Feature Guide: Amazon EC2 Elastic IP Addresses

Elastic IP addresses are static IP addresses designed for dynamic cloud computing. An Elastic IP address is associated with your account, not a particular instance, and you control that address until you choose to explicitly release it. Unlike traditional static IP addresses, however, Elastic IP addresses allow you to mask instance or availability zone failures by programmatically remapping your public IP addresses to any instance associated with your account. Rather than waiting on a data technician to reconfigure or replace your host, or waiting for DNS to propagate to all of your customers, Amazon EC2 enables you to engineer around problems with your instance or software by programmatically remapping your Elastic IP address to a replacement instance.

Definitions

• EC2 Private IP Address: The internal RFC 1918 address of an instance that is only routable within the EC2 Cloud. Network traffic originating outside the EC2 network cannot route to this IP, and must use the Public IP or Elastic IP Address mapped to the instance.
• EC2 Public IP Address: Internet routable IP address assigned by the system for all instances. Traffic routed to the Public IP is translated via 1:1 Network Address Translation (NAT) and forwarded to the Private IP address of an instance. The mapping of a Public IP to Private IP of an instance is the default launch configuration for all instance types. Public IP Addresses are no longer usable upon instance termination.
• EC2 Elastic IP Address: Internet routable IP address allocated to an AWS EC2 account. Similar to EC2 Public Address, 1:1 NAT is used to map Elastic IP Addresses with their associated Private IP addresses. Unlike a standard EC2 Public IP Address, Elastic IP Addresses are allocated to accounts and can be remapped to other instances when desired.

Before you begin, make sure you are using the right versions of our WSDL, API Tools, and API:

• WSDL and API version: 2008-02-01 or later
• API Tools: 1.3-19403 2008-02-01

Note: You can check version information using the ec2ver command.

The ec2-allocate-address command assigns an EC2 Elastic IP Address to an account. An Elastic IP address is associated with an account and billed accordingly until the address is released using ec2-release-address command.

This example allocates a new address for the account:

ec2-allocate-address
  ADDRESS 75.101.155.119

After allocating an address, use ec2-describe-addresses to view the addresses allocated to the account. The IP parameter specifies the IP(s) to describe. If unspecified, all addresses allocated are returned.

This example shows that two Elastic IPs are allocated to the account:

ec2-describe-addresses
  ADDRESS 75.101.157.145
  ADDRESS 75.101.155.119

ec2-describe-addresses 75.101.157.145
  ADDRESS 75.101.157.145

Once an Elastic IP Address is allocated, you can map it to a running instance. Use ec2-describe-instances to select the instance ID of a running instance and use ec2-associate-address to create the mapping.

ec2-describe-instances
  RESERVATION      r-ae33c2c7      924417782495    default
  INSTANCE         i-b2e019da      ami-2bb65342    ec2-72-44-33-67.compute-1.amazonaws.com  ip-10-251-71-165.ec2.internal   running  gsg-keypair     0               m1.small        2008-03-03T23:09:09+0000       us-east-1a
  INSTANCE         i-b2e019db      ami-2bb65342    ec2-67-202-3-83.compute-1.amazonaws.com  ip-10-251-47-36.ec2.internal    running  gsg-keypair     1               m1.small        2008-03-03T23:09:09+0000       us-east-1a

ec2-describe-addresses
  ADDRESS 75.101.157.145

This example associates the Elastic IP 75.101.157.145 with instance ID i-b2e019da:

ec2-associate-address -i i-b2e019da  75.101.157.145

  ADDRESS 75.101.157.145   i-b2e019da

The ec2-associate-address call is processed by the EC2 Cloud. This will take a few minutes to complete.

After a successful call to ec2-associate-address, you will see the new IP associated with his instance by using ec2-describe-addresses.

ec2-describe-addresses
  ADDRESS 75.101.157.145   i-b2e019da

ec2-describe-instances i-b2e019da
  RESERVATION      r-ae33c2c7      924417782495    default
  INSTANCE         i-b2e019da      ami-2bb65342    ec2-75-101-157-145.compute-1.amazonaws.com  ip-10-251-71-165.ec2.internal   running  gsg-keypair     0               m1.small        2008-03-03T23:09:09+0000       us-east-1a

In most cases, this will typically take less than a few minutes from when you instruct us to remap the Elastic IP.

Note: Instances only have one Internet routable IP address. When an Elastic IP is associated to an instance, the instance's existing Public IP address mapping is removed and is no longer valid for this instance.

You might want to remap the Elastic IP to another instance.

In this example the account has two instances running i-b2e019da and i-b2e019db. The following example remaps Elastic IP Address 75.101.157.145 from the current instance ID i-b2e019da (completed above) to instance ID i-b2e019db.

ec2-describe-addresses
  ADDRESS 75.101.157.145   i-b2e019da
  
ec2-associate-address -i i-b2e019db  75.101.157.145
  ADDRESS 75.101.157.145   i-b2e019db

Once the system updates have completed, network traffic sent to the Elastic IP 75.101.157.145 will be 1:1 NAT'd and sent to the internal IP of the instance i-b2e019db.

ec2-describe-addresses
  ADDRESS 75.101.157.145   i-b2e019db

The instance i-b2e019da no longer has a Public IP Address because the Elastic IP was removed to remap it to another instance. This means that the instance is no longer reachable from the internet. However, the instance is still reachable from within the cloud via the Private IP Address.

ec2-describe-instances
  RESERVATION      r-ae33c2c7      924417782495    default
  INSTANCE         i-b2e019da      ami-2bb65342    <>    ip-10-251-71-165.ec2.internal   running gsg-keypair     0               m1.small        2008-03-03T23:09:09+0000       us-east-1a
  INSTANCE         i-b2e019db      ami-2bb65342    ec2-75-101-157-145.compute-1.amazonaws.com  ip-10-251-47-36.ec2.internal    running  gsg-keypair     1               m1.small        2008-03-03T23:09:09+0000       us-east-1a

In the background, a process is running that will re-configure another Public IP address for the instance. This process can take a few minutes and, when complete, the ec2-describe-instances returns the updated information and the instance will again be reachable from the internet on this newly assigned Public IP.

ec2-describe-instances
  RESERVATION      r-ae33c2c7      924417782495    default
  INSTANCE         i-b2e019da      ami-2bb65342    ec2-67-202-46-87.compute-1.amazonaws.com    ip-10-251-71-165.ec2.internal   running  gsg-keypair     0               m1.small        2008-03-03T23:09:09+0000       us-east-1a
  INSTANCE         i-b2e019db      ami-2bb65342    ec2-75-101-157-145.compute-1.amazonaws.com  ip-10-251-47-36.ec2.internal    running  gsg-keypair     1               m1.small        2008-03-03T23:09:09+0000       us-east-1a

  

Note: There is no guarantee that an instance will be configured with its original Public IP address that existed prior to being mapped. In fact, it is highly likely that you will receive a totally different Public IP address.

Calling ec2-terminate-instance first disassociates the Elastic IP from the instance and then completes the termination process. Upon completion of this call, the Elastic IP will be in an unmapped state and, if not associated to another instance, will be charged for each full hour not mapped to a running instance.

To remove the current mapping of the Elastic IP, use the ec2-disassociate-address command.

This example shows the current mapping, removes the mapping, and then confirms the mapping was removed.

ec2-describe-addresses

  ADDRESS 75.101.157.145   i-b2e019db

ec2-disassociate-address 75.101.157.145
  ADDRESS 75.101.157.145
  
ec2-describe-addresses
  ADDRESS 75.101.157.145
  

Upon completion of this call the Elastic IP will be in an unmapped state. Elastic IP addresses will accrue a charge for each full hour the address is not attached/mapped to an instance.

To release an Elastic IP from an account use ec2-release-address. The IP parameter specifies the Elastic IP Address to be released.

This example shows the existing Elastic IP on the account, releases it, and confirms the release:

ec2-describe-addresses
  ADDRESS 75.101.157.145

ec2-release-address 75.101.157.145
  ADDRESS 75.101.157.145

ec2-describe-addresses

  

If the ec2-release-address command is called while an Elastic IP is mapped to an instance, the system first removes the current mapping to an instance ID, and then removes the Elastic IP from the account. After releasing an Elastic IP address, you cannot get it back.

Public (IPV4) internet addresses are a scarce resource. There is only a limited amount of public IP space available, and Amazon EC2 is committed to helping use that space efficiently.

By default, all accounts are limited to 5 Elastic IP addresses. If you need more than 5 Elastic IP addresses, we ask that you apply for your limit to be raised. We will ask you to think through your use case and help us understand your need for additional addresses. You can apply for more Elastic IP addresses here.

In order to help ensure our customers are efficiently using the Elastic IP addresses that they have associated with their account, we impose the $.01/hr charge when these IP addresses are not mapped to an instance.

Today, an instance can only have one Internet routable IP address. If an Elastic IP is mapped to an instance its existing Public IP address mapping is removed.

To map an Elastic IP to an instance the existing Public IP mapping must first be removed. Once the mapping of the Elastic IP to the instance is complete, the original Public IP is returned to the general IP address pool and will eventually be reused within the cloud.

The last ec2-associate-address call made will be the one applied to the instance; in this case EIP2 will be associated with the instance once the mapping propagates. EIP1 will be disassociated, but will remain associated with your EC2 account.

Removing the Elastic IP from an instance temporarily leaves the instance without a Public IP Address. A background process in the cloud will re-assign a new Public IP to the instance after a short period of time. The instance will remain reachable from within the cloud on its private IP address during this process.

In most cases, this will typically take less than a few minutes from when you instruct us to remap the Elastic IP, and we are continuing to work to make this even faster.

When you remap an Elastic IP to an instance, some of your preexisting communications (to the old and now unmapped IP address) will continue to work even after the remap. For example, if you have an open ssh connection to an instance via its system assigned Public IP address and subsequently associate one of your Elastic IP addresses with that instance, the ssh session might continue to function normally for some time. This behavior is expected but unreliable. We strongly urge you to reestablish connections via the new remapped IP addresses to ensure that your software functions correctly.

When you remap an IP address, we propagate the new mapping throughout the EC2 network. Because of the behavior of some network devices, existing communications (defined as established source IP, destination IP, port combinations) might continue to utilize preexisting mappings until the devices refresh their caches. This results in existing connections continuing to work. However, because of the highly distributed nature of the EC2 network and the way these devices function, these communications can become invalid at any time. Therefore, you should reestablish all connections through your remapped IP address.

Finally, as we continue to release optimizations to the EC2 network to reduce the propagation time of Elastic IP updates, these optimizations will also more quickly purge the network of any cached mappings. It is our ultimate goal to immediately break all existing communications when an IP address is remapped.

A reboot or restart of an instance has no impact on the mapping of an Elastic IP to it. However, terminating an instance will remove the mapping and the Elastic IP will then be charged for each full hour it is not mapped to another instance.