Amazon Elastic Compute Cloud
User Guide for Linux (API Version 2014-10-01)
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.

Amazon EC2 Instance IP Addressing

We provide your instances with IP addresses and DNS hostnames. These can vary depending on whether you launched the instance in the EC2-Classic platform or in a virtual private cloud (VPC).

For information about the EC2-Classic and EC2-VPC platforms, see Supported Platforms. For information about Amazon VPC, see What is Amazon VPC? in the Amazon VPC User Guide.

Private IP Addresses and Internal DNS Hostnames

A private IP address is an IP address that's not reachable over the Internet. You can use private IP addresses for communication between instances in the same network (EC2-Classic or a VPC). For more information about the standards and specifications of private IP addresses, go to RFC 1918.

When you launch an instance, we allocate a private IP address for the instance using DHCP. Each instance is also given an internal DNS hostname that resolves to the private IP address of the instance; for example, ip-10-251-50-12.ec2.internal. You can use the internal DNS hostname for communication between instances in the same network, but we can't resolve the DNS hostname outside the network that the instance is in.

An instance launched in a VPC is given a primary private IP address in the address range of the subnet. For more information, see Subnet Sizing in the Amazon VPC User Guide. If you don't specify a primary private IP address when you launch the instance, we select an available IP address in the subnet's range for you. Each instance in a VPC has a default network interface (eth0) that is assigned the primary private IP address. You can also specify additional private IP addresses, known as secondary private IP addresses. Unlike primary private IP addresses, secondary private IP addresses can be reassigned from one instance to another. For more information, see Multiple Private IP Addresses.

For instances launched in EC2-Classic, we release the private IP address when the instance is stopped or terminated. If you restart your stopped instance, it receives a new private IP address.

For instances launched in a VPC, a private IP address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated.

If you create a custom firewall configuration in EC2-Classic, you must create a rule in your security group that allows inbound traffic from port 53 (DNS)—with a destination port from the ephemeral range—from the address of the Amazon DNS server; otherwise, internal DNS resolution from your instances fails. If your firewall doesn't automatically allow DNS query responses, then you'll need to allow traffic from the IP address of the Amazon DNS server. To get the IP address of the Amazon DNS server, use the following command from within your instance:

grep nameserver /etc/resolv.conf

Public IP Addresses and External DNS Hostnames

A public IP address is reachable from the Internet. You can use public IP addresses for communication between your instances and the Internet or other AWS products, such as Amazon Simple Storage Service (Amazon S3).

Each instance that receives a public IP address is also given an external DNS hostname; for example, ec2-203-0-113-25.compute-1.amazonaws.com. We resolve an external DNS hostname to the public IP address of the instance outside the network of the instance, and to the private IP address of the instance from within the network of the instance. The public IP address is mapped to the primary private IP address through network address translation (NAT). For more information about NAT, go to RFC 1631: The IP Network Address Translator (NAT).

When you launch an instance in EC2-Classic, we automatically assign a public IP address to the instance. You cannot modify this behavior. When you launch an instance into a VPC, your subnet has an attribute that determines whether instances launched into that subnet receive a public IP address. By default, we don't automatically assign a public IP address to an instance that you launch in a nondefault subnet.

You can control whether your instance in a VPC receives a public IP address by doing the following:

A public IP address is assigned to your instance from Amazon's pool of public IP addresses, and is not associated with your AWS account. When a public IP address is disassociated from your instance, it is released back into the public IP address pool, and you cannot reuse it.

You cannot manually associate or disassociate a public IP address from your instance. Instead, in certain cases, we release the public IP address from your instance, or assign it a new one:

  • We release the public IP address for your instance when it's stopped or terminated. Your stopped instance receives a new public IP address when it's restarted.

  • We release the public IP address for your instance when you associate an Elastic IP address with your instance, or when you associate an Elastic IP address with the primary network interface (eth0) of your instance in a VPC. When you disassociate the Elastic IP address from your instance, it receives a new public IP address.

  • If the public IP address of your instance in a VPC has been released, it will not receive a new one if there is more than one network interface attached to your instance.

If you require a persistent public IP address that can be associated to and from instances as you require, use an Elastic IP address instead. You can allocate your own Elastic IP address, and associate it with your instance. For more information, see Elastic IP Addresses (EIP).

If your instance is in a VPC and you assign it an Elastic IP address, it receives a DNS hostname if DNS hostnames are enabled. For more information, see Using DNS with Your VPC in the Amazon VPC User Guide.

Note

Instances that access other instances through their public NAT IP address are charged for regional or Internet data transfer, depending on whether the instances are in the same region.

Elastic IP Addresses

An Elastic IP address is a public IP address that you can allocate to your account. You can associate it to and from instances as you require, and it's allocated to your account until you choose to release it. For more information about Elastic IP addresses and how to use them, see Elastic IP Addresses (EIP).

Differences Between EC2-Classic and EC2-VPC

The following table summarizes the differences between IP addresses for instances launched in EC2-Classic, instances launched in a default subnet, and instances launched in a nondefault subnet.

CharacteristicEC2-ClassicDefault SubnetNondefault Subnet

Public IP address (from Amazon's public IP address pool)

Your instance receives a public IP address.

Your instance receives a public IP address by default, unless you specify otherwise during launch, or you modify the subnet's public IP address attribute.

Your instance doesn't receive a public IP address by default, unless you specify otherwise during launch, or you modify the subnet's public IP address attribute.

Private IP address

Your instance receives a private IP address from the EC2-Classic range each time it's started.

Your instance receives a static private IP address from the address range of your default subnet.

Your instance receives a static private IP address from the address range of your subnet.

Multiple IP addresses

We select a single private IP address for your instance; multiple IP addresses are not supported.

You can assign multiple private IP addresses to your instance.

You can assign multiple private IP addresses to your instance.

Network interfaces

IP addresses are associated with the instance; network interfaces aren't supported.

IP addresses are associated with a network interface. Each instance has one or more network interfaces.

IP addresses are associated with a network interface. Each instance has one or more network interfaces.

Elastic IP address

An Elastic IP address is disassociated from your instance when you stop it.

An Elastic IP address remains associated with your instance when you stop it.

An Elastic IP address remains associated with your instance when you stop it.

DNS hostnames

DNS hostnames are enabled by default.

DNS hostnames are enabled by default.

DNS hostnames are disabled by default, except if you've created your VPC using the VPC wizard in the Amazon VPC console.

Determining Your Public, Private, and Elastic IP Addresses

You can use the Amazon EC2 console to determine the private IP addresses, public IP addresses, and Elastic IP addresses of your instances. You can also determine the public and private IP addresses of your instance from within your instance by using instance metadata. For more information, see Instance Metadata and User Data.

To determine your instance's private IP addresses using the console

  1. Open the Amazon EC2 console.

  2. In the navigation pane, click Instances.

  3. Select your instance. In the details pane, get the private IP address from the Private IPs field, and get the internal DNS hostname from the Private DNS field.

  4. (VPC only) If you have one or more secondary private IP addresses assigned to network interfaces that are attached to your instance, get those IP addresses from the Secondary private IPs field.

  5. (VPC only) Alternatively, in the navigation pane, click Network Interfaces, and then select the a network interface that's associated with your instance.

  6. Get the primary private IP address from the Primary private IP field, and the internal DNS hostname from the Private DNS field.

  7. If you've assigned secondary private IP addresses to the network interface, get those IP addresses from the Secondary private IPs field.

To determine your instance's public IP addresses using the console

  1. Open the Amazon EC2 console.

  2. In the navigation pane, click Instances.

  3. Select your instance. In the details pane, get the public IP address from the Public IP field, and get the external DNS hostname from the Public DNS field.

    Note

    If you've associated an Elastic IP address with your instance, the Public IP field displays the Elastic IP address.

  4. If an Elastic IP address has been associated with the instance, get the Elastic IP address from the Elastic IP field.

  5. (VPC only) Alternatively, in the navigation pane, click Network Interfaces, and then select a network interface that's associated with your instance.

  6. Get the public IP address from the Public IPs field. An asterisk (*) indicates the public IP address or Elastic IP address that's mapped to the primary private IP address.

    Note

    The public IP address is displayed as a property of the network interface in the console, but it's mapped to the primary private IP address through NAT. Therefore, if you inspect the properties of your network interface on your instance, for example, through ifconfig, the public IP address is not displayed. To determine your instance's public IP address from within the instance, you can use instance metadata.

To determine your instance's IP addresses using instance metadata

  1. Connect to your instance.

  2. Use the following command to access the private IP address:

    $ curl http://169.254.169.254/latest/meta-data/local-ipv4
  3. Use the following command to access the public IP address:

    $ curl http://169.254.169.254/latest/meta-data/public-ipv4

    Note that if an Elastic IP address is associated with the instance, the value returned is that of the Elastic IP address.

Assigning a Public IP Address

If you launch an instance in EC2-Classic, it is assigned a public IP address by default. You can't modify this behavior.

In a VPC, all subnets have an attribute that determines whether instances launched into that subnet are assigned a public IP address. By default, nondefault subnets have this attribute set to false, and default subnets have this attribute set to true. If you launch an instance into a VPC, a public IP addressing feature is available for you to control whether your instance is assigned a public IP address - you can override the default behavior of the subnet's IP addressing attribute. The public IP address is assigned from Amazon's pool of public IP addresses, and is assigned to the network interface with the device index of eth0. This feature depends on certain conditions at the time you launch your instance.

Important

You can't manually disassociate the public IP address from your instance after launch. Instead, it's automatically released in certain cases, after which you cannot reuse it. For more information, see Public IP Addresses and External DNS Hostnames. If you require a persistent public IP address that you can associate or disassociate at will, assign an Elastic IP address to the instance after launch instead. For more information, see Elastic IP Addresses (EIP).

To access the public IP addressing feature when launching an instance

  1. Open the Amazon EC2 console.

  2. Click Launch Instance.

  3. Choose an AMI and click its Select button, then choose an instance type and click Next: Configure Instance Details.

  4. On the Configure Instance Details page, select a VPC from the Network list. An Auto-assign Public IP list is displayed. Select Enable or Disable to override the default setting for the subnet.

    Important

    A public IP address can only be assigned to a single, new network interface with the device index of eth0. The Auto-assign Public IP list is not available if you're launching with multiple network interfaces, or if you select an existing network interface for eth0.

  5. Follow the steps on the next pages of the wizard to complete your instance's setup. For more information about the wizard configuration options, see Launching an Instance. On the final Review Instance Launch page, review your settings, and then click Launch to choose a key pair and launch your instance.

  6. On the Instances page, select your new instance and view its public IP address in Public IP field in the details pane.

The public IP addressing feature is only available during launch. However, whether you assign a public IP address to your instance during launch or not, you can associate an Elastic IP address with your instance after it's launched. For more information, see Elastic IP Addresses (EIP). You can also modify your subnet's public IP addressing behavior. For more information, see Modifying Your Subnet's Public IP Addressing Behavior.

API and Command Line Tools for Public IP Addressing

To enable or disable the public IP addressing feature, use one of the methods in the table below. For more information about these command line interfaces, see Accessing Amazon EC2.

MethodParameter

AWS CLI

Use the --associate-public-ip-address or the --no-associate-public-ip-address option with the run-instances command.

Amazon EC2 CLI

Use the --associate-public-ip-address option with the ec2-run-instances command.

AWS Tools for Windows PowerShell

Use the -AssociatePublicIp parameter with the New-EC2Instance command.

Query API

Use the NetworkInterface.n.AssociatePublicIpAddress parameter with the RunInstances request.