How can I change or retain my IP address when I run Amazon EC2 restore in AWS Backup?

4 分的閱讀內容
0

During an Amazon Elastic Compute Cloud (Amazon EC2) restore in AWS Backup, I want to change or retain my private or public IP address.

Short description

When you launch an EC2 instance, a private IP address is assigned to that instance. A public IP address is also automatically assigned to the instance from the public IPv4 address pool.

To retain or change the original IP address information on a restored Amazon EC2 instance, use the Amazon EC2 console. You can also use the AWS Command Line Interface (AWS CLI) to retain or change IP address information.

Note:

  • The auto-assigned public IP address that's associated with the instance changes every time that the instance is stopped and started.
  • When an EC2 instance is restored, the private IP address is automatically assigned from the subnet by default.
  • A newly restored instance doesn't retain the original private IP address when restored from the AWS Backup console. However, you can use the AWS CLI or SDKs to modify the metadata to use the original IP address.
  • An Elastic IP address is a static IP address that can associate or disassociate from the instance. However, that address can't change or move to the public IPv4 address pool.

Resolution

Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Use the Amazon EC2 console to reassociate your Elastic IP address to the restored EC2 instance

To reassociate the original Elastic IP address to the restored instance, you must associate an Elastic IP address with the instance. The Elastic IP address is then maintained after you stop and start your instance.

Use the AWS CLI to reassociate your Elastic IP address to the restored EC2 instance

To reassociate your Elastic IP address to the restored EC2 instance, run the associate-address command:

aws ec2 associate-address --instance-id i-07ffe74c7330ebf53 --public-ip 198.51.100.20

Retain a private IP address to the restored EC2 instance

Note: If a private address is in use for an EC2 instance, then you can't retain the private address for a different instance. For more information, see Client error codes for specific actions.

To retain a private IP address, complete the following steps to change the primary private IP address in the metadata output:

  1. To get the metadata for your restore, run the get-recovery-point-restore-metadata AWS CLI command:

    aws backup get-recovery-point-restore-metadata --backup-vault-name Default --recovery-point-arn arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa

    You receive a metadata output similar to the following example:

    {
        "BackupVaultArn": "arn:aws:backup:eu-south-1:111111111111:backup-vault:Default",  
        "RecoveryPointArn": "arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa",  
        "RestoreMetadata": {  
            "CapacityReservationSpecification": "{\"CapacityReservationPreference\":\"open\"}",  
            "CpuOptions": "{\"CoreCount\":1,\"ThreadsPerCore\":1}",  
            "CreditSpecification": "{\"CpuCredits\":\"standard\"}",  
            "DisableApiTermination": "false",  
            "EbsOptimized": "false",  
            "HibernationOptions": "{\"Configured\":false}",  
            "InstanceInitiatedShutdownBehavior": "stop",  
            "InstanceType": "t2.micro",  
            "Monitoring": "{\"State\":\"disabled\"}",  
            "NetworkInterfaces": "[{\"AssociatePublicIpAddress\":true,\"DeleteOnTermination\":true,\"Description\":\"\",\"DeviceIndex\":0,\"Groups\":[\"sg-abc123\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-08e89a5a35a5495fe\",\"PrivateIpAddress\":\"172.16.1.5\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"172.16.1.5\"}],\"SecondaryPrivateIpAddressCount\":0,\"SubnetId\":\"subnet-0987\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":[],\"Ipv6Prefixes\":[]}]",  
            "Placement": "{\"AvailabilityZone\":\"eu-south-1b\",\"GroupName\":\"\",\"Tenancy\":\"default\"}",  
            "RequireIMDSv2": "true",  
            "SecurityGroupIds": "[\"sg-abc123\"]",  
            "SubnetId": "subnet-0987",  
            "VpcId": "vpc-0987",  
            "aws:backup:request-id": "caf1f9d4-abcd-4685-87ce-20c96c99c79c"  
        }  
    }
  2. Manually edit the metadata output to retain the original PrivateIpaddress. Or, change the Primary PrivateIpaddress to a different PrivateIpaddress in the NetworkInterfaces metadata field. The following example output is edited to retain the original PrivateIpaddress:

    {
      "Architecture": "x86_64",
    ...
      "NetworkInterfaces": "[{\"DeleteOnTermination\":true,\"Description\":\"Primary network interface\",\"DeviceIndex\":0,\"Groups\":[\"sg-abc123\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"172.16.1.5\"}],\"SubnetId\":\"subnet-0987\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":[],\"Ipv6Prefixes\":[]}]",
      "Placement": "{\"AvailabilityZone\":\"eu-south-1b\",\"GroupName\":\"\",\"Tenancy\":\"default\"}",
      "RequireIMDSv2": "false",
      "RootDeviceType": "ebs",
      "VirtualizationType": "hvm",
      "VpcId": "vpc-xyz123",
      "aws:backup:request-id": "caf1f9d4-abcd-4685-87ce-20c96c99c79c"
    }

    To use the Linux CLI to create a script to edit the metadata, run the following command:

    aws backup get-recovery-point-restore-metadata --backup-vault-name Default --recovery-point-arn arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa | jq '.RestoreMetadata | del (.SecurityGroupIds, .SubnetId)' | jq '.NetworkInterfaces = (.NetworkInterfaces | fromjson | map(. + { Description: "Primary network interface" }) | map(del(.NetworkInterfaceId, .SecondaryPrivateIpAddressCount, .AssociatePublicIpAddress, .PrivateIpAddress)) | @json) ' > restore.json
  3. To restore the instance with the private IP address, run the start-restore-job command pointing to the edited metadata file:

    aws backup start-restore-job --region eu-south-1 --recovery-point-arn arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa --idempotency-token examplerestore --iam-role-arn "arn:aws:iam::111111111111:role/service-role/AWSBackupDefaultServiceRole" --metadata file://restore.json

Related information

Restoring an Amazon EC2 instance

Amazon EC2 instance IP addressing

How can I restore an Amazon EC2 instance from an AWS Backup recovery point using the AWS CLI?

AWS 官方
AWS 官方已更新 3 個月前
4 評論

Editing the serialized part of the metadata wasn't straightforward so I come up with this command:

aws backup get-recovery-point-restore-metadata --backup-vault-name Default --recovery-point-arn arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa | jq '.RestoreMetadata | del (.SecurityGroupIds, .SubnetId)' | jq '.NetworkInterfaces = (.NetworkInterfaces | fromjson | map(. + { Description: "Primary network interface" }) | map(del(.NetworkInterfaceId,  .SecondaryPrivateIpAddressCount, .AssociatePublicIpAddress, .PrivateIpAddress)) | @json) ' > restore.json

What this command does:

  • extracts RestoreMetadata
  • removes from it the fields SecurityGroupIds and SubnetId
  • then deserialize and replaces the content of NetworkInterfaces removing NetworkInterfaceId, SecondaryPrivateIpAddressCount, AssociatePublicIpAddress and PrivateIpAddress
  • serializes NetworkInterfaces and creates the json file for the restore job:
aws backup start-restore-job --region eu-south-1 --recovery-point-arn arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa --iam-role-arn "arn:aws:iam::123412341234:role/service-role/AWSBackupDefaultServiceRole" --metadata file://restore.json

YMMV: for example this might not work if the primary ENI has two private addresses.

回答 10 個月前

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
管理員
回答 10 個月前

The Private IP Address should be retained.

In the step1, PrivateIpAddress is 172.16.1.5.

In the step2, PrivateIpAddress is 172.16.2.5.

AWS
回答 2 個月前

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
管理員
回答 2 個月前