Multiple IP addresses

You can specify multiple private IPv4 and IPv6 addresses for your instances. The number of network interfaces and private IPv4 and IPv6 addresses that you can specify for an instance depends on the instance type. For more information, see IP addresses per network interface per instance type.

It can be useful to assign multiple IP addresses to an instance in your VPC to do the following:

• Host multiple websites on a single server by using multiple SSL certificates on a single server and associating each certificate with a specific IP address.

• Operate network appliances, such as firewalls or load balancers, that have multiple IP addresses for each network interface.

• Redirect internal traffic to a standby instance in case your instance fails, by reassigning the secondary IP address to the standby instance.

How multiple IP addresses work

The following list explains how multiple IP addresses work with network interfaces:

• You can assign a secondary private IPv4 address to any network interface.

• You can assign multiple IPv6 addresses to a network interface that's in a subnet that has an associated IPv6 CIDR block.

• You must choose a secondary IPv4 address from the IPv4 CIDR block range of the subnet for the network interface.

• You must choose IPv6 addresses from the IPv6 CIDR block range of the subnet for the network interface.

• You associate security groups with network interfaces, not individual IP addresses. Therefore, each IP address you specify in a network interface is subject to the security group of its network interface.

• Multiple IP addresses can be assigned and unassigned to network interfaces attached to running or stopped instances.

• Secondary private IPv4 addresses that are assigned to a network interface can be reassigned to another one if you explicitly allow it.

• An IPv6 address cannot be reassigned to another network interface; you must first unassign the IPv6 address from the existing network interface.

• When assigning multiple IP addresses to a network interface using the command line tools or API, the entire operation fails if one of the IP addresses can't be assigned.

• Primary private IPv4 addresses, secondary private IPv4 addresses, Elastic IP addresses, and IPv6 addresses remain with a secondary network interface when it is detached from an instance or attached to an instance.

• Although you can't detach the primary network interface from an instance, you can reassign the secondary private IPv4 address of the primary network interface to another network interface.

The following list explains how multiple IP addresses work with Elastic IP addresses (IPv4 only):

• Each private IPv4 address can be associated with a single Elastic IP address, and vice versa.

• When a secondary private IPv4 address is reassigned to another interface, the secondary private IPv4 address retains its association with an Elastic IP address.

• When a secondary private IPv4 address is unassigned from an interface, an associated Elastic IP address is automatically disassociated from the secondary private IPv4 address.

Work with multiple IPv4 addresses

You can assign a secondary private IPv4 address to an instance, associate an Elastic IPv4 address with a secondary private IPv4 address, and unassign a secondary private IPv4 address.

Tasks

• Assign a secondary private IPv4 address
• Configure the operating system on your instance to recognize secondary private IPv4 addresses
• Associate an Elastic IP address with the secondary private IPv4 address
• View your secondary private IPv4 addresses
• Unassign a secondary private IPv4 address

Assign a secondary private IPv4 address

You can assign the secondary private IPv4 address to the network interface for an instance as you launch the instance, or after the instance is running. This section includes the following procedures.

• To assign a secondary private IPv4 address when launching an instance

• To assign a secondary IPv4 address during launch using the command line

• To assign a secondary private IPv4 address to a network interface

• To assign a secondary private IPv4 to an existing instance using the command line

New console

To assign a secondary private IPv4 address when launching an instance

1. Follow the procedure to launch an instance, and when you configure Network Settings, choose Advanced network configuration.

2. Under Secondary IP, choose Automatically assign to have Amazon automatically assign a secondary IPv4 address or choose Manually assign to manually enter a CIDR.

3. Complete the remaining steps to launch the instance.

Old console

To assign a secondary private IPv4 address when launching an instance

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. Choose Launch Instance.

3. Select an AMI, then choose an instance type and choose Next: Configure Instance Details.

4. On the Configure Instance Details page, for Network, select a VPC and for Subnet, select a subnet.

5. In the Network Interfaces section, do the following, and then choose Next: Add Storage:

   • To add another network interface, choose Add Device. The console enables you to specify up to two network interfaces when you launch an instance. After you launch the instance, choose Network Interfaces in the navigation pane to add additional network interfaces. The total number of network interfaces that you can attach varies by instance type. For more information, see IP addresses per network interface per instance type.

     Important

     When you add a second network interface, the system can no longer auto-assign a public IPv4 address. You will not be able to connect to the instance over IPv4 unless you assign an Elastic IP address to the primary network interface (eth0). You can assign the Elastic IP address after you complete the Launch wizard. For more information, see Work with Elastic IP addresses.

   • For each network interface, under Secondary IP addresses, choose Add IP, and then enter a private IP address from the subnet range, or accept the default Auto-assign value to let Amazon select an address.

6. On the next Add Storage page, you can specify volumes to attach to the instance besides the volumes specified by the AMI (such as the root device volume), and then choose Next: Add Tags.

7. On the Add Tags page, specify tags for the instance, such as a user-friendly name, and then choose Next: Configure Security Group.

8. On the Configure Security Group page, select an existing security group or create a new one. Choose Review and Launch.

9. On the Review Instance Launch page, review your settings, and then choose Launch to choose a key pair and launch your instance. If you're new to Amazon EC2 and haven't created any key pairs, the wizard prompts you to create one.

Important

After you have added a secondary private IP address to a network interface, you must connect to the instance and configure the secondary private IP address on the instance itself. For more information, see Configure the operating system on your instance to recognize secondary private IPv4 addresses.

To assign a secondary IPv4 address during launch using the command line

• You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.

  • The --secondary-private-ip-addresses option with the run-instances command (AWS CLI)

  • Define -NetworkInterface and specify the PrivateIpAddresses parameter with the New-EC2Instance command (AWS Tools for Windows PowerShell).

To assign a secondary private IPv4 address to a network interface

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Network Interfaces, and then select the network interface attached to the instance.

3. Choose Actions, Manage IP Addresses.

4. Under IPv4 Addresses, choose Assign new IP.

5. Enter a specific IPv4 address that's within the subnet range for the instance, or leave the field blank to let Amazon select an IP address for you.

6. (Optional) Choose Allow reassignment to allow the secondary private IP address to be reassigned if it is already assigned to another network interface.

7. Choose Yes, Update.

Alternatively, you can assign a secondary private IPv4 address to an instance. Choose Instances in the navigation pane, select the instance, and then choose Actions, Networking, Manage IP addresses. You can configure the same information as you did in the steps above. The IP address is assigned to the primary network interface (eth0) for the instance.

To assign a secondary private IPv4 to an existing instance using the command line

• You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.

  • assign-private-ip-addresses (AWS CLI)

  • Register-EC2PrivateIpAddress (AWS Tools for Windows PowerShell)

Configure the operating system on your instance to recognize secondary private IPv4 addresses

After you assign a secondary private IPv4 address to your instance, you need to configure the operating system on your instance to recognize the secondary private IP address.

For information about configuring a Windows instance, see Configure a secondary private IPv4 address for your Windows instance.

Associate an Elastic IP address with the secondary private IPv4 address

To associate an Elastic IP address with a secondary private IPv4 address

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Elastic IPs.

3. Choose Actions, and then select Associate address.

4. For Network interface, select the network interface, and then select the secondary IP address from the Private IP list.

5. Choose Associate.

To associate an Elastic IP address with a secondary private IPv4 address using the command line

• You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.

  • associate-address (AWS CLI)

  • Register-EC2Address (AWS Tools for Windows PowerShell)

View your secondary private IPv4 addresses

To view the private IPv4 addresses assigned to a network interface

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Network Interfaces.

3. Select the network interface with private IP addresses to view.

4. On the Details tab in the details pane, check the Primary private IPv4 IP and Secondary private IPv4 IPs fields for the primary private IPv4 address and any secondary private IPv4 addresses assigned to the network interface.

To view the private IPv4 addresses assigned to an instance

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Instances.

3. Select the instance with private IPv4 addresses to view.

4. On the Description tab in the details pane, check the Private IPs and Secondary private IPs fields for the primary private IPv4 address and any secondary private IPv4 addresses assigned to the instance through its network interface.

Unassign a secondary private IPv4 address

If you no longer require a secondary private IPv4 address, you can unassign it from the instance or the network interface. When a secondary private IPv4 address is unassigned from a network interface, the Elastic IP address (if it exists) is also disassociated.

To unassign a secondary private IPv4 address from an instance

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Instances.

3. Select an instance, choose Actions, Networking, Manage IP addresses.

4. Under IPv4 Addresses, choose Unassign for the IPv4 address to unassign.

5. Choose Yes, Update.

To unassign a secondary private IPv4 address from a network interface

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Network Interfaces.

3. Select the network interface, choose Actions, Manage IP Addresses.

4. Under IPv4 Addresses, choose Unassign for the IPv4 address to unassign.

5. Choose Yes, Update.

To unassign a secondary private IPv4 address using the command line

• You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.

  • unassign-private-ip-addresses (AWS CLI)

  • Unregister-EC2PrivateIpAddress (AWS Tools for Windows PowerShell)

Work with multiple IPv6 addresses

You can assign multiple IPv6 addresses to your instance, view the IPv6 addresses assigned to your instance, and unassign IPv6 addresses from your instance.

Contents

• Assign multiple IPv6 addresses
• View your IPv6 addresses
• Unassign an IPv6 address

Assign multiple IPv6 addresses

You can assign one or more IPv6 addresses to your instance during launch or after launch. To assign an IPv6 address to an instance, the VPC and subnet in which you launch the instance must have an associated IPv6 CIDR block.

New console

To assign multiple IPv6 addresses during launch

1. Follow the procedure to launch an instance, and when you configure Network Settings, choose Advanced network configuration.

2. To assign a secondary IPv6 address, under IPv6 IPs, choose Automatically assign to have Amazon automatically assign a secondary IPv6 address or choose Manually assign to manually enter a CIDR.

3. Complete the remaining steps to launch the instance.

Old console

To assign multiple IPv6 addresses during launch

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. From the dashboard, choose Launch Instance.

3. Select an AMI, choose an instance type, and choose Next: Configure Instance Details. Ensure that you choose an instance type that support IPv6. For more information, see Instance types.

4. On the Configure Instance Details page, select a VPC from the Network list, and a subnet from the Subnet list.

5. In the Network Interfaces section, do the following, and then choose Next: Add Storage:

   • To assign a single IPv6 address to the primary network interface (eth0), under IPv6 IPs, choose Add IP. To add a secondary IPv6 address, choose Add IP again. You can enter an IPv6 address from the range of the subnet, or leave the default Auto-assign value to let Amazon choose an IPv6 address from the subnet for you.

   • Choose Add Device to add another network interface and repeat the steps above to add one or more IPv6 addresses to the network interface. The console enables you to specify up to two network interfaces when you launch an instance. After you launch the instance, choose Network Interfaces in the navigation pane to add additional network interfaces. The total number of network interfaces that you can attach varies by instance type. For more information, see IP addresses per network interface per instance type.

6. Follow the next steps in the wizard to attach volumes and tag your instance.

7. On the Configure Security Group page, select an existing security group or create a new one. If you want your instance to be reachable over IPv6, ensure that your security group has rules that allow access from IPv6 addresses. For more information, see Security group rules for different use cases. Choose Review and Launch.

8. On the Review Instance Launch page, review your settings, and then choose Launch to choose a key pair and launch your instance. If you're new to Amazon EC2 and haven't created any key pairs, the wizard prompts you to create one.

You can use the Instances screen Amazon EC2 console to assign multiple IPv6 addresses to an existing instance. This assigns the IPv6 addresses to the primary network interface (eth0) for the instance. To assign a specific IPv6 address to the instance, ensure that the IPv6 address is not already assigned to another instance or network interface.

To assign multiple IPv6 addresses to an existing instance

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Instances.

3. Select your instance, choose Actions, Networking, Manage IP Addresses.

4. Under IPv6 Addresses, choose Assign new IP for each IPv6 address you want to add. You can specify an IPv6 address from the range of the subnet, or leave the Auto-assign value to let Amazon choose an IPv6 address for you.

5. Choose Yes, Update.

Alternatively, you can assign multiple IPv6 addresses to an existing network interface. The network interface must have been created in a subnet that has an associated IPv6 CIDR block. To assign a specific IPv6 address to the network interface, ensure that the IPv6 address is not already assigned to another network interface.

To assign multiple IPv6 addresses to a network interface

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Network Interfaces.

3. Select your network interface, choose Actions, Manage IP Addresses.

4. Under IPv6 Addresses, choose Assign new IP for each IPv6 address you want to add. You can specify an IPv6 address from the range of the subnet, or leave the Auto-assign value to let Amazon choose an IPv6 address for you.

5. Choose Yes, Update.

CLI overview

You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.

• Assign an IPv6 address during launch:

  • Use the --ipv6-addresses or --ipv6-address-count options with the run-instances command (AWS CLI)

  • Define -NetworkInterface and specify the Ipv6Addresses or Ipv6AddressCount parameters with the New-EC2Instance command (AWS Tools for Windows PowerShell).

• Assign an IPv6 address to a network interface:

  • assign-ipv6-addresses (AWS CLI)

  • Register-EC2Ipv6AddressList (AWS Tools for Windows PowerShell)

View your IPv6 addresses

You can view the IPv6 addresses for an instance or for a network interface.

To view the IPv6 addresses assigned to an instance

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Instances.

3. Select your instance. In the details pane, review the IPv6 IPs field.

To view the IPv6 addresses assigned to a network interface

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Network Interfaces.

3. Select your network interface. In the details pane, review the IPv6 IPs field.

CLI overview

You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.

• View the IPv6 addresses for an instance:

  • describe-instances (AWS CLI)

  • Get-EC2Instance (AWS Tools for Windows PowerShell).

• View the IPv6 addresses for a network interface:

  • describe-network-interfaces (AWS CLI)

  • Get-EC2NetworkInterface (AWS Tools for Windows PowerShell)

Unassign an IPv6 address

You can unassign an IPv6 address from the primary network interface of an instance, or you can unassign an IPv6 address from a network interface.

To unassign an IPv6 address from an instance

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Instances.

3. Select your instance, choose Actions, Networking, Manage IP Addresses.

4. Under IPv6 Addresses, choose Unassign for the IPv6 address to unassign.

5. Choose Yes, Update.

To unassign an IPv6 address from a network interface

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Network Interfaces.

3. Select your network interface, choose Actions, Manage IP Addresses.

4. Under IPv6 Addresses, choose Unassign for the IPv6 address to unassign.

5. Choose Save.

CLI overview

You can use one of the following commands. For more information about these command line interfaces, see Access Amazon EC2.

• unassign-ipv6-addresses (AWS CLI)

• Unregister-EC2Ipv6AddressList (AWS Tools for Windows PowerShell).