Menu
Amazon Virtual Private Cloud
User Guide

IP Addressing in Your VPC

This topic describes the IP addresses available to your Amazon EC2 instances in your VPC.

Public and Private IP Addresses

We provide your instances in a VPC with IP addresses. Private IP addresses are not reachable over the Internet, and can be used for communication between the instances in your VPC. Public IP addresses are reachable over the Internet, and can be used for communication between your instances and the Internet, or with other AWS services that have public endpoints.

Note

To ensure that your instances can communicate with the Internet, you must also attach an Internet gateway to your VPC. For more information, see Internet Gateways.

Private IP addresses

When you launch an instance into a VPC, a primary private IP address from the address range of the subnet is assigned to the default network interface (eth0) of the instance. If you don't specify a primary private IP address, we select an available IP address in the subnet range for you. For more information about network interfaces, see Elastic Network Interfaces in the Amazon EC2 User Guide for Linux Instances.

You can assign additional private IP addresses, known as secondary private IP addresses, to instances that are running in a VPC. Unlike a primary private IP address, you can reassign a secondary private IP address from one network interface to another. A private IP address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated. For more information about primary and secondary IP addresses, see Multiple IP Addresses in the Amazon EC2 User Guide for Linux Instances.

Note

We refer to private IP addresses as the IP addresses that are within the CIDR range of the VPC. Most VPC IP address ranges fall within the private (non-publicly routable) IP address ranges specified in RFC 1918; however, it is possible to use publicly routable CIDR blocks for your VPC. We currently do not support direct access to the Internet from publicly routable VPC CIDR blocks — if your VPC uses a publicly routable IP address range, you must set up Internet access through a virtual private gateway, a VPN connection, or AWS Direct Connect.

Public IP addresses

All subnets have an attribute that determines whether instances launched into that subnet receive a public IP address. The public IP address is assigned to the default network interface (eth0). By default, instances launched into a default subnet are assigned a public IP address. A public IP address is mapped to the primary private IP address through network address translation (NAT).

You can control whether your instance receives a public IP address by doing the following:

A public IP address is assigned to your instance from Amazon's pool of public IP addresses; it's not associated with your account. When a public IP address is disassociated from your instance, it's released back into the pool, and is no longer available for you to use. You cannot manually associate or disassociate a public IP address. Instead, in certain cases, we release the public IP address from your instance, or assign it a new one. For more information, see Public IP Addresses in the Amazon EC2 User Guide for Linux Instances.

If you require a persistent public IP address that can be assigned to and removed from instances as you require, use an Elastic IP address instead. To do this, you must allocate an Elastic IP address for use with the VPC, and then associate that Elastic IP address with a private IP address specified by the network interface attached to the instance. For more information, see Elastic IP Addresses.

Modifying Your Subnet's Public IP Addressing Behavior

All subnets have an attribute that determines whether instances launched into that subnet are assigned a public IP address. By default, nondefault subnets have this attribute set to false, and default subnets have this attribute set to true. An exception is a nondefault subnet created by the Amazon EC2 launch instance wizard — the wizard sets the attribute to true.

You can modify the subnet's public IP addressing attribute. If you change this attribute, you can still override this setting for a specific instance during launch. For more information, see Assigning a Public IP Address During Launch.

To modify your subnet's public IP addressing behavior

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Subnets.

  3. Select your subnet, choose Subnet Actions, and then Modify Auto-Assign Public IP.

  4. The Enable Auto-assign Public IP check box, if selected, requests a public IP address for all instances launched into the selected subnet. Select or clear the check box as required, and then choose Save.

Assigning a Public IP Address During Launch

You can control whether your instance in a default or nondefault subnet is assigned a public IP address during launch. This feature is only available if you're launching an instance with a single network interface with the device index of 0.

Important

You can't manually disassociate the public IP address from your instance after launch. Instead, it's automatically released in certain cases, after which you cannot reuse it. If you require a persistent public IP address that you can associate or disassociate at will, associate an Elastic IP address with the instance after launch instead. For more information, see Elastic IP Addresses.

To access the public IP addressing feature when launching an instance

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Choose Launch Instance.

  3. Choose an AMI, and then choose an instance type and choose Next: Configure Instance Details.

  4. On the Configure Instance Details page, if a VPC is selected in the Network list, the Auto-assign Public IP list is displayed. Select Enable or Disable to override the default setting for the subnet.

    Important

    A public IP address cannot be assigned if you specify more than one network interface. Additionally, for a nondefault subnet, a public IP address cannot be assigned if you specify an existing network interface for eth0.

  5. Follow the remaining steps in the wizard to launch your instance.

  6. On the Instances screen, select your instance. On the Description tab, in the Public IP field, you can view your instance's public IP address. Alternatively, in the navigation pane, choose Network Interfaces, and then select the eth0 network interface for your instance. You can view the public IP address in the Public IPs field.

    Note

    The public IP address is displayed as a property of the network interface in the console, but it's mapped to the primary private IP address through NAT. Therefore, if you inspect the properties of your network interface on your instance, for example, through ipconfig on a Windows instance, or ifconfig on a Linux instance, the public IP address is not displayed. To determine your instance's public IP address from within the instance, you can use instance metadata. For more information, see Instance Metadata and User Data.

This feature is only available during launch. However, whether you assign a public IP address to your instance during launch or not, you can associate an Elastic IP address with your instance after it's launched. For more information, see Elastic IP Addresses.

Elastic IP Addresses

An Elastic IP address is a static, public IP address designed for dynamic cloud computing. You can associate an Elastic IP address with any instance or network interface for your VPC. With an Elastic IP address, you can mask the failure of an instance by rapidly remapping the address to another instance in your VPC. Note that the advantage of associating the Elastic IP address with the network interface instead of directly with the instance is that you can move all the attributes of the network interface from one instance to another in a single step.

Elastic IP Address Basics

The following are the basic things that you need to know about Elastic IP addresses:

  • You first allocate an Elastic IP address for use in a VPC, and then associate it with an instance in your VPC (it can be assigned to only one instance at a time).

  • An Elastic IP address is a property of network interfaces. You can associate an Elastic IP address with an instance by updating the network interface attached to the instance.

  • If you associate an Elastic IP address with the eth0 network interface of your instance, its current public IP address (if it had one) is released to the EC2-VPC public IP address pool. If you disassociate the Elastic IP address, the eth0 network interface is automatically assigned a new public IP address within a few minutes. This doesn't apply if you've attached a second network interface to your instance.

  • There are differences between an Elastic IP address that you use in a VPC and one that you use in EC2-Classic. For more information, see Elastic IP Address Differences Between EC2-Classic and Amazon EC2-VPC in the Amazon EC2 User Guide for Linux Instances).

  • You can move an Elastic IP address from one instance to another. The instance can be in the same VPC or another VPC, but not in EC2-Classic.

  • Your Elastic IP addresses remain associated with your AWS account until you explicitly release them.

  • To ensure efficient use of Elastic IP addresses, we impose a small hourly charge when they aren't associated with a running instance, or when they are associated with a stopped instance or an unattached network interface. While your instance is running, you aren't charged for one Elastic IP address associated with the instance, but you are charged for any additional Elastic IP addresses associated with the instance. For more information, see Amazon EC2 Pricing.

  • You're limited to five Elastic IP addresses; to help conserve them, you can use a NAT device (see NAT).

  • An Elastic IP address is accessed through the Internet gateway of a VPC. If you have set up a VPN connection between your VPC and your network, the VPN traffic traverses a virtual private gateway, not an Internet gateway, and therefore cannot access the Elastic IP address.

  • You can migrate an Elastic IP address that you've allocated for use in the EC2-Classic platform to the VPC platform. For more information, see Migrating an Elastic IP Address from EC2-Classic to EC2-VPC in the Amazon EC2 User Guide.

Working with Elastic IP Addresses

You can allocate an Elastic IP address and then associate it with an instance in a VPC.

To allocate an Elastic IP address for use in a VPC

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Elastic IPs.

  3. Choose Allocate New Address.

  4. Choose Yes, Allocate.

    Note

    If your account supports EC2-Classic, first choose EC2-VPC from the Network platform list.

To view your Elastic IP addresses

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Elastic IPs.

  3. To filter the displayed list, start typing part of the Elastic IP address or the ID of the instance to which it's assigned in the search box.

To associate an Elastic IP address with a running instance in a VPC

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Elastic IPs.

  3. Select an Elastic IP address that's allocated for use with a VPC (the Scope column has a value of vpc), choose Actions, and then choose Associate Address.

  4. In the Associate Address dialog box, select Instance or Network Interface from the Associate with list, and then either the instance or network interface ID. Select the private IP address to associate the Elastic IP address with from the Private IP address list, and then choose Yes, Associate.

    Note

    A network interface can have several attributes, including an Elastic IP address. You can create a network interface and attach and detach it from instances in your VPC. The advantage of making the Elastic IP address an attribute of the network interface instead of associating it directly with the instance is that you can move all the attributes of the network interface from one instance to another in a single step. For more information, see Elastic Network Interfaces.

  5. (Optional) After you associate the Elastic IP address with your instance, it receives a DNS hostname if DNS hostnames are enabled. For more information, see Using DNS with Your VPC.

To change which instance an Elastic IP address is associated with, disassociate it from the currently associated instance, and then associate it with the new instance in the VPC.

To disassociate an Elastic IP address

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Elastic IPs.

  3. Select the Elastic IP address, choose Actions, and then choose Disassociate Address.

  4. When prompted, choose Yes, Disassociate.

If you no longer need an Elastic IP address, we recommend that you release it (the address must not be associated with an instance). You incur charges for any Elastic IP address that's allocated for use with a VPC but not associated with an instance.

To release an Elastic IP address

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Elastic IPs.

  3. Select the Elastic IP address, choose Actions, and then choose Release Address.

  4. When prompted, choose Yes, Release.

API and Command Overview

You can perform the tasks described on this page using the command line or an API. For more information about the command line interfaces and a list of available APIs, see Accessing Amazon VPC.

Acquire an Elastic IP address

Associate an Elastic IP address with an instance or network interface

Describe one or more Elastic IP addresses

Disassociate an Elastic IP address

Release an Elastic IP address

Assign a public IP address during launch

  • Use the --associate-public-ip-address or the --no-associate-public-ip-address option with the run-instances command. (AWS CLI)

  • Use the -AssociatePublicIp parameter with the New-EC2Instance command. (AWS Tools for Windows PowerShell)

Modify a subnet's public IP addressing behavior