Egress-only Internet Gateway (EIGW) is a highly available AWS resource that allows IPv6 traffic from the VPC to reach the internet. It also prevents any traffic initiated from the internet reaching the IPv6 instances.
- Unlike a NAT instance or a NAT Gateway, the EIGW does not perform any address translation as IPv6 addresses are public and global in scope.
- The entry in the route table of the private subnet for an IPv6 should have the target to EIGW.
- An EGIW is stateful. Meaning it forwards IPv6 traffic from the subnet to the Internet, and then sends the response back to these instances.
- You can’t associate a security group with an EIGW. Instead, You can use security groups for the instances in the private subnet to control the traffic to and from those instances.
- You can use a network ACL to control the traffic to and from the subnet for which the EIGW routes the traffic.