Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Amazon Web Services

Assigning Elastic IP Addresses to Amazon EC2 Instances

In this easy Ask the Admin, I’ll show you how to assign a static public facing IP address to your Amazon EC2 instances (VMs).

In Manage IP Addressing with Virtual Private Clouds in Amazon Web Services on the Petri IT Knowledgebase, I showed you how to launch a new nondefault-VPC instance using PowerShell. A Virtual Private Cloud (VPC) is the equivalent of a Microsoft Azure virtual network (VNET). I used a nondefault-VPC to create my own private subnet and address range, which can’t be changed in the default VPC provided by Amazon. Additionally, when provisioning the instance using the New-EC2Instance PowerShell cmdlet, I set the –AssociatePublicIp to $true, because nondefault-VPC instances are not assigned public IP addresses.

Public IP Addresses and DNS Name Resolution

The resulting instance is assigned a different public IP address every time it’s started, and while this isn’t a problem in itself in the majority of use cases, the instance’s external DNS name is made up in part by the assigned public IP address. So if you need to connect to the instance from the public Internet, then you’re going to have a lot of fun because its DNS name isn’t static.

Elastic IP Addresses (EIPs)

To solve this problem, you need to provision and associate an Elastic IP address (EIP) with the instance. When an Elastic IP address is associated with an instance, any existing public IP address is returned to the EC2-VPC public IP address pool. Should an EIP be disassociated from a nondefault-VPC instance, an address from the EC2-VPC public IP address pool is reassigned within a few minutes, unless the instance has a second network interface card, and you must associate an EIP manually.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Even if you are using the EC2 12-month free tier, then there may be charges associated with using EIPs. The first EIP associated with an instance is free, but any additional EIPs are billable. Additionally, EIPs associated with stopped or unattached network interfaces are subject to an hourly charge. See Amazon EC2 Pricing for more information on EIP pricing.

Register an Elastic IP address with an EC2 instance in Amazon Web Services. (Image Credit: Russell Smith)
Register an Elastic IP address with an EC2 instance in Amazon Web Services. (Image Credit: Russell Smith)

Working with Elastic IP Addresses

Before starting, you’ll need to make sure that you have the AWS Tools for Windows PowerShell installed and configured for your AWS subscription on your local PC, as described in Provision Windows Server in Amazon Web Services using PowerShell on Petri.

First, let’s establish if there are any EIPs provisioned in my subscription.

  • Open a PowerShell command prompt.
  • In the command prompt, type Get-EC2Address and press ENTER.

If you have any EIPs provision in your subscription, they will now be displayed in the command prompt, along with information including the public IP address and AllocationId. I have a couple of EIPs already provisioned, but I want a new EIP for an instance that I will create later. To provision a new EIP for use in a VPC:

  • In the PowerShell prompt, type New-EC2Address -Domain “vpc” and press ENTER.

The new EIP AllocationId and public IP address will be displayed in the prompt. If you run Get-EC2Address again, you’ll see that some fields are empty because the EIP is not yet associated with an instance.

Now I have an EIP ready for use, I need to provision a new instance. To provision a new VPC instance using PowerShell and get its InstanceId using Get-EC2Instance with a filter, see Manage IP Addressing with Virtual Private Clouds in Amazon Web Services. I chose not to set the –AssociatePublicIp to $true, as I know that I’m going to assign an EIP as soon as the new instance is ready for use. As such, the new instance won’t be provisioned initially with a public IP address or public DNS name, but that doesn’t matter.

Once the new instance is running and initialized, run the cmdlet shown below, replacing the values of the –InstanceId and –PublicIp parameters, the –PublicIp being that assigned to the EIP created earlier:

​Register-EC2Address -InstanceId i-45e10b4b -PublicIp

The cmdlet returns the new AssociationId. If you run Get-EC2Address again, you’ll see that the EIP is now associated with an InstanceId and internal private IP address. The instance is now also assigned a public DNS name that will not change if the instance is restarted.

Disassociate and Remove an EIP

To remove the EIP from your AWS subscription, disassociate it from the instance and then delete it.

​Unregister-EC2Address -PublicIp
Remove-EC2Address –AllocationId eipalloc-78be7f1d -force


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: