
Let's say you use the aws ec2 run-instances command to create and start an EC2 instance.
- If you do not use the --associate-public-ip-address flag, the EC2 instance will have both a public and private IP address
- If you use the --associate-public-ip-address flag, the EC2 instance will have both a public and private IP address
- If you use the --no-associate-public-ip-address flag, the EC2 instance will have a private IP address and will not have a public IP address
aws ec2 run-instances
--image-id ami-0b0dcb5067f052a63 \
--count 1 \
--key-name default \
--security-group-ids sg-0778124087b3d14d4 \
--subnet-id subnet-03f11123480f6abcd
At a high level, there are 3 types of IP addresses
- private IP addresses - dynamic address that may change
- public IP addresses - dynamic address that may change
- Elastic IP addresses - static address that does not change but incurs a modest charge
If the Virtual Private Cloud the EC2 instance is being created in has DNS hostnames disabled, if the EC2 instance will be associated with a public IP address, the EC2 instance will have a public IP address but will not have a public DNS hostname.
The aws ec2 describe-instances command can then be used to view the IP addresses associated with the EC2 instance. If you see IpOwnerId followed by your AWS account number, this means it is an Elastic IP address.
~]$ aws ec2 describe-instances --filters "Name=tag-value,Values=my-instance"
{
"Reservations": [
{
"Instances": [
{
"NetworkInterfaces": [
{
"PrivateIpAddresses": [
{
"Association": {
"IpOwnerId": "123456789012", <- this means its an Elastic IP address
"PublicDnsName": "ec2-100-22-33-44.compute-1.amazonaws.com",
"PublicIp": "100.22.33.44"
},
"Primary": true,
"PrivateDnsName": "ip-172-31-19-227.ec2.internal",
"PrivateIpAddress": "172.31.19.227"
}
]
If you see IpOwnerId followed by "amazon" this means it is not an Elastic IP address and is instead a public or private IP address.
~]$ aws ec2 describe-instances --filters "Name=tag-value,Values=my-instance"
{
"Reservations": [
{
"Instances": [
{
"NetworkInterfaces": [
{
"PrivateIpAddresses": [
{
"Association": {
"IpOwnerId": "amazon", <- this means its not an Elastic IP address
"PublicDnsName": "ec2-100-22-33-44.compute-1.amazonaws.com",
"PublicIp": "100.22.33.44"
},
"Primary": true,
"PrivateDnsName": "ip-172-31-19-227.ec2.internal",
"PrivateIpAddress": "172.31.19.227"
}
]
Likewise, in the AWS EC2 console, if you select your instance, the Networking tab will display the IP addresses.
If the instance is associated with an Elastic IP address, you should see the Elastic IP address and Auto-assigned IP address will probably be null.
Let's say you want to make an SSH connection onto the EC2 instance.
If the EC2 instance has a public IP address and is associated with a Security Group that allows SSH connections on port 22 from whatever systems you are trying to connect from, you should be able to make the SSH connection onto the EC2 instance using the public IP address. Be aware that the console will show the private IP address of the EC2 instance, even if you connect to the EC2 instance using the public IP address. This is totally normal.
Using username "ec2-user".
Authenticating with public key "default"
, #_
~\_ ####_ Amazon Linux 2023
~~ \_#####\
~~ \###|
~~ \#/ ___ https://aws.amazon.com/linux/amazon-linux-2023
~~ V~' '->
~~~ /
~~._. _/
_/ _/
_/m/'
[ec2-user@ip-172-31-45-86 ~]$
Making an SSH connection onto an EC2 instance using the private IP address is much more restricted. You will only be able to make the connection to the EC2 instance within the Virtual Private Cloud (VPC) that the EC2 instance is in. This almost always means making an SSH connection onto one of your EC2 instances that has a public IP address in the VPC and then from that EC2 instance, making an SSH connection to the EC2 instance using the private IP address of the EC2 instance.
Let's say you have an EC2 instance that got a public and private IP address auto assigned and perhaps you want to update the EC2 instance to only have a private IP address and no public IP address. If you select the EC2 instance and go to Actions > Networking > Manage IP addresses the Unassign button is greyed out, you can't unassign the public or private IP addresses. What to do?
You can use the aws ec2 create-image command to create an Amazon Machine Image (AMI) of the EC2 instance.
~]# aws ec2 create-image --instance-id i-0bb20768594080699 --name "docker2" --no-reboot
{
"ImageId": "ami-0d22a1bfc06db9f67"
}
And the use the aws ec2 run-instances command to create and start a new EC2 instance
- using the --no-associate-public-ip-address flag so that the new EC2 instance will not get an auto assigned public IP address
- using the Amazon Machine Image (AMI) returned by the aws ec2-create-image command
- optionally using the --private-ip-address command to specify the private IP address
- optionally using the --secondary-private-ip-addresses option to specify one or more addtional private IP addresses - in this scenario, you must not use the --secondary-private-ip-addresses-count option
- optionally using the --secondary-private-ip-addresses-count command to auto assign one or more additional private IP addresses - in this scenario, you must not use the --secondary-private-ip-addresses option
aws ec2 run-instances
--image-id ami-0d22a1bfc06db9f67 \
--count 1 \
--key-name default \
--security-group-ids sg-0778124087b3d14d4 \
--subnet-id subnet-03f11123480f6abcd \
--no-associate-public-ip-address \
--private-ip-address 172.31.89.110
Did you find this article helpful?
If so, consider buying me a coffee over at