Amazon EC2 instance IP addressing - Amazon Elastic Compute Cloud

Amazon EC2 instance IP addressing

Amazon EC2 and Amazon VPC support both the IPv4 and IPv6 addressing protocols. By default, Amazon EC2 and Amazon VPC use the IPv4 addressing protocol; you can't disable this behavior. When you create a VPC, you must specify an IPv4 CIDR block (a range of private IPv4 addresses). You can optionally assign an IPv6 CIDR block to your VPC and subnets, and assign IPv6 addresses from that block to instances in your subnet. IPv6 addresses are reachable over the Internet. For more information about IPv6, see IP Addressing in Your VPC in the Amazon VPC User Guide.

Private IPv4 addresses and internal DNS hostnames

A private IPv4 address is an IP address that's not reachable over the Internet. You can use private IPv4 addresses for communication between instances in the same VPC. For more information about the standards and specifications of private IPv4 addresses, see RFC 1918. We allocate private IPv4 addresses to instances using DHCP.

Note

You can create a VPC with a publicly routable CIDR block that falls outside of the private IPv4 address ranges specified in RFC 1918. However, for the purposes of this documentation, we refer to private IPv4 addresses (or 'private IP addresses') as the IP addresses that are within the IPv4 CIDR range of your VPC.

When you launch an instance, we allocate a primary private IPv4 address for the instance. Each instance is also given an internal DNS hostname that resolves to the primary private IPv4 address; for example, ip-10-251-50-12.ec2.internal. You can use the internal DNS hostname for communication between instances in the same VPC, but we can't resolve the internal DNS hostname outside of the VPC.

An instance receives a primary private IP address from the IPv4 address range of the subnet. For more information, see VPC and subnet sizing in the Amazon VPC User Guide. If you don't specify a primary private IP address when you launch the instance, we select an available IP address in the subnet's IPv4 range for you. Each instance has a default network interface (eth0) that is assigned the primary private IPv4 address. You can also specify additional private IPv4 addresses, known as secondary private IPv4 addresses. Unlike primary private IP addresses, secondary private IP addresses can be reassigned from one instance to another. For more information, see Multiple IP addresses.

A private IPv4 address, regardless of whether it is a primary or secondary address, remains associated with the network interface when the instance is stopped and started, or hibernated and started, and is released when the instance is terminated.

Public IPv4 addresses and external DNS hostnames

A public IP address is an IPv4 address that's reachable from the Internet. You can use public addresses for communication between your instances and the Internet.

Each instance that receives a public IP address is also given an external DNS hostname; for example, ec2-203-0-113-25.compute-1.amazonaws.com. We resolve an external DNS hostname to the public IP address of the instance from outside its VPC, and to the private IPv4 address of the instance from inside its VPC. The public IP address is mapped to the primary private IP address through network address translation (NAT). For more information, see RFC 1631: The IP Network Address Translator (NAT).

When you launch an instance in a default VPC, we assign it a public IP address by default. When you launch an instance into a nondefault VPC, the subnet has an attribute that determines whether instances launched into that subnet receive a public IP address from the public IPv4 address pool. By default, we don't assign a public IP address to instances launched in a nondefault subnet.

You can control whether your instance receives a public IP address as follows:

A public IP address is assigned to your instance from Amazon's pool of public IPv4 addresses, and is not associated with your AWS account. When a public IP address is disassociated from your instance, it is released back into the public IPv4 address pool, and you cannot reuse it.

You cannot manually associate or disassociate a public IP address from your instance. Instead, in certain cases, we release the public IP address from your instance, or assign it a new one:

  • We release your instance's public IP address when it is stopped, hibernated, or terminated. Your stopped or hibernated instance receives a new public IP address when it is started.

  • We release your instance's public IP address when you associate an Elastic IP address with it. When you disassociate the Elastic IP address from your instance, it receives a new public IP address.

  • If the public IP address of your instance in a VPC has been released, it will not receive a new one if there is more than one network interface attached to your instance.

  • If your instance's public IP address is released while it has a secondary private IP address that is associated with an Elastic IP address, the instance does not receive a new public IP address.

If you require a persistent public IP address that can be associated to and from instances as you require, use an Elastic IP address instead.

If you use dynamic DNS to map an existing DNS name to a new instance's public IP address, it might take up to 24 hours for the IP address to propagate through the Internet. As a result, new instances might not receive traffic while terminated instances continue to receive requests. To solve this problem, use an Elastic IP address. You can allocate your own Elastic IP address, and associate it with your instance. For more information, see Elastic IP addresses.

If you assign an Elastic IP address to an instance, it receives an IPv4 DNS hostname if DNS hostnames are enabled. For more information, see Using DNS with your VPC in the Amazon VPC User Guide.

Note

Instances that access other instances through their public NAT IP address are charged for regional or Internet data transfer, depending on whether the instances are in the same Region.

Elastic IP addresses (IPv4)

An Elastic IP address is a public IPv4 address that you can allocate to your account. You can associate it to and disassociate it from instances as you require. It's allocated to your account until you choose to release it. For more information about Elastic IP addresses and how to use them, see Elastic IP addresses.

We do not support Elastic IP addresses for IPv6.

Amazon DNS server

Amazon provides a DNS server that resolves Amazon-provided IPv4 DNS hostnames to IPv4 addresses. The Amazon DNS server is located at the base of your VPC network range plus two. For more information, see Amazon DNS server in the Amazon VPC User Guide.

IPv6 addresses

You can optionally associate an IPv6 CIDR block with your VPC, and associate IPv6 CIDR blocks with your subnets. The IPv6 CIDR block for your VPC is automatically assigned from Amazon's pool of IPv6 addresses; you cannot choose the range yourself. For more information, see the following topics in the Amazon VPC User Guide:

IPv6 addresses are globally unique, and therefore reachable over the Internet. Your instance receives an IPv6 address if an IPv6 CIDR block is associated with your VPC and subnet, and if one of the following is true:

  • Your subnet is configured to automatically assign an IPv6 address to an instance during launch. For more information, see Modifying the IPv6 addressing attribute for your subnet.

  • You assign an IPv6 address to your instance during launch.

  • You assign an IPv6 address to the primary network interface of your instance after launch.

  • You assign an IPv6 address to a network interface in the same subnet, and attach the network interface to your instance after launch.

When your instance receives an IPv6 address during launch, the address is associated with the primary network interface (eth0) of the instance. You can disassociate the IPv6 address from the network interface. We do not support IPv6 DNS hostnames for your instance.

An IPv6 address persists when you stop and start, or hibernate and start, your instance, and is released when you terminate your instance. You cannot reassign an IPv6 address while it's assigned to another network interface—you must first unassign it.

You can assign additional IPv6 addresses to your instance by assigning them to a network interface attached to your instance. The number of IPv6 addresses you can assign to a network interface and the number of network interfaces you can attach to an instance varies per instance type. For more information, see IP addresses per network interface per instance type.

Working with the IPv4 addresses for your instances

You can assign a public IPv4 address to your instance when you launch it. You can view the IPv4 addresses for your in the console through either the Instances page or the Network Interfaces page.

Viewing the IPv4 addresses

You can use the Amazon EC2 console to view the private IPv4 addresses, public IPv4 addresses, and Elastic IP addresses of your instances. You can also determine the public IPv4 and private IPv4 addresses of your instance from within your instance by using instance metadata. For more information, see Instance metadata and user data.

The public IPv4 address is displayed as a property of the network interface in the console, but it's mapped to the primary private IPv4 address through NAT. Therefore, if you inspect the properties of your network interface on your instance, for example, through ifconfig (Linux) or ipconfig (Windows), the public IPv4 address is not displayed. To determine your instance's public IPv4 address from an instance, use instance metadata.

New console

To view the IPv4 addresses for an instance using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Instances and select your instance.

  3. The following information is available on the Networking tab:

    • Public IPv4 address — The public IPv4 address. If you associated an Elastic IP address with the instance or the primary network interface, this is the Elastic IP address.

    • Public IPv4 DNS — The external DNS hostname.

    • Private IPv4 addresses — The private IPv4 address.

    • Private IPv4 DNS — The internal DNS hostname.

    • Secondary private IPv4 addresses — Any secondary private IPv4 addresses.

    • Elastic IP addresses — Any associated Elastic IP addresses.

  4. Alternatively, under Network interfaces on the Networking tab, choose the interface ID for the primary network interface (for example, eni-123abc456def78901). The following information is available:

    • Private DNS (IPv4) — The internal DNS hostname.

    • Primary private IPv4 IP — The primary private IPv4 address.

    • Secondary private IPv4 IPs — Any secondary private IPv4 addresses.

    • Public DNS — The external DNS hostname.

    • IPv4 Public IP — The public IPv4 address. If you associated an Elastic IP address with the instance or the primary network interface, this is the Elastic IP address.

    • Elastic IPs — Any associated Elastic IP addresses.

Old console

To view the IPv4 addresses for an instance using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Instances and select your instance.

  3. The following information is available on the Description tab:

    • Private DNS — The internal DNS hostname.

    • Private IPs — The private IPv4 address.

    • Secondary private IPs — Any secondary private IPv4 addresses.

    • Public DNS — The external DNS hostname.

    • IPv4 Public IP — The public IPv4 address. If you associated an Elastic IP address with the instance or the primary network interface, this is the Elastic IP address.

    • Elastic IPs — Any associated Elastic IP addresses.

  4. Alternatively, you can view the IPv4 addresses for the instance using the primary network interface. Under Network interfaces on the Description tab, choose eth0, and then choose the interface ID (for example, eni-123abc456def78901). The following information is available:

    • Private DNS (IPv4) — The internal DNS hostname.

    • Primary private IPv4 IP — The primary private IPv4 address.

    • Secondary private IPv4 IPs — Any secondary private IPv4 addresses.

    • Public DNS — The external DNS hostname.

    • IPv4 Public IP — The public IPv4 address. If you associated an Elastic IP address with the instance or the primary network interface, this is the Elastic IP address.

    • Elastic IPs — Any associated Elastic IP addresses.

To view the IPv4 addresses for an instance using the command line

You can use one of the following commands. For more information about these command line interfaces, see Accessing Amazon EC2.

To determine your instance's IPv4 addresses using instance metadata

  1. Connect to your instance. For more information, see Connecting to your Windows instance.

  2. Use the following command to access the private IP address:

    PS C:\> Invoke-RestMethod http://169.254.169.254/latest/meta-data/local-ipv4
  3. Use the following command to access the public IP address:

    PS C:\> Invoke-RestMethod http://169.254.169.254/latest/meta-data/public-ipv4

    If an Elastic IP address is associated with the instance, the value returned is that of the Elastic IP address.

Assigning a public IPv4 address during instance launch

Each subnet has an attribute that determines whether instances launched into that subnet are assigned a public IP address. By default, nondefault subnets have this attribute set to false, and default subnets have this attribute set to true. When you launch an instance, a public IPv4 addressing feature is also available for you to control whether your instance is assigned a public IPv4 address; you can override the default behavior of the subnet's IP addressing attribute. The public IPv4 address is assigned from Amazon's pool of public IPv4 addresses, and is assigned to the network interface with the device index of eth0. This feature depends on certain conditions at the time you launch your instance.

Considerations

  • You can't manually disassociate the public IP address from your instance after launch. Instead, it's automatically released in certain cases, after which you cannot reuse it. For more information, see Public IPv4 addresses and external DNS hostnames. If you require a persistent public IP address that you can associate or disassociate at will, assign an Elastic IP address to the instance after launch instead. For more information, see Elastic IP addresses.

  • You cannot auto-assign a public IP address if you specify more than one network interface. Additionally, you cannot override the subnet setting using the auto-assign public IP feature if you specify an existing network interface for eth0.

  • The public IP addressing feature is only available during launch. However, whether you assign a public IP address to your instance during launch or not, you can associate an Elastic IP address with your instance after it's launched. For more information, see Elastic IP addresses. You can also modify your subnet's public IPv4 addressing behavior. For more information, see Modifying the public IPv4 addressing attribute for your subnet.

To enable or disable the public IP addressing feature using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Choose Launch Instance.

  3. Select an AMI and an instance type, and then choose Next: Configure Instance Details.

  4. On the Configure Instance Details page, for Network, select a VPC. The Auto-assign Public IP list is displayed. Choose Enable or Disable to override the default setting for the subnet.

  5. Follow the steps on the next pages of the wizard to complete your instance's setup. For more information about the wizard configuration options, see Launching an instance using the Launch Instance Wizard. On the final Review Instance Launch page, review your settings, and then choose Launch to choose a key pair and launch your instance.

  6. On the Instances page, select your new instance and view its public IP address in IPv4 Public IP field in the details pane.

To enable or disable the public IP addressing feature using the command line

You can use one of the following commands. For more information about these command line interfaces, see Accessing Amazon EC2.

  • Use the --associate-public-ip-address or the --no-associate-public-ip-address option with the run-instances command (AWS CLI)

  • Use the -AssociatePublicIp parameter with the New-EC2Instance command (AWS Tools for Windows PowerShell)

Working with the IPv6 addresses for your instances

You can view the IPv6 addresses assigned to your instance, assign a public IPv6 address to your instance, or unassign an IPv6 address from your instance. You can view these addresses in the console through either the Instances page or the Network Interfaces page.

Viewing the IPv6 addresses

You can use the Amazon EC2 console, AWS CLI, and instance metadata to view the IPv6 addresses for your instances.

New console

To view the IPv4 addresses for an instance using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Instances.

  3. Select the instance.

  4. On the Networking tab, locate IPv6 addresses.

  5. Alternatively, under Network interfaces on the Networking tab, choose the interface ID for the network interface (for example, eni-123abc456def78901). Locate IPv6 IPs.

Old console

To view the IPv4 addresses for an instance using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Instances.

  3. Select the instance.

  4. On the Networking tab, locate IPv6 IPs.

  5. Alternatively, under Network interfaces on the Description tab, choose eth0, and then choose the interface ID (for example, eni-123abc456def78901). Locate IPv6 IPs.

To view the IPv6 addresses for an instance using the command line

You can use one of the following commands. For more information about these command line interfaces, see Accessing Amazon EC2.

To view the IPv6 addresses for an instance using instance metadata

  1. Connect to your instance. For more information, see Connecting to your Windows instance.

  2. Use the following command to view the IPv6 address (you can get the MAC address from http://169.254.169.254/latest/meta-data/network/interfaces/macs/).

    PS C:\> Invoke-RestMethod http://169.254.169.254/latest/meta-data/network/interfaces/macs/mac-address/ipv6s

Assigning an IPv6 address to an instance

If your VPC and subnet have IPv6 CIDR blocks associated with them, you can assign an IPv6 address to your instance during or after launch. The IPv6 address is assigned from the IPv6 address range of the subnet, and is assigned to the network interface with the device index of eth0.

To assign an IPv6 address to an instance during launch

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Select an AMI and an instance type that supports IPv6, and choose Next: Configure Instance Details.

  3. On the Configure Instance Details page, for Network, select a VPC and for Subnet, select a subnet. For Auto-assign IPv6 IP, choose Enable.

  4. Follow the remaining steps in the wizard to launch your instance.

To assign an IPv6 address to an instance after launch

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Instances.

  3. Select your instance, and choose Actions, Networking, Manage IP addresses.

  4. Expand the network interface. Under IPv6 addresses, choose Assign new IP address. Enter an IPv6 address from the range of the subnet or leave the field blank to let Amazon choose an IPv6 address for you.

  5. Choose Save.

To assign an IPv6 address using the command line

You can use one of the following commands. For more information about these command line interfaces, see Accessing Amazon EC2.

Unassigning an IPv6 address from an instance

You can unassign an IPv6 address from an instance at any time.

To unassign an IPv6 address from an instance using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Instances.

  3. Select your instance, and choose Actions, Networking, Manage IP addresses.

  4. Expand the network interface. Under IPv6 addresses, choose Unassign next to the IPv6 address.

  5. Choose Save.

To unassign an IPv6 address from an instance using the command line

You can use one of the following commands. For more information about these command line interfaces, see Accessing Amazon EC2.