By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

EC2 machine IP address

0

Hi I have a couple of questions on Amazon IP address allocation for AWS EC2 machines.

  1. Is there a way to tell if the RHEL/Windows EC2 machine has been assigned an Elastic (public static) IP address or not?

  2. if the EC2 machine is placed in a PRIVATE SUBNET, is it only assigned a PRIVATE IP?

  3. If the EC2 machine does not have an Elastic IP address, does it mean that AWS can reassign it a different public IP from the assigned private Subnet range every time you reboot it or is that only for PRIVATE IPs since subnets are assigned only private IPs?

Topics
Networking & Content DeliveryComputeAWS Well-Architected Framework
Tags
Amazon VPCLinux ProvisioningAmazon EC2Networking & Content DeliverySecurity
Language
English
sam15
asked 8 months ago339 views
2 Answers
1
Accepted Answer

Hi,

  1. Is there a way to tell if the RHEL/Windows EC2 machine has been assigned an Elastic (public static) IP address or not?

       A Public IP address associated with an instance is not static and would be lost when the instance is stopped, whereas an Elastic IP address is a static public address associated with your AWS account and you can reuse it. You can see the elastic ip address from EC2 console or through CLI via describe-instances.

  2. If the EC2 machine is placed in a PRIVATE SUBNET, is it only assigned a PRIVATE IP?

      Yes, instance launched in private subnet wouldn't be assigned public ip address by default. Instances launched in private subnet need not to be access directly from internet. Even if you assign public ip address to an ec2 instance launched in private subnet, it won't be accessible from internet directly.

  3. If the EC2 machine does not have an Elastic IP address, does it mean that AWS can reassign it a different public IP from the assigned private Subnet range every time you reboot it or is that only for PRIVATE IPs since subnets are assigned only private IPs?

      First and second question-answer, answers to this question. if instance has public ip address and get rebooted, it may have different public ip however with elastic ip, you can reassign to your newly launched instance.  By default, instance launched in private subnet would have private ip address.

When you create Elastic Ip address, you'd have option to associate with the instance and it's private ip address. Also, you'll see an option in Elastic IP address association page, Allow this Elastic IP address to be reassociated, which means that whether the Elastic IP address can be reassociated with a different resource if it already associated with a resource. You won't loose elastic ip unless you disassociate this from instance and release it.

To access instance launched in private subnet, it's important to note that while the Elastic IP allows the EC2 instance to be accessed from the internet, the private subnet doesn't provide direct internet access to the instance. To enable internet access for the instance, you'll typically need to set up a Network Address Translation (NAT) gateway or a NAT instance in a public subnet. This way, the instance in the private subnet can initiate outbound requests to the internet through the NAT device.

Using this setup, you can have an EC2 instance in a private subnet with a public IP address, allowing it to communicate with the internet while still maintaining a level of security by not directly exposing the instance to the public internet.

Refer IP Addressing AWS Documentation

Hope this helps.

Abhishek

profile pictureAWS
EXPERT
secondabhi_aws
answered 8 months ago
profile picture
EXPERT
Gary Mclean
reviewed 8 months ago
  • sam15
    8 months ago

    Great Answer! Since the EC2 is in a PRIVATE SUBNET, is there a way to assign a STATIC PRIVATE IP to the machine for firewall purposes or you don't have control over that and AWS will always assign the PRIVATE IP from the CIDR block range assigned for the SUBNET?

  • secondabhi_aws EXPERT
    8 months ago

    Do you have any additional questions?

  • sam15
    8 months ago

    Based on your answer, I assume firewall requests for EC2 machine destination should be based on Subnet Range. Correct? I also assume private IP address will only change when you restart the machine?

  • secondabhi_aws EXPERT
    8 months ago

    To best of my knowledge, there is no built-in mechanism to assign a static private IP address directly to an EC2 instance. Private ip of an EC2 instance never changes. Other way of achieving this is:

    Elastic Network Interface (ENI) with a Static IP: You can create an additional Elastic Network Interface (ENI) with a manually assigned private IP address and attach it to your EC2 instance. This ENI would have a static private IP address, but note that traffic to the primary private IP of the instance would still go through the dynamic private IP. The secondary private IP on the ENI can be used for specific purposes where a static IP is required.

    Hope you find this helpful. Comment here if you have additional questions, happy to help.

  • secondabhi_aws EXPERT
    8 months ago

    The private IP of the instance will never change throughout the lifecycle of the EC2 instance. You can also assign a private secondary IP address to your instance. Public IP changes when instances is stopped and started, it doesn't change in reboot. Since with every stop, public ips may change, which is why Elastic IPs are used. Feel free to comment if you have additional questions.

1

Abhishek's answer is good, but's worth pointing out that a public IP and an elastic IP are not the same thing. A new public IP is assigned by AWS every time the instance is started and disappears when the instance is stopped, whereas an elastic IP never changes and is yours forever, or at least until you give it back ("release it" in the jargon).

The presence or absence of a public IP at launch time is determined by the default setting of the subnet into which the instance is being launched. Usually you wouldn't have public IPs allocated in private subnets (there's no point) but you can always override this setting when launching the instance in AWS Console, or in the launch template or CloudFormation etc. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html#vpc-public-ipv4-addresses

The public IP setting for a subnet can be changed https://docs.aws.amazon.com/vpc/latest/userguide/modify-subnets.html#subnet-public-ip

An instance will have the same private IP throughout its lifetime. This is picked from the available IPs in the subnet when the instance is launched, but again you can override this and allocate a specific IP if needed (assuming that IP is not already in use) https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-private-addresses

profile picture
EXPERT
Steve_M
answered 8 months ago
  • sam15
    8 months ago

    Here is the link for RDS Subnetting. AWS only mentions the IP change during failover. I am not sure abou this because I saw it change without failover. I will restart an RDS instance several times to see if it stays the same or changes.

    https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html

    If for RDS the IP address does not change, then I assume I can use the RDS and standby machine for DESTINATION in a firewall but the problem I assume there is no way to know the STANDBY IP that AWS assigned so I have to use the SUBNET range used for MULTI-AZ. Do you agree with thois?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content