Multiple IP addresses for your EC2 instances
You can specify multiple private IPv4 and IPv6 addresses for your instances. The number of network interfaces and private IPv4 and IPv6 addresses that you can specify for an instance depends on the instance type. For more information, see Maximum IP addresses per network interface.
It can be useful to assign multiple IP addresses to an instance in your VPC to do the following:
-
Host multiple websites on a single server by using multiple SSL certificates on a single server and associating each certificate with a specific IP address.
-
Operate network appliances, such as firewalls or load balancers, that have multiple IP addresses for each network interface.
-
Redirect internal traffic to a standby instance in case your instance fails, by reassigning the secondary IP address to the standby instance.
Contents
How multiple IP addresses work
The following list explains how multiple IP addresses work with network interfaces:
-
You can assign a secondary private IPv4 address to any network interface.
-
You can assign multiple IPv6 addresses to a network interface that's in a subnet that has an associated IPv6 CIDR block.
-
You must choose a secondary IPv4 address from the IPv4 CIDR block range of the subnet for the network interface.
-
You must choose IPv6 addresses from the IPv6 CIDR block range of the subnet for the network interface.
-
You associate security groups with network interfaces, not individual IP addresses. Therefore, each IP address you specify in a network interface is subject to the security group of its network interface.
-
Multiple IP addresses can be assigned and unassigned to network interfaces attached to running or stopped instances.
-
Secondary private IPv4 addresses that are assigned to a network interface can be reassigned to another one if you explicitly allow it.
-
An IPv6 address cannot be reassigned to another network interface; you must first unassign the IPv6 address from the existing network interface.
-
When assigning multiple IP addresses to a network interface using the command line tools or API, the entire operation fails if one of the IP addresses can't be assigned.
-
Primary private IPv4 addresses, secondary private IPv4 addresses, Elastic IP addresses, and IPv6 addresses remain with a secondary network interface when it is detached from an instance or attached to an instance.
-
Although you can't detach the primary network interface from an instance, you can reassign the secondary private IPv4 address of the primary network interface to another network interface.
The following list explains how multiple IP addresses work with Elastic IP addresses (IPv4 only):
-
Each private IPv4 address can be associated with a single Elastic IP address, and vice versa.
-
When a secondary private IPv4 address is reassigned to another interface, the secondary private IPv4 address retains its association with an Elastic IP address.
-
When a secondary private IPv4 address is unassigned from an interface, an associated Elastic IP address is automatically disassociated from the secondary private IPv4 address.
Work with multiple IPv4 addresses
You can assign a secondary private IPv4 address to an instance, associate an Elastic IPv4 address with a secondary private IPv4 address, and unassign a secondary private IPv4 address.
Tasks
Assign a secondary private IPv4 address
You can assign the secondary private IPv4 address to the network interface for an instance as you launch the instance, or after the instance is running.
To assign a secondary private IPv4 address when launching an instance
-
Follow the procedure to launch an instance. For Network settings, choose Edit.
-
Select a VPC and a subnet.
-
Expand Advanced network configuration.
-
For Secondary IP, choose Automatically assign and enter the number of IP addresses (Amazon automatically assigns secondary IPv4 addresses) or choose Manually assign and enter the IPv4 addresses.
-
Complete the remaining steps to launch the instance.
To assign a secondary IPv4 address during launch using the command line
You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.
-
The
--secondary-private-ip-addresses
option with the run-instances command (AWS CLI) -
Define
-NetworkInterface
and specify thePrivateIpAddresses
parameter with the New-EC2Instance command (AWS Tools for Windows PowerShell).
To assign a secondary private IPv4 address to a network interface
-
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Network Interfaces, and then select the network interface for the instance.
-
Choose Actions, Manage IP Addresses.
-
Expand the network interface. Under IPv4 addresses, choose Assign new IP address.
-
Enter a specific IPv4 address that's within the subnet range for the instance, or leave the field blank to let Amazon select an IPv4 address for you.
-
(Optional) Select Allow to allow the secondary private IP address to be reassigned if it is already assigned to another network interface.
-
Choose Save.
Alternatively, you can assign a secondary private IPv4 address to an instance. Choose Instances in the navigation pane, select the instance, and then choose Actions, Networking, Manage IP addresses. You can configure the same information as you did in the steps above. The IP address is assigned to the primary network interface for the instance.
To assign a secondary private IPv4 address to an existing instance using the command line
You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.
-
assign-private-ip-addresses (AWS CLI)
-
Register-EC2PrivateIpAddress (AWS Tools for Windows PowerShell)
Configure the operating system to recognize secondary private IPv4 addresses
After you assign a secondary private IPv4 address to your instance, you need to configure the operating system on your instance to recognize the secondary private IP address.
Linux instances
-
If you are using Amazon Linux, the ec2-net-utils package can take care of this step for you. It configures additional network interfaces that you attach while the instance is running, refreshes secondary IPv4 addresses during DHCP lease renewal, and updates the related routing rules. You can immediately refresh the list of interfaces by using the command
sudo service network restart
and then view the up-to-date list usingip addr li
. If you require manual control over your network configuration, you can remove the ec2-net-utils package. For more information, see Configure your network interface using ec2-net-utils. -
If you are using another Linux distribution, see the documentation for your Linux distribution. Search for information about configuring additional network interfaces and secondary IPv4 addresses. If the instance has two or more interfaces on the same subnet, search for information about using routing rules to work around asymmetric routing.
Windows instances
For more information, see Configure secondary private IPv4 addresses for Windows instances.
Associate an Elastic IP address with the secondary private IPv4 address
To associate an Elastic IP address with a secondary private IPv4 address
-
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Elastic IPs.
-
Select the checkbox for the Elastic IP address
-
Choose Actions, Associate Elastic IP address.
-
For Resource type, choose Network interface. select the network interface, and then select the secondary IP address from the Private IP address list.
-
For Network interface, select the network interface. select the secondary IP address from the Private IP address list.
-
For Private IP address, select the secondary IP address.
-
Choose Associate.
To associate an Elastic IP address with a secondary private IPv4 address using the command line
You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.
-
associate-address (AWS CLI)
-
Register-EC2Address (AWS Tools for Windows PowerShell)
View your secondary private IPv4 addresses
To view the private IPv4 addresses assigned to a network interface
-
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Network Interfaces.
-
Select the checkbox for the network interface.
-
On the Details tab, under IP addresses, locate Private IPv4 address and Secondary private IPv4 addresses.
To view the private IPv4 addresses assigned to an instance
-
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Instances.
-
Select the checkbox for the instance.
-
On the Networking tab, under Networking details, locate Private IPv4 addresses and Secondary private IPv4 addresses.
Unassign a secondary private IPv4 address
If you no longer require a secondary private IPv4 address, you can unassign it from the instance or the network interface. When a secondary private IPv4 address is unassigned from a network interface, the Elastic IP address (if it exists) is also disassociated.
To unassign a secondary private IPv4 address from an instance
-
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Instances.
-
Select an instance, choose Actions, Networking, Manage IP addresses.
-
Expand the network interface. For IPv4 addresses, choose Unassign for the IPv4 address to unassign.
-
Choose Save.
To unassign a secondary private IPv4 address from a network interface
-
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Network Interfaces.
-
Select the network interface, choose Actions, Manage IP addresses.
-
Expand the network interface. For IPv4 addresses, choose Unassign for the IPv4 address to unassign.
-
Choose Save.
To unassign a secondary private IPv4 address using the command line
You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.
-
unassign-private-ip-addresses (AWS CLI)
-
Unregister-EC2PrivateIpAddress (AWS Tools for Windows PowerShell)
Work with multiple IPv6 addresses
You can assign multiple IPv6 addresses to your instance, view the IPv6 addresses assigned to your instance, and unassign IPv6 addresses from your instance.
Assign multiple IPv6 addresses
You can assign one or more IPv6 addresses to your instance during launch or after launch. To assign an IPv6 address to an instance, the VPC and subnet in which you launch the instance must have an associated IPv6 CIDR block.
To assign multiple IPv6 addresses during launch
-
Follow the procedure to launch an instance. For Network settings, choose Edit.
-
Select a VPC and a subnet.
-
Expand Advanced network configuration.
-
For IPv6 IPs, choose Automatically assign and the number of IP addresses (Amazon automatically assigns the IPv6 addresses) or choose Manually assign and enter the IPv6 addresses.
-
Complete the remaining steps to launch the instance.
You can use the Instances screen Amazon EC2 console to assign multiple IPv6 addresses to an existing instance. This assigns the IPv6 addresses to the primary network interface of the instance. To assign a specific IPv6 address to the instance, ensure that the IPv6 address is not already assigned to another instance or network interface.
To assign multiple IPv6 addresses to an existing instance
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Instances.
-
Select your instance, choose Actions, Networking, Manage IP addresses.
-
Expand the network interface. For IPv6 addresses, choose Assign new IP address for each IPv6 address to add. You can specify an IPv6 address from the range of the subnet, or leave the field empty to let Amazon choose an IPv6 address for you.
-
Choose Save.
Alternatively, you can assign multiple IPv6 addresses to an existing network interface. The network interface must have been created in a subnet that has an associated IPv6 CIDR block. To assign a specific IPv6 address to the network interface, ensure that the IPv6 address is not already assigned to another network interface.
To assign multiple IPv6 addresses to a network interface
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Network Interfaces.
-
Select your network interface, choose Actions, Manage IP addresses.
-
Expand the network interface. For IPv6 addresses, choose Assign new IP address for each IPv6 address to add. You can specify an IPv6 address from the range of the subnet, or leave the field empty to let Amazon choose an IPv6 address for you.
-
Choose Save.
CLI overview
You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.
-
Assign an IPv6 address during launch:
-
Use the
--ipv6-addresses
or--ipv6-address-count
options with the run-instances command (AWS CLI) -
Define
-NetworkInterface
and specify theIpv6Addresses
orIpv6AddressCount
parameters with the New-EC2Instance command (AWS Tools for Windows PowerShell).
-
-
Assign an IPv6 address to a network interface:
-
assign-ipv6-addresses (AWS CLI)
-
Register-EC2Ipv6AddressList (AWS Tools for Windows PowerShell)
-
View your IPv6 addresses
You can view the IPv6 addresses for an instance or for a network interface.
To view the IPv6 addresses assigned to an instance
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Instances.
-
Select the checkbox for your instance.
-
On the Networking tab, locate the IPv6 addresses field.
To view the IPv6 addresses assigned to a network interface
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Network Interfaces.
-
Select the checkbox for your network interface.
-
On the Details tab, under IP addresses, locate the IPv6 addresses field.
CLI overview
You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.
-
View the IPv6 addresses for an instance:
-
describe-instances (AWS CLI)
-
Get-EC2Instance (AWS Tools for Windows PowerShell).
-
-
View the IPv6 addresses for a network interface:
-
describe-network-interfaces (AWS CLI)
-
Get-EC2NetworkInterface (AWS Tools for Windows PowerShell)
-
Unassign an IPv6 address
You can unassign an IPv6 address from the primary network interface of an instance, or you can unassign an IPv6 address from a network interface.
To unassign an IPv6 address from an instance
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Instances.
-
Select the checkbox for your instance, and then choose Actions, Networking, Manage IP addresses.
-
Expand the network interface. Under IPv6 addresses, choose Unassign next to the IPv6 address.
-
Choose Save.
To unassign an IPv6 address from a network interface
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Network Interfaces.
-
Select the checkbox for your network interface, and then choose Actions, Manage IP addresses.
-
Expand the network interface. Under IPv6 addresses, choose Unassign next to the IPv6 address.
-
Choose Save.
CLI overview
You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.
-
unassign-ipv6-addresses (AWS CLI)
-
Unregister-EC2Ipv6AddressList (AWS Tools for Windows PowerShell)