When you launch an EC2 instance in AWS's default VPC and assign an Elastic IP (EIP), internet connectivity works immediately because AWS has pre-configured the default VPC with essential networking components:
// Default VPC comes pre-configured with:
- An Internet Gateway (IGW) attached
- Main route table with default route (0.0.0.0/0 -> igw-xxx)
- Public subnets with auto-assign public IP enabled
Your confusion stems from not seeing explicit IGW configuration. In reality, every default VPC automatically includes:
- An internet gateway with ID like
igw-1234567890abcdef0 - Route table entries pointing to this IGW
- Network ACLs allowing outbound traffic
To confirm this setup yourself, run these AWS CLI commands:
aws ec2 describe-internet-gateways \
--filters "Name=attachment.vpc-id,Values=$(aws ec2 describe-vpcs --query 'Vpcs[?IsDefault==true].VpcId' --output text)"
aws ec2 describe-route-tables \
--filters "Name=vpc-id,Values=$(aws ec2 describe-vpcs --query 'Vpcs[?IsDefault==true].VpcId' --output text)"
Contrast this with custom VPCs where you must explicitly:
- Create and attach an IGW
- Configure route tables
- Modify subnet settings
# Manual IGW attachment example for custom VPC
IGW_ID=$(aws ec2 create-internet-gateway --output text --query 'InternetGateway.InternetGatewayId')
aws ec2 attach-internet-gateway --internet-gateway-id $IGW_ID --vpc-id vpc-12345678
# Route table modification
aws ec2 create-route --route-table-id rtb-12345678 --destination-cidr-block 0.0.0.0/0 --gateway-id $IGW_ID
| Scenario | IGW Required? | Configuration |
|---|---|---|
| Default VPC | Yes (pre-configured) | Automatic |
| Custom VPC | Yes | Manual |
The EIP assignment works in default VPC because AWS has already established the complete internet access pathway behind the scenes.
Many AWS newcomers get confused when they launch an EC2 instance in the default VPC with an Elastic IP (EIP) and suddenly have internet access - despite not explicitly creating an Internet Gateway (IGW). This seems to contradict AWS documentation stating that VPCs need an IGW for internet connectivity.
The key lies in understanding how AWS configures default VPCs:
// What AWS creates automatically in default VPC:
1. Internet Gateway (attached to VPC)
2. Public subnet with route table pointing to IGW
3. Default security groups allowing outbound traffic
When you assign an EIP to an EC2 instance in the default VPC:
- The EIP provides a static public IP
- The pre-existing IGW enables routing between VPC and internet
- The default route table contains a 0.0.0.0/0 route to the IGW
You can check this setup using AWS CLI:
# Check for existing IGW
aws ec2 describe-internet-gateways --filters Name=attachment.vpc-id,Values=your-vpc-id
# View route tables
aws ec2 describe-route-tables --filters Name=vpc-id,Values=your-vpc-id
In a custom VPC (non-default), you would indeed need to manually:
# Create and attach IGW
aws ec2 create-internet-gateway
aws ec2 attach-internet-gateway --vpc-id your-vpc-id --internet-gateway-id igw-123
# Configure route table
aws ec2 create-route --route-table-id rtb-123 \
--destination-cidr-block 0.0.0.0/0 \
--gateway-id igw-123
If internet access isn't working even with an EIP:
- Verify IGW attachment to VPC
- Check route table associations
- Ensure security groups allow outbound traffic
- Confirm network ACLs aren't blocking traffic
- Check instance-level firewall settings
Here's a complete Terraform example for proper internet access:
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}
resource "aws_internet_gateway" "gw" {
vpc_id = aws_vpc.main.id
}
resource "aws_route_table" "public" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
}
resource "aws_subnet" "public" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.1.0/24"
}
resource "aws_route_table_association" "public" {
subnet_id = aws_subnet.public.id
route_table_id = aws_route_table.public.id
}