I'm a new user of AWS/EC2. I'm not sure that how Amazon manage a pair of EIP and ENI.
What I want to do in ec2 is to use a software license which is related to MAC address. So for using this license, I have to keep a same MAC address on EC2.
Actually I've already prepared my EIP, and it looks this EIP is related to specific ENI. So I think that the pair of this EIP and ENI is keeped unless I release this EIP or ENI. Is my understanding right?
No, EIP (Elastic IP address) can be assigned to any ENI on that instance, and it can be released and assigned to another ec2 instance or ENI as well.
For Elastic Network Interfaces (ENI), the best explanation is from AWS:
An elastic network interface (ENI) is a virtual network interface that you can attach to an instance in a VPC. An ENI can include the following attributes:
A primary private IP address.
One or more secondary private IP addresses.
One Elastic IP address per private IP address.
One public IP address, which can be auto-assigned to the elastic network interface for eth0 when you launch an instance, but only when you create an elastic network interface for eth0 instead of using an existing network interface.
One or more security groups.
A MAC address.
A source/destination check flag.
A description.
Refer:
Elastic Network Interfaces (ENI)
Related
I have a scenario where I want to setup an haproxy cluster with keepalived. I saw this blog post https://www.peternijssen.nl/high-availability-haproxy-keepalived-aws/ and its pretty detailed and easy to follow, but for my scenario I need the elastic IP's to be private. Is this doable ? As from AWS documentation Elastic IP's are only public IPs.
I need a floating IP which will act as a floating cluster IP. What can I use if Elastic IP is not an option.
An elastic IP within AWS is actually a static public IP address. This functionality is required as by default a public IP address is not reserved by an account, and when enabled limits the total IPv4 addresses you can keep.
For private address ranges however, your instances can be assigned any private IP address that is within any of your VPCs CIDR range(s).
In fact for this reason you can select almost any IP address found within your VPC when launching a new instance, in addition the IP addresses that are attached to an EC2 instance are static and will be attached to that instance until it is terminated.
Therefore as long as you don't terminate the instances the private IP(s) will be maintained. However, in the event the instance fails and is not recoverable you would still need to launch a new instance and use that IP.
It might be more beneficial using a DNS record to resolve the IP just in case of an emergency, or failing that use a load balancer to distribute traffic.
For this case you can provision an Elastic Network Interface (ENI) with a static private IP address which you can attach/re-attach to EC2 instances. As long as you don’t delete the ENI, it will retain the I as p address. Find out more here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html
I have an Amazon EC2 instance that I have been using for production and for some weird reason I did not use an Elastic IP.
Now that I want to use an Elastic IP, it seems AWS doesn't allow connection on the old IP. In my use case I need the instance to be accessible through both IPs. Is this really possible?
No. You cannot use the old public IP once you associate an elastic IP. Remember you have only one network interface, you cannot have 2 public (routable) IPs associated with it.
From Elastic IP Address Basics
If you associate an Elastic IP address with the eth0 network interface
of your instance, its current public IP address (if it had one) is
released to the EC2-VPC public IP address pool. If you disassociate
the Elastic IP address, the eth0 network interface is automatically
assigned a new public IP address within a few minutes. This doesn't
apply if you've attached a second network interface to your instance.
I have a windows EC2 instance running a production website and DNS is configured to have my domain name point to its public IP. There is currently no Elastic IP (EIP) associated with the instance. I would like to start using a Elastic IP and have my domain name point to it instead of the public IP (which can change if I ever have to change the instance).
Reading the documentation I find this statement troubling:
When you associate an EIP with an instance, the instance's current
public IP address is released to the EC2-Classic public IP address
pool.
My fear is this:
I assign an EIP to the instance and the public IP is released.
Now my website no longer works, because the domain name points to the public IP, which is no longer associated with my EC2 instance.
I must then point DNS records to the EIP. But this could take up to 48 hours for propagation to take place (i.e. my site may be be unreachable for up to 48 hours).
How can I do this without having to live through DNS propagation?
If your EC2 instance is in a VPC, you can add a second network interface onto your EC2 instance. You can associate your Elastic IP address with that second network interface. This way, your EC2 instance could respond to both IP addresses.
Instructions
Create a new Network Interface in the same subnet as your EC2 instance.
Allocate a new Elastic IP for your VPC (if you haven't done so already).
Associate the Elastic IP address with your new Network Interface (eni).
Attach your new Network Interface to your EC2 instance.
Do not change your DNS yet.
You may need to RDP/SSH into your EC2 instance to make some configuration changes to ensure your EC2 instance responds correctly to the new IP address.
Modify the hosts file on your local computer to test connecting to your website via the new IP address.
When that works, do the DNS switch and restore your hosts file.
48 to 72 hours before your pre-determined switch-over time, reduce the time-to-live (TTL) on your DNS entry to 300 seconds (5 minutes).
At your designated switch-over time:
Attach the Elastic IP address
Update your DNS entry to point to your Elastic IP address
Doing this, your effective "downtime" is reduced to 5 minutes.
You can have two identical EC2 instances. One with the old public IP where DNS record is pointing to. One with the EIP assigned. Requests should be able to access anyone of the two instances without noticing it. Your application must be able to scale horizontally. Then you change DNS record to point to EIP. Eventually, when DNS is updated, all requests to your domain will end up going to the EC2 instance with the EIP. At that moment you can stop or terminate the old EC2 instance.
Other possibility if your application cannot scale horizontally and if it is a web application, the web server in the old EC2 instance can redirect requests to the EIP. It would redirect to an IP address but it's a possibility.
If you don't use EC2-Classic instances, you can freely move the Elastic IP to any other EC2 instance without losing the EIP.
aws ec2 associate-address --region us-east-1 --allocation-id eipalloc-xxxxxxxxxxx --allow-reassociation --network-interface-id eni-xxxxxxxxxx
where eipalloc-xxxxxxxxxxx is the id of the Elastic IP and eni-xxxxx is the id of the target EC2 instance.
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-recover-ip-address/
Elastic IP addresses
It's a best practice to use an Elastic IP address. Elastic IP addresses are allocated to your account, instead of to the instance. You can associate your Elastic IP addresses to and from instances as needed.
If you release the Elastic IP address that was allocated to your account, you might be able to recover it. For more information, see Recovering an Elastic IP address.
All instances except EC2-Classic instances retain their associated Elastic IP addresses when stopped. AWS continues to bill for Elastic IP addresses associated with a stopped instance.
Note: Elastic IP addresses associated with EC2-Classic instances aren't recoverable.
What is difference between two terminologies, having a public subnet vs assigning elastic IP address to an instance of VPC over AWS ?
Instances created in VPC public subnets will be automatically assigned a public, routable IP address and a corresponding publicly-resolvable DNS entry of the form ip-<dash delimited address>.<region>.compute.amazonaws.com. Any ports allowed in the instance's security groups will be accessible over the Internet. The automatic address cannot be chosen. These public addresses are not persistent; when the instance is terminated, the IP address is lost.
Elastic IP addresses, by contrast, are associated with an AWS account. They can be attached to an instance. When the instance is terminated, the elastic IP can be associated with a new instance. They are persistent until manually released.
You may find the AWS docs on VPC public addresses useful. Also note that EIPs have some small cost associated in some cases; see the section on Elastic IP Addresses in the EC2 pricing docs.
I have a server that is up and running with an auto-assigned public IP address. This IP address was not created with Elastic IP. Is there anyway to transfer this IP address onto a new instance in my account?
I'm afraid you can't.
The auto assigned public IPs are not yours to deassociate and reassociate.
You can't tell them "I changed my mind, I want to use this IP as if it was an Elastic IP". It doesn't work like that. You can't really pick your elastic IP. You just ask for one, and then operate with whatever IP they gave you.
You cannot manually associate or disassociate a non-elastic IP address from your instance. Instead, in certain cases, aws release the public IP address from your instance, or assign it a new one for below cases:
1. They release the public IP address for your instance when it's stopped or terminated. Your stopped instance receives a new public IP address when it's restarted.
They release the public IP address for your instance when you associate an Elastic IP address (EIP) with your instance, or when you associate an EIP with the primary network interface (eth0) of your instance in a VPC. When you disassociate the EIP from your instance, it receives a new public IP address.
If the public IP address of your instance in a VPC has been released, it will not receive a new one if there is more than one network interface attached to your instance.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses
If you require a persistent public IP address that can be associated to and from instances as you require, use an Elastic IP address (EIP) instead. You can allocate your own EIP, and associate it to your instance. For more information, please see Elastic IP Addresses (EIP).
Easy, setup a HTTP or TCP transparant proxy, with HAProxy or Nginx.