AWS Documentation » Amazon EC2 » User Guide » Network and Security » Amazon EC2 Instance IP Addressing	« Previous Next »
	Did this page help you? Yes \| No \| Tell us about it...

Amazon EC2 Instance IP Addressing

We provide your instances with IP addresses and DNS hostnames. These can vary depending on whether you launched the instance in the EC2-Classic platform or in a virtual private cloud (VPC).

For information about the EC2-Classic and EC2-VPC platforms, see Supported Platforms. For information about Amazon VPC, see What is Amazon VPC? in the Amazon Virtual Private Cloud User Guide.

Topics

Private Addresses and Internal DNS Hostnames

You can use private IP addresses and internal DNS hostnames for communication between instances in the same network (EC2-Classic or a VPC).

When you launch an instance, we allocate a private IP address for the instance using DHCP. Private IP addresses are not reachable from the Internet. For more information about private IP addresses, see RFC 1918.

Each instance that you launch into a VPC has a default network interface. The network interface specifies the primary private IP address for the instance. If you don't select a primary private IP address, we select an available IP address in the subnet's range. You can specify additional private IP addresses, known as secondary private IP addresses. Unlike primary private IP addresses, secondary private IP addresses can be reassigned from one instance to another. For more information, see Multiple IP Addresses.

Each instance is provided an internal DNS hostname that resolves to the private IP address of the instance in EC2-Classic or your VPC. We can't resolve the DNS hostname outside the network that the instance is in.

For instances launched in EC2-Classic, a private IP address is associated with the instance until it is stopped or terminated.

For instances launched in a VPC, a private IP address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated.

Public IP Addresses and External DNS Hostnames

You can use public IP addresses and external DNS hostnames for communication between your instances and the Internet or other AWS products, such as Amazon Simple Storage Service (Amazon S3).

When you launch an instance in EC2-Classic or a default subnet, we allocate a public IP address for the instance. Public IP addresses are reachable from the Internet. A public IP address is associated with an instance until it is stopped or terminated. If you require a persistent public IP address that can be assigned to and removed from instances as necessary, use an Elastic IP address. For more information, see Elastic IP Addresses (EIP).

We don't allocate a public IP address for an instance that you launch in a nondefault subnet. Therefore, if you want an instance in a nondefault subnet to communicate with the Internet, you must associate an Elastic IP address with the primary or any secondary private IP address assigned to the network interface for the instance.

We provide each instance that has a public IP address with an external DNS hostname. We resolve an external DNS hostname to the public IP address of the instance outside the network of the instance, and to the private IP address of the instance from within the network of the instance. If your instance is in a VPC and you assign it an Elastic IP address, it receives a DNS hostname if DNS hostnames are enabled. For more information, see Using DNS with Your VPC in the Amazon Virtual Private Cloud User Guide.

The private IP address and public IP address for an instance are directly mapped to each other through network address translation (NAT). For more information about NAT, see RFC 1631: The IP Network Address Translator (NAT).

Note

Instances that access other instances through their public NAT IP address are charged for regional or Internet data transfer, depending on whether the instances are in the same region.

Differences Between EC2-Classic and EC2-VPC;

The following table summarizes the differences between IP addresses for instances launched in EC2-Classic, instances launched in a default subnet, and instances launched in a nondefault subnet.

Characteristic	EC2-Classic	Default VPC	Nondefault VPC
Public IP address	Your instance receives a public IP address.	Your instance launched in a default subnet receives a public IP address.	Your instance doesn't receive a public IP address.
Private IP address	Your instance receives a private IP address from the EC2-Classic range each time it's started.	Your instance receives a static private IP address from the address range of your default VPC.	Your instance receives a static private IP address from the address range of your VPC.
Multiple IP addresses	We select a single private IP address for your instance; multiple IP addresses are not supported.	You can assign multiple private IP addresses to your instance.	You can assign multiple private IP addresses to your instance.
Network interfaces	IP addresses are associated with the instance; network interfaces aren't supported.	IP addresses are associated with a network interface. Each instance has one or more network interfaces.	IP addresses are associated with a network interface. Each instance has one or more network interfaces.
Elastic IP address	An EIP is disassociated from your instance when you stop it.	An EIP remains associated with your instance when you stop it.	An EIP remains associated with your instance when you stop it.
DNS hostnames	DNS hostnames are enabled by default.	DNS hostnames are enabled by default.	DNS hostnames are disabled by default.

Determining Your Public and Private IP Addresses

You can determine the public and private IP addresses of your instances using the Amazon EC2 console.

To determine your instance's IP addresses using the Amazon EC2 console

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Click Instances in the navigation pane.
Select an instance. The console displays information about the instance in the lower pane.
Get the public IP address from the Public DNS field.
Get the private IP address from the Private IP field.

You can also determine the public and private IP addresses of your instances using instance metadata. For more information about instance metadata, see Instance Metadata.

To determine your instance's IP addresses using instance metadata

Connect to the instance.
Use the following command to access the private IP address:
```
GET http://169.254.169.254/latest/meta-data/local-ipv4
```
Use the following command to access the public IP address:
```
GET http://169.254.169.254/latest/meta-data/public-ipv4
```

Multiple IP Addresses

In EC2-VPC, you can specify multiple private IP addresses for your instances. The number of network interfaces and private IP addresses that you can specify for an instance depends on the instance type. For more information, see Private IP Addresses Per ENI Per Instance Type.

It can be useful to assign multiple private IP addresses to an instance in your VPC to do the following:

Host multiple websites on a single server by using multiple SSL certificates on a single server and associating each certificate with a specific IP address.
Operate network appliances, such as firewalls or load balancers, that have multiple private IP addresses for each network interface.
Redirect internal traffic to a standby instance in case your instance fails, by reassigning the secondary private IP address to the standby instance.

Topics

How Multiple IP Addresses Work

The following list explains how multiple IP addresses work with network interfaces:

You can assign a secondary private IP address to any network interface. The network interface can be attached to or detached from the instance.
You must choose a secondary private IP address that's in the CIDR block range of the subnet for the network interface.
Security groups apply to network interfaces, not to IP addresses. Therefore, IP addresses are subject to the security group of the network interface in which they're specified.
Secondary private IP addresses can be assigned and unassigned to elastic network interfaces attached to running or stopped instances.
Secondary private IP addresses that are assigned to a network interface can be reassigned to another one if you explicitly allow it.
When assigning multiple secondary private IP addresses to a network interface using the command line tools or API, the entire operation fails if one of the secondary private IP addresses can't be assigned.
Primary private IP addresses, secondary private IP addresses, and any associated Elastic IP addresses remain with the network interface when it is detached from an instance or attached to another instance.
Although you can't move the primary network interface from an instance, you can reassign the secondary private IP address of the primary network interface to another network interface.
You can move any additional network interface from one instance to another.

The following list explains how multiple IP addresses work with Elastic IP addresses:

Each private IP address can be associated with a single Elastic IP address, and vice versa.
When a secondary private IP address is reassigned to another interface, the secondary private IP address retains its association with an Elastic IP address.
When a secondary private IP address is unassigned from an interface, an associated Elastic IP address is automatically disassociated from the secondary private IP address.

Assigning a Secondary Private IP Address

You can assign the secondary private IP address to the network interface for an instance as you launch the instance, or after the instance is running.

To assign a secondary private IP address when launching an instance in EC2-VPC

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Click the Launch Instance button.
On the Create a New Instance page, click Classic Wizard, and then click Continue.
On the CHOOSE AN AMI page, the Quick Start tab displays a list of basic configurations called Amazon Machine Images (AMI). Choose an AMI and click its Select button.
On the INSTANCE DETAILS page, set the number and type of instance to launch. You can select a subnet or let us choose one. Confirm your selections, and then click Continue.
On the next INSTANCE DETAILS page, under Advanced Instance Options, do the following, and then click Continue:
1. Select the number of network interfaces to attach to the instance. The console enables you specify up to 2 network interfaces when you launch an instance. After you launch the instance, click Network Interfaces in the navigation pane to add additional network interfaces. The total number of network interfaces that you can attach varies by instance type. For more information, see Private IP Addresses Per ENI Per Instance Type.
2. For each network interface, you can specify a primary private IP address, and one or more secondary private IP addresses. For this example, however, accept the IP address that we automatically assign.
3. Beside Secondary IP Addresses, click Add, and then enter a private IP address in the subnet range, or accept the default, auto-assign, to let us select an address.
  Important
  After you have added a secondary private IP address to a network interface, you must connect to the instance and configure the secondary private IP address on the instance itself. For more information, see Configuring the Operating System on Your Instance to Recognize the Secondary Private IP Address .
On the next INSTANCE DETAILS page, you can specify volumes to attach to the instance besides the volumes specified by the AMI (such as the root device volume), and then click Continue.
On the final INSTANCE DETAILS page, specify tags for the instance, such as a user-friendly name, and then click Continue.
On the CREATE KEY PAIR page, select an existing key pair or create a new one. If you create a new key pair, you must download it before you can click Continue.
If you're new to Amazon EC2 and haven't created any key pairs, the wizard prompts you to create one.
On the CONFIGURE FIREWALL page, select an existing security group for the primary network interface, or create a new one, and then click Continue.
The security group for the additional network interface was previously selected when the ENI was created.
On the REVIEW page, review the settings, and then click Launch to begin launching your instance.

To assign a secondary private IP to an existing instance

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, do one of the following:
- Click Instances, and then right-click the instance.
- Click Network Interfaces, and then right-click the network interface attached to the instance.
Select Manage Private IP Addresses.
In the Manage Private IP Addresses dialog box, do the following:
1. Click Assign a secondary private address.
2. In the Address field, enter a specific IP address that's within the subnet range for the instance, or leave the field blank and we'll select an IP address for you.
3. (Optional) Select Allow reassignment to allow the secondary private IP address to be reassigned if it is already assigned to another network interface.
4. Click Yes, Update, and then click Close.

Configuring the Operating System on Your Instance to Recognize the Secondary Private IP Address

After you assign a secondary private IP address to your instance, you need to configure the operating system on your instance to recognize the secondary private IP address.

If you are using Amazon Linux, the ec2-net-utils package takes care of this step for you. It configures additional network interfaces attached while the instance is running, refreshes secondary IP addresses during DHCP lease renewal, and updates the related routing rules. If you require manual control over network configuration, you can remove the ec2-net-utils package.

If you are using another Linux distribution, see the documentation for your Linux distribution. Search for information about configuring additional network interfaces and secondary IP addresses. If the instance has two or more interfaces on the same subnet, search for information about using routing rules to work around asymmetric routing.

For information about configuring a Windows instance, see Configuring a Secondary Private IP Address for Your Windows Instance in the Amazon Elastic Compute Cloud Microsoft Windows Guide.

Assigning an Elastic IP Address to the Secondary Private IP Address

To assign an EIP to a secondary private IP address in EC2-VPC

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Click Elastic IPs in the navigation pane.
Right-click the IP address, and then click Associate.
In the Associate Address dialog box, select the network interface from the Network Interface drop-down list, and then select the secondary IP address from the Private IP address drop-down list.
Click Yes, Associate.

Viewing Your Secondary Private IP Addresses

To view the private IP addresses assigned to a network interface in EC2-VPC

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Click Network Interface in the navigation pane.
Select the network interface whose private IP addresses you want to view.
On the Details tab in the details pane, check the Primary IP and Secondary Private IPs fields for the primary private IP address and any secondary private IP addresses assigned to the network interface.

To view the private IP addresses assigned to an instance

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Click Instances in the navigation pane.
Select the instance whose private IP addresses you want to view.
On the Description tab in the details pane, check the Primary IPs and Secondary Private IPs fields for the primary private IP address and any secondary private IP addresses assigned to the instance through its network interface.

Unassigning a Secondary Private IP Address

If you no longer require a secondary private IP address, you can unassign it from the instance or the network interface. When a secondary private IP address is unassigned from an elastic network interface, the Elastic IP address (if it exists) is also disassociated.

To unassign a secondary private IP address from an instance

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Click Instances in the navigation pane.
Right-click an instance, and then click Manage Private IP Addresses.
In the Manage Private IP Addresses dialog box, beside the secondary private IP address to unassign, click Unassign.
Click Yes, Update, and then click Close.

To unassign a secondary private IP address from a network interface

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Click Network Interface in the navigation pane.
Right-click an instance, and the click Manage Private IP Addresses.
In the Manage Private IP Addresses dialog box, beside the secondary private IP address to unassign, click Unassign.
Click Yes, Update, and then click Close.

Document Conventions	« Previous Next »
Terms of Use	Did this page help you? Yes \| No \| Tell us about it...