Oracle Cloud Infrastructure Documentation

Internet Gateway

This topic describes how to set up and manage an An optional virtual router that you can add to your VCN. It provides a path for network traffic between your VCN and the Internet. to give your VCN access to the internet.


Avoid entering confidential information when assigning descriptions, tags, or friendly names to your cloud resources through the Oracle Cloud Infrastructure Console, API, or CLI.

Working with Internet Gateways

Before continuing, make sure you've read Access to the Internet.

You can think of an internet gateway as a router connecting the edge of the cloud network with the internet. Traffic that originates in your VCN and is destined for a public IP address outside the VCN goes through the internet gateway.


When an internet gateway receives traffic from your VCN destined for a public IP address that is part of Oracle Cloud Infrastructure (such as Object Storage), the internet gateway routes the traffic to the destination without sending the traffic over the internet.

For some simple scenarios that use an internet gateway, see Typical Networking Scenarios.

You create an internet gateway in the context of a specific cloud network. In other words, the internet gateway is automatically attached to a cloud network. However, you can disable and re-enable the internet gateway at any time. Compare this with a Dynamic Routing Gateway, which you create as a standalone object that you then attach to a particular cloud network. Dynamic Routing Gateways use a different model because they're intended to be modular building blocks for privately connecting cloud networks to your on-premises network.

For traffic to flow between a subnet and an internet gateway, you must create a route rule accordingly in the subnet's route table (for example, > internet gateway). If the internet gateway is disabled, that means no traffic will flow to/from the Internet even if there's a route rule that enables that traffic. For more information, see Route Tables.

For the purposes of access control, you must specify the compartment where you want the internet gateway to reside. If you're not sure which compartment to use, put the internet gateway in the same compartment as the cloud network. For more information, see Access Control.

You may optionally assign a friendly name to the internet gateway. It doesn't have to be unique, and you can change it later. Oracle will automatically assign the internet gateway a unique identifier called an Oracle Cloud ID (OCID). For more information, see Resource Identifiers.

To delete an internet gateway, it does not have to be disabled, but there must not be a route table that lists it as a target.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be given the required type of access in a An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. you should work in.

For administrators: see IAM Policies for Networking.

Tagging Resources

You can apply tags to your resources to help you organize them according to your business needs. You can apply tags at the time you create a resource, or you can update the resource later with the desired tags. For general information about applying tags, see Resource Tags.

Using the Console

To create an internet gateway
To disable/enable an internet gateway
To delete an internet gateway
To manage tags for an internet gateway

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

To manage your internet gateways, use these operations: