Amazon Elastic Compute Cloud
User Guide (API Version 2014-06-15)
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

Amazon EC2 Instance IP Addressing

We provide your instances with IP addresses and DNS hostnames. These can vary depending on whether you launched the instance in the EC2-Classic platform or in a virtual private cloud (VPC).

For information about the EC2-Classic and EC2-VPC platforms, see Supported Platforms. For information about Amazon VPC, see What is Amazon VPC? in the Amazon Virtual Private Cloud User Guide.

Private Addresses and Internal DNS Hostnames

You can use private IP addresses and internal DNS hostnames for communication between instances in the same network (EC2-Classic or a VPC). Private IP addresses are not reachable from the Internet. For more information about private IP addresses, see RFC 1918.

When you launch an instance, we allocate a private IP address for the instance using DHCP.

Each instance that you launch into a VPC has a default network interface. The network interface specifies the primary private IP address for the instance. If you don't select a primary private IP address, we select an available IP address in the subnet's range. You can specify additional private IP addresses, known as secondary private IP addresses. Unlike primary private IP addresses, secondary private IP addresses can be reassigned from one instance to another. For more information, see Multiple Private IP Addresses.

Each instance is provided an internal DNS hostname that resolves to the private IP address of the instance in EC2-Classic or your VPC. We can't resolve the DNS hostname outside the network that the instance is in.

If you create a custom firewall configuration in EC2-Classic, you must allow inbound traffic from port 53 (with a destination port from the ephemeral range) from the address of the Amazon DNS server; otherwise, internal DNS resolution from your instances fails. If your firewall doesn't automatically allow DNS query responses, then you'll need to allow traffic from the IP address of the Amazon DNS server. To get the IP address of the Amazon DNS server on Linux, use the following command: grep nameserver /etc/resolv.conf. To get the IP address of the Amazon DNS Server on Windows, use the following command: ipconfig /all | findstr /c:"DNS Servers".

For instances launched in EC2-Classic, a private IP address is associated with the instance until it is stopped or terminated.

For instances launched in a VPC, a private IP address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated.

Public IP Addresses and External DNS Hostnames

You can use public IP addresses and external DNS hostnames for communication between your instances and the Internet or other AWS products, such as Amazon Simple Storage Service (Amazon S3). Public IP addresses are reachable from the Internet.

When you launch an instance in EC2-Classic, we automatically assign a public IP address to the instance. You cannot modify this behavior. When you launch an instance into EC2-VPC, you can control whether your instance receives a public IP address. The public IP address is assigned to the eth0 network interface (the primary network interface).

When you launch an instance into a VPC, your subnet has an attribute that determines whether instances launched into that subnet receive a public IP address. By default, we don't automatically assign a public IP address to an instance that you launch in a nondefault subnet. Therefore, if you want an instance in a nondefault subnet to communicate with the Internet, you must either enable the public IP addressing feature during launch, or associate an Elastic IP address with the primary or any secondary private IP address assigned to the network interface for the instance. You can also modify the public IP addressing attribute of a nondefault subnet to specify that instances that are launched into that subnet should receive a public IP address. For more information, see Modifying Your Subnet's Public IP Addressing Behavior in the Amazon Virtual Private Cloud User Guide.

Note

T2 instance types can only be launched into a VPC. If you use the Amazon EC2 launch wizard to launch a T2 instance type in your EC2-Classic account, and you have no VPCs, the launch wizard creates a nondefault VPC for you, and modifies the subnet's attribute to automatically request a public IP address for your instance. For more information about T2 instance types, see T2 Instances.

A public IP address is assigned to your instance from Amazon's pool of public IP addresses, and is not associated with your AWS account. When a public IP address is disassociated from your instance, it is released back into the public IP address pool, and you cannot reuse it.

You cannot manually associate or disassociate a public IP address from your instance. Instead, in certain cases, we release the public IP address from your instance, or assign it a new one:

  • We release the public IP address for your instance when it's stopped or terminated. Your stopped instance receives a new public IP address when it's restarted.

  • We release the public IP address for your instance when you associate an Elastic IP address (EIP) with your instance, or when you associate an EIP with the primary network interface (eth0) of your instance in a VPC. When you disassociate the EIP from your instance, it receives a new public IP address.

  • If the public IP address of your instance in a VPC has been released, it will not receive a new one if there is more than one network interface attached to your instance.

If you require a persistent public IP address that can be associated to and from instances as you require, use an Elastic IP address (EIP) instead. You can allocate your own EIP, and associate it to your instance. For more information, see Elastic IP Addresses (EIP).

We provide each instance that has a public IP address with an external DNS hostname. We resolve an external DNS hostname to the public IP address of the instance outside the network of the instance, and to the private IP address of the instance from within the network of the instance. If your instance is in a VPC and you assign it an Elastic IP address, it receives a DNS hostname if DNS hostnames are enabled. For more information, see Using DNS with Your VPC in the Amazon Virtual Private Cloud User Guide.

The private IP address and public IP address for an instance are directly mapped to each other through network address translation (NAT). For more information about NAT, see RFC 1631: The IP Network Address Translator (NAT).

Note

Instances that access other instances through their public NAT IP address are charged for regional or Internet data transfer, depending on whether the instances are in the same region.

Differences Between EC2-Classic and EC2-VPC

The following table summarizes the differences between IP addresses for instances launched in EC2-Classic, instances launched in a default subnet, and instances launched in a nondefault subnet.

CharacteristicEC2-ClassicDefault SubnetNondefault Subnet

Public IP address (from Amazon's public IP address pool)

Your instance receives a public IP address.

Your instance launched in a default subnet receives a public IP address by default, unless you specify otherwise during launch, or you modify the subnet's public IP address attribute.

Your instance doesn't receive a public IP address by default, unless you specify otherwise during launch, or you modify the subnet's public IP address attribute.

Private IP address

Your instance receives a private IP address from the EC2-Classic range each time it's started.

Your instance receives a static private IP address from the address range of your default VPC.

Your instance receives a static private IP address from the address range of your VPC.

Multiple IP addresses

We select a single private IP address for your instance; multiple IP addresses are not supported.

You can assign multiple private IP addresses to your instance.

You can assign multiple private IP addresses to your instance.

Network interfaces

IP addresses are associated with the instance; network interfaces aren't supported.

IP addresses are associated with a network interface. Each instance has one or more network interfaces.

IP addresses are associated with a network interface. Each instance has one or more network interfaces.

Elastic IP address

An EIP is disassociated from your instance when you stop it.

An EIP remains associated with your instance when you stop it.

An EIP remains associated with your instance when you stop it.

DNS hostnames

DNS hostnames are enabled by default.

DNS hostnames are enabled by default.

DNS hostnames are disabled by default.

Determining Your Public, Private, and Elastic IP Addresses

You can use the EC2 console to determine the private IP addresses, public IP addresses, and EIPs of your instances.

To determine your instance's IP addresses using the console

  1. Open the Amazon EC2 console.

  2. Click Instances in the navigation pane.

  3. Select an instance. The console displays information about the instance in the lower pane.

  4. Get the public IP address from the Public IP field.

  5. If an EIP has been associated with the instance, get the EIP from the Elastic IP field.

  6. Get the private IP address from the Private IP field.

You can also determine the public and private IP addresses of your instances using instance metadata. For more information about instance metadata, see Instance Metadata and User Data.

To determine your instance's IP addresses using instance metadata

  1. Connect to the instance.

  2. Use the following command to access the private IP address:

    GET http://169.254.169.254/latest/meta-data/local-ipv4
  3. Use the following command to access the public IP address:

    GET http://169.254.169.254/latest/meta-data/public-ipv4

    Note that if an EIP is associated with the instance, the value returned is that of the EIP.

Assigning a Public IP Address

If you launch an instance in EC2-Classic, it is assigned a public IP address by default. You can't modify this behavior.

If you launch an instance into a VPC, a public IP addressing feature is available for you to control whether your instance is assigned a public IP address. The public IP address is assigned from Amazon's pool of public IP addresses, and is assigned to the network interface with the device index of eth0. This feature depends on certain conditions at the time you launch your instance.

Important

You can't manually disassociate the public IP address from your instance after launch. Instead, it's automatically released in certain cases, after which you cannot reuse it. For more information, see Public IP Addresses and External DNS Hostnames. If you require a persistent public IP address that you can associate or disassociate at will, assign an Elastic IP address to the instance after launch instead. For more information, see Elastic IP Addresses (EIP).

To access the public IP addressing feature when launching an instance

  1. Open the Amazon EC2 console.

  2. Click Launch Instance.

  3. Choose an AMI and click its Select button, then choose an instance type and click Next: Configure Instance Details.

  4. On the Configure Instance Details page, select a VPC from the Network list. A Public IP check box is displayed. Select the check box to assign a public IP address to your instance. If you select a default subnet, the Public IP check box is selected by default.

    The following rules apply:

    • A public IP address can only be assigned to a single network interface with the device index of eth0. The Public IP check box is not available if you're launching with multiple network interfaces, and is not available for the eth1 network interface.

    • You can only assign a public IP address to a new network interface, not an existing one.

  5. Follow the steps on the next pages of the wizard to complete your instance's setup. For more information about the wizard configuration options, see Launching an Instance. On the final Review Instance Launch page, review your settings, and then click Launch to choose a key pair and launch your instance.

  6. On the Instances page, select your new instance and view its public IP address in Public IP field in the details pane.

The public IP addressing feature is only available during launch. However, whether you assign a public IP address to your instance during launch or not, you can associate an Elastic IP address with your instance after it's launched. For more information, see Elastic IP Addresses (EIP). You can also modify your subnet's public IP addressing behavior. For more information, see Modifying Your Subnet's Public IP Addressing Behavior.

API and Command Line Tools for Public IP Addressing

To enable or disable the public IP addressing feature, use one of the methods in the table below. For more information about these command line interfaces, see Accessing Amazon EC2.

MethodParameter

AWS CLI

Use the --associate-public-ip-address or the --no-associate-public-ip-address option with the run-instances command.

Amazon EC2 CLI

Use the --associate-public-ip-address option with the ec2-run-instances command.

AWS Tools for Windows PowerShell

Use the -AssociatePublicIp parameter with the New-EC2Instance command.

Query API

Use the NetworkInterface.n.AssociatePublicIpAddress parameter with the RunInstances request.