Oracle Cloud Infrastructure Documentation

Creating an Internet Gateway

Create an internet gateway (IGW) in your virtual cloud network (VCN) in Networking.

Prerequisites:

  • You've determined which subnets in the VCN need access to the internet, and you've created those public subnets.

    Only one internet gateway is needed for each VCN. All public subnets within a VCN have access to the internet gateway if the security rules and route table rules allow that access.

  • You've determined the types of ingress and egress internet traffic route rules that you want to enable for the resources in each public subnet (examples: ingress HTTPS connections, ingress ICMP ping connections).
  • The required IAM policy is in place to allow you to work with Networking service resources. For administrators, see IAM Policies for Networking.
Important

If you've configured the public subnet to use the default security list, remember that the list includes several helpful default rules that enable basic required access (examples: ingress SSH, egress access to all destinations). We recommend that you become familiar with the basic access that these default rules provide. If you choose not to use the default security list, be sure to provide this basic access by implementing these security rules either in network security groups (NSGs) or custom security lists. You will also need to configure route rules in the route tables used by your public subnets to allow traffic to be routed to and from the internet.

    1. Open the navigation menu, click Networking, and then click Virtual cloud networks.
    2. Click the name of the VCN that you're interested in.
    3. Under Resources, click Internet Gateway.
    4. Click Create Internet Gateway.
    5. Enter the following values:
      • Name: A friendly name for the internet gateway. It doesn't have to be unique, and it can't be changed later in the Console (but you can change it with the API). Avoid entering confidential information.
      • Create in Compartment: The compartment in which you want to create the internet gateway, if different from the compartment you're currently working in.
      • Route Table Association: (Advanced option) You can associate a specific VCN route table with this gateway. If you associate a route table, afterwards the gateway must always have a route table associated with it. You can modify the rules in the current route table or replace it with another route table.
      • Tags: (Advanced option) If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.
    6. Click Create Internet Gateway.

    The internet gateway is created and displayed on the Internet Gateways page of the compartment that you chose. It's already enabled, but you still need to add a route rule that allows traffic to flow to the internet gateway, and explicitly allow that traffic with a security rule in a security list or network security group.

  • Use the network internet-gateway create command and required parameters to create a new internet gateway for the specified VCN:

    oci network internet-gateway create --compartment-id compartment-ocid --vcn-id vcn-ocid  --is-enabled [true | false] ... [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateInternetGateway operation to create a new internet gateway.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.