Amazon Elastic Compute Cloud
User Guide for Linux (API Version 2014-10-01)
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.

Multiple Private IP Addresses

In EC2-VPC, you can specify multiple private IP addresses for your instances. The number of network interfaces and private IP addresses that you can specify for an instance depends on the instance type. For more information, see Private IP Addresses Per ENI Per Instance Type.

It can be useful to assign multiple private IP addresses to an instance in your VPC to do the following:

  • Host multiple websites on a single server by using multiple SSL certificates on a single server and associating each certificate with a specific IP address.

  • Operate network appliances, such as firewalls or load balancers, that have multiple private IP addresses for each network interface.

  • Redirect internal traffic to a standby instance in case your instance fails, by reassigning the secondary private IP address to the standby instance.

How Multiple IP Addresses Work

The following list explains how multiple IP addresses work with network interfaces:

  • You can assign a secondary private IP address to any network interface. The network interface can be attached to or detached from the instance.

  • You must choose a secondary private IP address that's in the CIDR block range of the subnet for the network interface.

  • Security groups apply to network interfaces, not to IP addresses. Therefore, IP addresses are subject to the security group of the network interface in which they're specified.

  • Secondary private IP addresses can be assigned and unassigned to elastic network interfaces attached to running or stopped instances.

  • Secondary private IP addresses that are assigned to a network interface can be reassigned to another one if you explicitly allow it.

  • When assigning multiple secondary private IP addresses to a network interface using the command line tools or API, the entire operation fails if one of the secondary private IP addresses can't be assigned.

  • Primary private IP addresses, secondary private IP addresses,  and any associated Elastic IP addresses remain with the network interface when it is detached from an instance or attached to another instance.

  • Although you can't move the primary network interface from an instance, you can reassign the secondary private IP address of the primary network interface to another network interface.

  • You can move any additional network interface from one instance to another.

The following list explains how multiple IP addresses work with Elastic IP addresses:

  • Each private IP address can be associated with a single Elastic IP address, and vice versa.

  • When a secondary private IP address is reassigned to another interface, the secondary private IP address retains its association with an Elastic IP address.

  • When a secondary private IP address is unassigned from an interface, an associated Elastic IP address is automatically disassociated from the secondary private IP address.

Assigning a Secondary Private IP Address

You can assign the secondary private IP address to the network interface for an instance as you launch the instance, or after the instance is running.

To assign a secondary private IP address when launching an instance in EC2-VPC

  1. Open the Amazon EC2 console.

  2. Click the Launch Instance button.

  3. Choose an AMI and click its Select button, then choose an instance type and click Next: Configure Instance Details.

  4. On the Configure Instance Details page, choose a VPC from the Network list, and a subnet from the Subnet list.

  5. In the Network Interfaces section, do the following, and then click Next: Add Storage:

    1. Click Add Device to add another network interface. The console enables you specify up to 2 network interfaces when you launch an instance. After you launch the instance, click Network Interfaces in the navigation pane to add additional network interfaces. The total number of network interfaces that you can attach varies by instance type. For more information, see Private IP Addresses Per ENI Per Instance Type.

    2. For each network interface, you can specify a primary private IP address, and one or more secondary private IP addresses. For this example, however, accept the IP address that we automatically assign.

    3. Under Secondary IP addresses, click Add IP, and then enter a private IP address in the subnet range, or accept the default, Auto-assign, to let us select an address.

      Important

      After you have added a secondary private IP address to a network interface, you must connect to the instance and configure the secondary private IP address on the instance itself. For more information, see Configuring the Operating System on Your Instance to Recognize the Secondary Private IP Address .

  6. On the next Add Storage page, you can specify volumes to attach to the instance besides the volumes specified by the AMI (such as the root device volume), and then click Next: Tag Instance.

  7. On the Tag Instance page, specify tags for the instance, such as a user-friendly name, and then click Next: Configure Security Group.

  8. On the Configure Security Group page, select an existing security group or create a new one. Click Review and Launch.

  9. On the Review Instance Launch page, review your settings, and then click Launch to choose a key pair and launch your instance. If you're new to Amazon EC2 and haven't created any key pairs, the wizard prompts you to create one.

To assign a secondary IP address during launch using the command line

You can use one of the following commands. For more information about these command line interfaces, see Accessing Amazon EC2.

  • The --secondary-private-ip-addresses option with the run-instances command (AWS CLI)

  • The --secondary-private-ip-address option with the ec2-run-instances command (Amazon EC2 CLI)

To assign a secondary private IP to an existing instance

  1. Open the Amazon EC2 console.

  2. In the navigation pane, click Network Interfaces, and then right-click the network interface attached to the instance.

  3. Select Manage Private IP Addresses.

  4. In the Manage Private IP Addresses dialog box, do the following:

    1. Click Assign new IP.

    2. Enter a specific IP address that's within the subnet range for the instance, or leave the field blank and we'll select an IP address for you.

    3. (Optional) Select Allow reassignment to allow the secondary private IP address to be reassigned if it is already assigned to another network interface.

    4. Click Yes, Update, and then click Close.

    Note that alternatively, you can assign a secondary private IP address to an instance. Click Instances in the navigation pane, right-click your instance, select Networking, and then click Manage Private IP Addresses. You can configure the same information in the dialog as you did in the steps above.

To assign a secondary private IP to an existing instance using the command line

You can use one of the following commands. For more information about these command line interfaces, see Accessing Amazon EC2.

Configuring the Operating System on Your Instance to Recognize the Secondary Private IP Address

After you assign a secondary private IP address to your instance, you need to configure the operating system on your instance to recognize the secondary private IP address.

If you are using Amazon Linux, the ec2-net-utils package can take care of this step for you. It configures additional network interfaces that you attach while the instance is running, refreshes secondary IP addresses during DHCP lease renewal, and updates the related routing rules. If you require manual control over your network configuration, you can remove the ec2-net-utils package. For more information, see Configuring Your Network Interface Using ec2-net-utils.

If you are using another Linux distribution, see the documentation for your Linux distribution. Search for information about configuring additional network interfaces and secondary IP addresses. If the instance has two or more interfaces on the same subnet, search for information about using routing rules to work around asymmetric routing.

Associating an Elastic IP Address with the Secondary Private IP Address

To associate an Elastic IP address with a secondary private IP address in EC2-VPC

  1. Open the Amazon EC2 console.

  2. Click Elastic IPs in the navigation pane.

  3. Right-click the IP address, and then click Associate.

  4. In the Associate Address dialog box, select the network interface from the Network Interface drop-down list, and then select the secondary IP address from the Private IP address drop-down list.

  5. Click Associate.

To associate an Elastic IP address with a secondary private IP address using the command line

You can use one of the following commands. For more information about these command line interfaces, see Accessing Amazon EC2.

Viewing Your Secondary Private IP Addresses

To view the private IP addresses assigned to a network interface in EC2-VPC

  1. Open the Amazon EC2 console.

  2. Click Network Interfaces in the navigation pane.

  3. Select the network interface whose private IP addresses you want to view.

  4. On the Details tab in the details pane, check the Primary private IP and Secondary private IPs fields for the primary private IP address and any secondary private IP addresses assigned to the network interface.

To view the private IP addresses assigned to an instance

  1. Open the Amazon EC2 console.

  2. Click Instances in the navigation pane.

  3. Select the instance whose private IP addresses you want to view.

  4. On the Description tab in the details pane, check the Private IPs and Secondary private IPs fields for the primary private IP address and any secondary private IP addresses assigned to the instance through its network interface.

Unassigning a Secondary Private IP Address

If you no longer require a secondary private IP address, you can unassign it from the instance or the network interface. When a secondary private IP address is unassigned from an elastic network interface, the Elastic IP address (if it exists) is also disassociated.

To unassign a secondary private IP address from an instance

  1. Open the Amazon EC2 console.

  2. Click Instances in the navigation pane.

  3. Right-click an instance, select Networking, and then click Manage Private IP Addresses.

  4. In the Manage Private IP Addresses dialog box, beside the secondary private IP address to unassign, click Unassign.

  5. Click Yes, Update, and then close the dialog box.

To unassign a secondary private IP address from a network interface

  1. Open the Amazon EC2 console.

  2. Click Network Interfaces in the navigation pane.

  3. Right-click a network interface, and then click Manage Private IP Addresses.

  4. In the Manage Private IP Addresses dialog box, beside the secondary private IP address to unassign, click Unassign.

  5. Click Yes, Update, and then click Close.

To unassign a secondary private IP address using the command line

You can use one of the following commands. For more information about these command line interfaces, see Accessing Amazon EC2.