Friday, April 6, 2018

AWS Public IP vs Elastic IP and how can we assign one to EC2 instance

In my previous post I mentioned that in order to make an EC2 instance internet accessible, it should have a Public or Elastic IP assigned. Here anyone new to AWS may wonder that, what is this Elastic IP and How its different from Public IP.

In this post we will discuss about the similarities and differences between these two and how one can assign a Public or Elastic IP to an EC2 instance.

If you are looking from a functional point of view then they both are publicly routable IP addresses and can be used to connect your instance to internet but are different how they persist and the way you can assign one to your instance.

public IP address is assigned to your instance from Amazon's pool of public IPv4 addresses, and is not associated with your AWS account. When a public IP address is disassociated from your instance, it is released back into the public IPv4 address pool, and you cannot reuse it.

If we put it in simple word then, Public IP addresses are dynamic, which means if you stop/start your instance you get reassigned a new public IP however it would persist if you just reboot the ec2 instance.

Public IP addresses are free and you will not be charged anything for using them.

An Elastic IP address is a static public IPv4 address, designed for dynamic cloud computing. If your instance does not have a public IPv4 address, you can associate an Elastic IP address with your instance to enable communication with the internet.

An Elastic IP address is associated with your AWS account and with it, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account.
While your instance is running, you are not charged for one Elastic IP address associated with the instance, but you are charged for any additional Elastic IP addresses which is not in use.

Now let’s look at the difference between these two IP types.

1. Elastic IPs are assigned to AWS accounts which you can attach to instances. Public IPs assigned to instances directly.
2. You cannot manually attach or detach public IP from the instance. It’s auto allocated from the pool. Elastic IP can be manually attached and detach from the instance.

3. When an instance is stopped and started again, public IP gets changed. But if the instance is assigned with elastic IP, it will remain the same even if the instance is stopped and started again.

4. If elastic IP is allocated to your account and not in use then you will be charged for it on an hourly basis.

5. Public IP released once your instance is stopped so no question of getting charged for not using it.

6. You won’t be able to re-use same public IP since its allocated from free IP pool. You can always re-use, re-attach elastic IP to other instance when it is released from current instance.

7. You can have maximum 5 elastic IP to your account per region. But, you can have as many public IPs as EC2 instances you spin up.

8. You can have either of them for an instance. If you assign elastic IP to instance then its currently assigned public IP will be released to the free pool.

How would be assign Public or Elastic IP to an instance: 

Public IP: It can be assigned to an instance only during the instance creation time and there are two ways of doing that.

  • Edit the Subnet setting and enable Auto-assign Public IP to any EC2 instanced launched in this Subnet.

To do so, From AWS Console => Under Networking & Content Delivery, Select VPC => Now Click on Subnet Tab => Select the intended Subnet and either right Click or from Actions => Select Modify auto-assign IP address

That will open the following Modify auto-assign IP address pop-up, now as shown enable auto-assigning Public IP address.

Now any EC2 instance which would be launched in this subnet would have a public IP assigned.

  • You can also assign the Public IP during EC2 instance launch time, you can also alter the default public IP assignment in a subnet from here.

Whatever you select here would over right the default IP assignment settings.

Elastic IP: We need to allocate the Elastic IP address to our AWS account before making use of it.

You can go to Elascic IP windows either from EC2 instance or VPC Dashboard, once you are there then => Select Elastic IP address => Allocate new address


There is not much to discuss here, once you would click on allocate in next screen, It would allocate you an Elastic IP.

Now if you want to assign this IP to any instance, just select it and either click on Actions or Right click on it and Select Allocate address.


That would open the following Associate Address window, from here you can select the intended EC2 instance or specific network interface.


Once select the intended instance, the elastic IP would get associated with the selected instance.

Note: As mentioned in above screenshot, if you associate an Elastic IP address to an EC2 instance which already has a public IP assigned, the public IP is released.

That's it ... :)


Tuesday, April 3, 2018

Launching your first AWS EC2 instance and making it internet accessible

I assume this is your first EC2 instance and you just have the default VPC with default Security groups, Network Access list and Routing table etc.

As this EC2 is being created in default VPC, which by default has an Internet Gateway attached with a route specified to internet gateway in attached route table so, one only need to complete following steps to make it internet accessible,

  • Create this EC2 instance with a Public IP

  • If the instance was not created with a public IP then create an Elastic IP and attach it to the EC2 instance

  • Identify the attached security group and create a custom inbound rule to allow traffic (RDP and ICMP etc) from an specific IP/Network or from anywhere (0.0.0.0/0)

Here you don’t need to create any outbound rule because Security groups are state full and on the other hand Network access lists by default allow all the traffic.

Note: If you didn’t select a security group during ec2 launch then the ec2 instance would have a new security group name Launch-Wizard-x created and attached, then you need to create custom inbound rules to allow RDP or ICMP traffic for this group.

If required, you can change the attached security group for an instance from here EC2 Dashboard => Network & Security =>Network interfaces.

That's it... :)