Our team has isolated instance of EC2 that's shutdown overnight to save resources. When it starts up, it has different IP address and they can't access it from internal network as its IP address has changed and need to be added to the WAF.
Is there a process via SNS, Lambda or something that I can run after launch that automates it?
The easiest method is to create an Elastic IP addresses, which is a static public IP address. Then, allocate that Elastic IP address to the Amazon EC2 instance.
The Elastic IP address will remain the same even when the instance is stopped and started.
Related
I am new to AWS and tried to create an EC2 instance.
I have a domain and ready to modify the A record to the associated EC2 instance.
I found an article that said an elastic IP is required for associating a production domain.
But AWS provides a public IP and it is accessible on the public internet too (i know it changes after restart, just assuming its okay to modify the A record after the machine is restarted - actually it is not restart very often).
In this case, is it a must that to assign an elastic IP to the instance (this instance contains no load balancing, it is only a simple single instance)?
If yes, why is it necessary?
An Elastic IP (EIP) is not necessary provided that you understand the limitations of public IPs. You may not reboot your instance, but AWS might for any number of reasons. This means that the public IP address could change when you are not expecting it.
When an EIP is assigned to a running EC2 instance, there are no charges for the EIP e.g. it is free. Therefore why go thru the hassle of needing to monitor your public IP address.
whenever i tried to start or stop the Elastic compute cloud the IP address will be change.
Elastic IP is free as long as it is associated with an instance.
When you create your instance, you can choose to create a new Elastic IP and associate it with the instance. If you did not do this, you will be using the public pool of IP addresses Amazon provides that is available to EC2 instances.
IP from such public pool cannot be converted into Elastic IP. In your case, you need to simply create a new Elastic IP, then associate it with your instance.
An Elastic IP address doesn’t incur charges as long as the following
conditions are true:
The Elastic IP address is associated with an EC2 instance.
The instance associated with the Elastic IP address is running.
The instance has only one Elastic IP address attached to it.
For pricing please see AWS Documentation.
We all know that we can assign a Elastic IP associated with EC2 instance. However, when we rebuild the environment in ElasticBeanstalk the IP still changes since the old instance is terminated and a new instance is created. Is there any way we can assign a "real" static IP so that it wouldn't change even if it's rebuilt in ElasticBeanstalk? Thanks in advance.
From Using Elastic Beanstalk with Amazon VPC:
For single-instance environments, Elastic Beanstalk assigns an Elastic IP address (a static, public IP address) to the instance so that it can communicate directly with the Internet.)
For Load-balancing, autoscaling environments, you should always communicate via the Elastic Load Balancer, which is referenced by DNS Name.
If you require a fixed IP address for whitelisting, there are a few choices:
Route outbound traffic to the remote service via a NAT Gateway -- it can use a fixed Elastic IP address
Route traffic via a proxy in your VPC -- again, it can use a fixed Elastic IP address
Given that you have an auto-scaled environment, it doesn't necessarily make sense to allocate IP addresses to each individual instance. However, if you know the maximum number of instances that will be created, you could create Elastic IP addresses for your EC2 instances and re-associate them to instances when they are re-created. (You could potentially do this via a startup script.)
I agree with John. But just in case if you any way need EIP ( probably to ssh to the server ) : One workaround is Go to EC2 --> Elastic IPs --> Allocate new address . This way you are buying a fixed EIP for your account. Now you can manually associate this EIP with any of your EC2 instance.
Problem with this approach is that you have to always MANUALLY associate EIP.
I have a windows EC2 instance running a production website and DNS is configured to have my domain name point to its public IP. There is currently no Elastic IP (EIP) associated with the instance. I would like to start using a Elastic IP and have my domain name point to it instead of the public IP (which can change if I ever have to change the instance).
Reading the documentation I find this statement troubling:
When you associate an EIP with an instance, the instance's current
public IP address is released to the EC2-Classic public IP address
pool.
My fear is this:
I assign an EIP to the instance and the public IP is released.
Now my website no longer works, because the domain name points to the public IP, which is no longer associated with my EC2 instance.
I must then point DNS records to the EIP. But this could take up to 48 hours for propagation to take place (i.e. my site may be be unreachable for up to 48 hours).
How can I do this without having to live through DNS propagation?
If your EC2 instance is in a VPC, you can add a second network interface onto your EC2 instance. You can associate your Elastic IP address with that second network interface. This way, your EC2 instance could respond to both IP addresses.
Instructions
Create a new Network Interface in the same subnet as your EC2 instance.
Allocate a new Elastic IP for your VPC (if you haven't done so already).
Associate the Elastic IP address with your new Network Interface (eni).
Attach your new Network Interface to your EC2 instance.
Do not change your DNS yet.
You may need to RDP/SSH into your EC2 instance to make some configuration changes to ensure your EC2 instance responds correctly to the new IP address.
Modify the hosts file on your local computer to test connecting to your website via the new IP address.
When that works, do the DNS switch and restore your hosts file.
48 to 72 hours before your pre-determined switch-over time, reduce the time-to-live (TTL) on your DNS entry to 300 seconds (5 minutes).
At your designated switch-over time:
Attach the Elastic IP address
Update your DNS entry to point to your Elastic IP address
Doing this, your effective "downtime" is reduced to 5 minutes.
You can have two identical EC2 instances. One with the old public IP where DNS record is pointing to. One with the EIP assigned. Requests should be able to access anyone of the two instances without noticing it. Your application must be able to scale horizontally. Then you change DNS record to point to EIP. Eventually, when DNS is updated, all requests to your domain will end up going to the EC2 instance with the EIP. At that moment you can stop or terminate the old EC2 instance.
Other possibility if your application cannot scale horizontally and if it is a web application, the web server in the old EC2 instance can redirect requests to the EIP. It would redirect to an IP address but it's a possibility.
If you don't use EC2-Classic instances, you can freely move the Elastic IP to any other EC2 instance without losing the EIP.
aws ec2 associate-address --region us-east-1 --allocation-id eipalloc-xxxxxxxxxxx --allow-reassociation --network-interface-id eni-xxxxxxxxxx
where eipalloc-xxxxxxxxxxx is the id of the Elastic IP and eni-xxxxx is the id of the target EC2 instance.
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-recover-ip-address/
Elastic IP addresses
It's a best practice to use an Elastic IP address. Elastic IP addresses are allocated to your account, instead of to the instance. You can associate your Elastic IP addresses to and from instances as needed.
If you release the Elastic IP address that was allocated to your account, you might be able to recover it. For more information, see Recovering an Elastic IP address.
All instances except EC2-Classic instances retain their associated Elastic IP addresses when stopped. AWS continues to bill for Elastic IP addresses associated with a stopped instance.
Note: Elastic IP addresses associated with EC2-Classic instances aren't recoverable.
So, I don't understand what is going on here... I have (3) Micro EC2 Instances which are launched (without elastic ip)
I then go to Network Security->Elastic IPs and click associate IP address. I chose a running EC2 instance, that instance then uses the elastic ip.
If I stop, then start this SAME ec2 instance, it doesnt have the same previous elastic IP address and is instead some completely new IP address. This is messing up scripts that then depend on the previously associated elastic ip to that EC2 instance.
Why is this happening and why cant i get any of the (3) instances to adopt and keep this assigned elastic ip?
If you create a VPC and then re-provision the 3 micro instances under the VPC, EIPs you associate will remain associated during stop/start cycles. You won't be able to reuse your existing EC2 instances or EIPs; you'll have to recreate them under the new VPC.
Elastic IPs become disassociated with EC2 instances (in EC2-Classic) when you stop them. You will need to re-associate them again on startup, which can be done through the API (via AssociateAddress), CLI (via ec2-associate-address), or via the AWS Console.
Here's what the Elastic IP documentation has to say on the matter:
When you associate an EIP with an instance, the instance's current
public IP address is released to the EC2-Classic public IP address
pool. If you disassociate an EIP from the instance, the instance is
automatically assigned a new public IP address within a few minutes.
In addition, stopping the instance also disassociates the EIP from it.
We solve this at work by tagging our dev instances (which are turned off overnight) with the desired elastic IP and run a script in the morning to first turn them on, and then re-associate the elastic IP.
If you are willing to pay for NAT gateway (per hour charge + per GB traffic processed) , you can create a NAT gateway to make Elastic IP attach to your VPC private Subnet(you need to create route for subnet , point to nat-gateway, and modify your default route point to igw-id).
Any EC2 instance restart will have effect on the Elastic IP afterwards.