I have a MEAN application where I am using Private IP to provide the connection in between the server or application. And I am using ec2 Instance Private IP for this inside my application.
Now I want to use Auto Scaling for my Production Environment. But I am not able to allocate predefined Private IPs when launching ec2 Instance using Auto Scaling Group.
Is there a better way to do this? Perhaps through Launch Configurations?
What is the best method to allow ec2 instances launched by an Auto Scaling Group to be assigned a private IP?
There's no way to have specific private IP's reserved for the auto scaling group in the launch configurations for ec2 Instance.
However three possible workaround here.
As per as Private IP is concern kindly create small subnet and choose it when creating Auto Scaling Group.
Create ENI (network interface) and assign it Private IP address of your choice, In the Auto Scaling Launch Configuration write user data script which uses the AWS cli tools to discover the pre created ENI and attach it to the ec2 Instance.
You may also try adding Secondary Private IP address to instance primary interface using user data.
Amazon EC2 Auto Scaling adjusts capacity by:
Launching new instances
Terminating existing instances
When a new instance is launched, it receives a private IP address in the CIDR range of the associated subnet. While it is normally possible in Amazon EC2 to request a specific IP address (which is done via a DHCP reservation), this is not possible with Auto Scaling. Instead, each instance will receive a random address from the subnet's CIDR range.
If your application really does require a range of pre-defined IP addresses, you could use a pool of Elastic IP addresses and have each new instance "grab" one of these addresses. However, traffic within a VPC that refers to a public IP address (and an Elastic IP address is a public IP address) has a charge of 1c/GB because it goes out, and then back into, the VPC. I wouldn't recommend this approach.
Given that there could be a variable number of instances operating at any time, and therefore assuming that your application can handle the fact that it might have an IP address registered but not in use, you could just give it every IP address in the CIDR range. You could even make a smaller subnet so the range is not very big.
Related
I have a scenario where I want to setup an haproxy cluster with keepalived. I saw this blog post https://www.peternijssen.nl/high-availability-haproxy-keepalived-aws/ and its pretty detailed and easy to follow, but for my scenario I need the elastic IP's to be private. Is this doable ? As from AWS documentation Elastic IP's are only public IPs.
I need a floating IP which will act as a floating cluster IP. What can I use if Elastic IP is not an option.
An elastic IP within AWS is actually a static public IP address. This functionality is required as by default a public IP address is not reserved by an account, and when enabled limits the total IPv4 addresses you can keep.
For private address ranges however, your instances can be assigned any private IP address that is within any of your VPCs CIDR range(s).
In fact for this reason you can select almost any IP address found within your VPC when launching a new instance, in addition the IP addresses that are attached to an EC2 instance are static and will be attached to that instance until it is terminated.
Therefore as long as you don't terminate the instances the private IP(s) will be maintained. However, in the event the instance fails and is not recoverable you would still need to launch a new instance and use that IP.
It might be more beneficial using a DNS record to resolve the IP just in case of an emergency, or failing that use a load balancer to distribute traffic.
For this case you can provision an Elastic Network Interface (ENI) with a static private IP address which you can attach/re-attach to EC2 instances. As long as you don’t delete the ENI, it will retain the I as p address. Find out more here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html
I know I can get new IP address by going to Elastic IPs --> Allocate new address but by doing this I always get IPs in different subnet range.
I want to IPs with same subnet.
I have two ec2 instance, Actually I want a 2 new IP address with in same subnet range! Am trying to join two instances which is in same ZONE and same VPC, but their primary private IPs are in different subnet, so this is the issue!
I Have added a secondary Private IP directly to both instances with same subnet range ( by not using Elastic IP and then associating them) , So is there a way I can make this secondary Private IP as my primary one?
Based on the documentation it isn't possible to select the IP from an address range for Elastic IP's unless you own the IP address space.
You can allocate an Elastic IP address from Amazon's pool of public IPv4 addresses, or from a custom IP address pool that you have brought to your AWS account. For more information about bringing your own IP address range to your AWS account, see Bring Your Own IP Addresses (BYOIP).
You may be able to hack around this but I don't think AWS would look kindly upon it.
I Found a solution for my problem:
While creating new instance itself we can assign IP address within the same subnet range.
Here are the steps :
First have this ready
goto VPC --> Create Subnet
goto network&security --> create networkinterface
Then,
* Launch Instance --> Choose the AMI --> choose instance type --> configure instance
Under configure instance :
*Select the network and subnet you have just created
Auto-assign Public IP : Enable
Then in same Page , downside you see Network interfaces :
Here , Add Primary Ip , secondary Ip (you can add as many based on your subscription)
But for a free tier max 2 you can add !!
But main thing is you can assign any IP you need from that subnet range you had created.
Hoping this will help someone.
My website is running behind an AWS Classic Load Balancer. It has some scaling policies and it launches some new EC2 instances when it has to.
Is it possible to have the range of public IP addresses that will be used for the EC2 instances when they will be launched by the load balancer ?
Is it possible to have the range of public IP addresses that will be used for the EC2 instances when they will be launched by the load balancer
Not to my knowledge. Public IP addresses are assigned automatically by AWS from a pool of addresses and I do not believe it is possible to know in advance what address will be assigned to your EC2.
See here for more details
Why do you need the ip address of the new instances, out of interest? Are you trying to dynamically provision access to resources on them as part of your ec2 startup process?
This is technically possible if you use Elastic IPs. While you can't create a pool for your scaling policies to pull from, you can create several EIPs and configure Lambda scripts that trigger during scaling events, and assign available EIPs to the new instances using the associateAddress API.
Alternatively, this seems like a similar problem, and maybe a useful solution for you.
We have two AWS instances (Instance A and Instance B) which are running in the same VPC. There is an internet facing service on Instance A which is restricted (via security group) to a subset of IP addresses. Instance A has a DNS entry so the service can be accessed via someservice.example.org.
When trying to access the service from Instance B it works correctly if we used the VPC internal IP address however we cannot seem to get the correct security group configuration to allow this instance access via the public DNS.
We have added the 'default' VPC security group to Instance A but we're still unable to access this service directly. We also have the same problem trying to configure access to Instance A from other VPCs.
I know that we can create a private DNS for the VPC which could solve the problem when we are in the same VPC but this doesn't get around the problem when running in another VPC.
This sounds like a DNS resolution issue. If you are using Route53 for DNS the easiest way to fix this is to create a private Route53 DNS zone for your VPC and add something like:
CNAME 'someservice.example.org' that points to the instance's internal IP address.
Note that you really want to use the internal private IP address whenever possible. It will keep the network traffic within your VPC, which will be much faster and more secure. It may also be cheaper for you, at least if the instances are also within the same availability zone. You can read more about that on the EC2 pricing page in the Data Transfer section.
Also note that you can't open up the security group to allow only instances from your VPC/security group to access something via the public IP. This is because the traffic hitting the public IP is seen as coming "from the internet", not from your VPC. You would have to grant access to the servers via their public IP addresses instead of their security groups.
You mention also using a second VPC, but that would be a separate problem that could be addressed via VPC Peering.
Is there a way to duplicate a EC2 instance in the same VPC in different AZ for HA purpose, so that when the primary instance is bad (e.g. due to check status failure), I can shut it down and quickly switch over to the standby one.
For some reason, I need to keep the same private IP address, and public/EIP IP address.
For the EIP address, I can dis-associate it from the OLD instance, and re-associate it to the NEW instance, but how about the private IP address?
Any suggestion? Thanks in advance...
What is "an instance"?
It's worth thinking about what people mean when they talk about "duplicating an EC2 instance". An EC2 instance consists of:
The boot disk with Operating System
Any data disks
Network settings (eg public & private IP addresses)
Configurations (eg Instance Type, User Data, Tags, etc)
Duplicating an EC2 instance usually means launching another instance with the same configuration, but it's not necessarily a "duplicate". For example, a different Availability Zone means it will have a different IP address (see below) and the new instance will be booted from an AMI (Amazon Machine Image) rather than being an exact duplicate of the disk from the previous instance.
Duplicates for High Availability
Next comes the issue of High Availability. A new instance can take a few minutes to launch. If the requirement is for near-instant cut-over, then the only solution is to always run more than one instance, and then re-point an IP address or DNS name.
As you mentioned, it is easy and fast to associate an Elastic IP Address to an alternate EC2 instance. This change immediately redirects traffic sent to that IP address.
However, it is not possible to reassign an Internal IP Address to another instance (but see below).
Using Auto Scaling to launch another instance
If the requirement allows for a few minutes of outage, then more possibilities arise. The simplest would be to launch the EC2 instance within an Auto Scaling group. The group can be configured to always have a certain number of instances (eg a minimum of 1 instance). Thus, when an instance fails, Auto Scaling can automatically launch a replacement instance with the same configuration (boot disk, instance type, etc).
Further, Auto Scaling can automatically launch instances in another Availability Zone if a zone fails.
However, please note that internal IP address ranges are associated with Subnets within a VPC (Virtual Private Cloud). Each subnet is associated with a single Availability Zone. The hierarchy is:
VPC
Availability Zone
Subnet (with CIDR range of IP addresses)
Instance
Thus, launching an instance in a different Availability Zone (and thus a different Subnet) will require the instance to have a different Internal IP Address.
A hack for reassigning IP addresses
While Internal IP Addresses cannot be reassigned (and especially not between Subnets), an interesting hack was described in the ARC401 session at re:Invent 2014 (see slides 33 & 34, or on YouTube).
This involved associating an IP address with a secondary Elastic Network Interface (ENI), where the IP address falls outside the VPC range. Then, use routing rules to route the traffic destined for that address to the ENI (turning off Source/Dest Check). Effectively, the traffic can be re-routed to a different instance by modifying the routing rules. A bit of a hack, but it apparently works.
You may not be able to keep the same private, primary IP address, but you cano assign a secondary private IP address to an EC2 instance in a VPC, and they are reassignable:
Private IP addresses
When you launch an instance into a VPC, a primary private IP address
from the address range of the subnet is assigned to the default
network interface (eth0) of the instance. If you don't specify a
primary private IP address, we select an available IP address in the
subnet range for you.
You can assign additional private IP addresses, known as secondary
private IP addresses, to instances that are running in a VPC. Unlike a
primary private IP address, you can reassign a secondary private IP
address from one network interface to another.
From here: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-ip-addressing.html