AWS::EC2::EIPAssociation
Associates an Elastic IP address with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account. For more information about working with Elastic IP addresses, see Elastic IP address concepts and rules.
An Elastic IP address can be used in EC2-Classic and EC2-VPC accounts. There are differences between an Elastic IP address that you use in a VPC and one that you use in EC2-Classic. For more information, see Differences between instances in EC2-Classic and a VPC.
[EC2-VPC] You must specify AllocationId and either InstanceId,
NetworkInterfaceId, or PrivateIpAddress.
[EC2-Classic] You must specify EIP and InstanceId.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::EC2::EIPAssociation", "Properties" : { "AllocationId" :String, "EIP" :String, "InstanceId" :String, "NetworkInterfaceId" :String, "PrivateIpAddress" :String} }
YAML
Type: AWS::EC2::EIPAssociation Properties: AllocationId:StringEIP:StringInstanceId:StringNetworkInterfaceId:StringPrivateIpAddress:String
Properties
AllocationId-
[EC2-VPC] The allocation ID. This is required for EC2-VPC.
Required: Conditional
Type: String
Update requires: Some interruptions
EIP-
[EC2-Classic] The Elastic IP address to associate with the instance. This is required for EC2-Classic.
Required: Conditional
Type: String
Update requires: Some interruptions
InstanceId-
The ID of the instance. The instance must have exactly one attached network interface. For EC2-VPC, you can specify either the instance ID or the network interface ID, but not both. For EC2-Classic, you must specify an instance ID and the instance must be in the running state.
Required: Conditional
Type: String
Update requires: Some interruptions
NetworkInterfaceId-
[EC2-VPC] The ID of the network interface. If the instance has more than one network interface, you must specify a network interface ID.
For EC2-VPC, you can specify either the instance ID or the network interface ID, but not both.
Required: Conditional
Type: String
Update requires: Some interruptions
PrivateIpAddress-
[EC2-VPC] The primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address.
Required: No
Type: String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource name.
For more information about using the Ref function, see Ref.
Examples
Associate an Elastic IP address to an instance
The following example creates an instance with two elastic network interfaces (ENI). The example assumes that you have an existing VPC.
For additional examples, see Assigning an Amazon EC2 Elastic IP Using AWS::EC2::EIP Snippet.
JSON
"Resources" : { "ControlPortAddress" : { "Type" : "AWS::EC2::EIP", "Properties" : { "Domain" : "vpc" } }, "AssociateControlPort" : { "Type" : "AWS::EC2::EIPAssociation", "Properties" : { "AllocationId" : { "Fn::GetAtt" : [ "ControlPortAddress", "AllocationId" ]}, "NetworkInterfaceId" : { "Ref" : "controlXface" } } }, "WebPortAddress" : { "Type" : "AWS::EC2::EIP", "Properties" : { "Domain" : "vpc" } }, "AssociateWebPort" : { "Type" : "AWS::EC2::EIPAssociation", "Properties" : { "AllocationId" : { "Fn::GetAtt" : [ "WebPortAddress", "AllocationId" ]}, "NetworkInterfaceId" : { "Ref" : "webXface" } } }, "SSHSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "VpcId" : { "Ref" : "VpcId" }, "GroupDescription" : "Enable SSH access via port 22", "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : 22, "ToPort" : 22, "CidrIp" : "0.0.0.0/0" } ] } }, "WebSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "VpcId" : { "Ref" : "VpcId" }, "GroupDescription" : "Enable HTTP access via user defined port", "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : 80, "ToPort" : 80, "CidrIp" : "0.0.0.0/0" } ] } }, "controlXface" : { "Type" : "AWS::EC2::NetworkInterface", "Properties" : { "SubnetId" : { "Ref" : "SubnetId" }, "Description" :"Interface for control traffic such as SSH", "GroupSet" : [ {"Ref" : "SSHSecurityGroup"} ], "SourceDestCheck" : "true", "Tags" : [ {"Key" : "Network", "Value" : "Control"}] } }, "webXface" : { "Type" : "AWS::EC2::NetworkInterface", "Properties" : { "SubnetId" : { "Ref" : "SubnetId" }, "Description" :"Interface for web traffic", "GroupSet" : [ {"Ref" : "WebSecurityGroup"} ], "SourceDestCheck" : "true", "Tags" : [ {"Key" : "Network", "Value" : "Web"}] } }, "Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}, "KeyName" : { "Ref" : "KeyName" }, "NetworkInterfaces" : [ { "NetworkInterfaceId" : {"Ref" : "controlXface"}, "DeviceIndex" : "0" }, { "NetworkInterfaceId" : {"Ref" : "webXface"}, "DeviceIndex" : "1" }], "Tags" : [ {"Key" : "Role", "Value" : "Test Instance"}], "UserData" : {"Fn::Base64" : { "Fn::Join" : ["",["#!/bin/bash -ex","\n", "\n","yum install ec2-net-utils -y","\n", "ec2ifup eth1","\n", "service httpd start"]]}} } } }
YAML
Resources: ControlPortAddress: Type: AWS::EC2::EIP Properties: Domain: vpc AssociateControlPort: Type: AWS::EC2::EIPAssociation Properties: AllocationId: !GetAtt ControlPortAddress.AllocationId NetworkInterfaceId: !Ref controlXface WebPortAddress: Type: AWS::EC2::EIP Properties: Domain: vpc AssociateWebPort: Type: AWS::EC2::EIPAssociation Properties: AllocationId: !GetAtt WebPortAddress.AllocationId NetworkInterfaceId: !Ref webXface SSHSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: VpcId: !Ref VpcId GroupDescription: Enable SSH access via port 22 SecurityGroupIngress: - CidrIp: 0.0.0.0/0 FromPort: 22 IpProtocol: tcp ToPort: 22 WebSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: VpcId: !Ref VpcId GroupDescription: Enable HTTP access via user defined port SecurityGroupIngress: - CidrIp: 0.0.0.0/0 FromPort: 80 IpProtocol: tcp ToPort: 80 controlXface: Type: AWS::EC2::NetworkInterface Properties: SubnetId: !Ref SubnetId Description: Interface for controlling traffic such as SSH GroupSet: - !Ref SSHSecurityGroup SourceDestCheck: true Tags: - Key: Network Value: Control webXface: Type: AWS::EC2::NetworkInterface Properties: SubnetId: !Ref SubnetId Description: Interface for controlling traffic such as SSH GroupSet: - !Ref WebSecurityGroup SourceDestCheck: true Tags: - Key: Network Value: Web Ec2Instance: Type: AWS::EC2::Instance Properties: ImageId: !FindInMap [ RegionMap, !Ref 'AWS::Region', AMI ] KeyName: !Ref KeyName NetworkInterfaces: - NetworkInterfaceId: !Ref controlXface DeviceIndex: 0 - NetworkInterfaceId: !Ref webXface DeviceIndex: 1 Tags: - Key: Role Value: Test Instance UserData: Fn::Base64: !Sub | #!/bin/bash -xe yum install ec2-net-utils -y ec2ifup eth1 service httpd start
