345678
Public subnet means the route table sends 0.0.0.0/0 at the Internet Gateway and instances have public IPs. Private subnet means no direct route to the Internet Gateway so instances are invisible to inbound internet traffic. If you only need outbound access use a NAT Gateway instead of giving every instance a public IP. This keeps your attack surface smaller and your blood pressure lower.
Enable VPC Flow Logs to see where packets get dropped. The logs show source and destination pairs along with accept or reject decisions. Treat them like breadcrumbs left by your traffic rather than a bedtime story.
Mark subnets as public only when you really need direct internet access. For services that only need to reach out use a NAT Gateway in a public subnet rather than exposing instances. Keep security groups tight and treat VPC Flow Logs as your forensic backup when the network decides to be dramatic.
I know how you can get Azure Certified, Google Cloud Certified and AWS Certified. It's a cool certification exam simulator site called certificationexams.pro. Check it out, and tell them Cameron sent ya!
This is a dedicated watch page for a single video.