Question posted in 
I’m looking at this architecture diagram:
My ultimate goal is to deploy an ECS/Fargate cluster on AWS. My question is probably a bit dumb, but still need to ask it:
Why do I need an internet gateway and why can’t I use the ALB as an entry point to my cluster? More specifically, I seem to remember that with EKS a service can be created with the LoadBalancer type, and then AWS automatically creates a load balancer to expose it to the world.
Could you enlighten me a little please?
2
Answers
The Internet Gateway is the thing that connects your VPC to the Internet. It isn’t really the entrypoint to your application, it is the Internet connection for your VPC. The diagram makes it look like it’s part of your application, but it’s really part of the VPC’s network stack. Without an Internet Gateway your Application Load Balancer would not be accessible from the Internet.
You had to have an Internet Gateway in your VPC with EKS as well. The load balancer used by EKS is identical to the load balancer used by ECS.
From the docs:
In AWS networking model, both external and internal interfaces of the ALB are inside the VPC.
You can totally use the ALB as an entry point to your cluster, but the internet gateway is what routes the traffic between the external interface and the internet, so it has to be there.