I have an EC2 instance that had a dynamic public IP. Due to changing requirements I assigned a new Elastic IP. I shut down the instance and restarted it. The console now shows the new IP and no longer the old, dynamic one.
Problem is now I can not ping nor curl/wget to the public Internet any longer from this instance. I do have an outgoing rule for port 80 and 443 setup. I also allow ICMP in both directions.
I have a load balancer setup in another instance. That instance can access the problematic instance over the private IP no problem.
I did notice that while all my other instances list their public IP (dynamic or Elastic) the instance in question lists "ec2-x-x-x-x.compute-1.amazonaws.com". Not sure what to make of that...
What could be my issue?
If you are not seeing the public IP show up in the console for the system, but instead are seeing the hostname as you mention, it means that your public IP is NOT assigned to the instance. Suggest you go to the Elastic IPs section of the console and re-attach the EIP to the instance.
Note, if you are not running in a VPC, when you reboot the instance, the EIP will drop off the instance.
Related
I am new to AWS and tried to create an EC2 instance.
I have a domain and ready to modify the A record to the associated EC2 instance.
I found an article that said an elastic IP is required for associating a production domain.
But AWS provides a public IP and it is accessible on the public internet too (i know it changes after restart, just assuming its okay to modify the A record after the machine is restarted - actually it is not restart very often).
In this case, is it a must that to assign an elastic IP to the instance (this instance contains no load balancing, it is only a simple single instance)?
If yes, why is it necessary?
An Elastic IP (EIP) is not necessary provided that you understand the limitations of public IPs. You may not reboot your instance, but AWS might for any number of reasons. This means that the public IP address could change when you are not expecting it.
When an EIP is assigned to a running EC2 instance, there are no charges for the EIP e.g. it is free. Therefore why go thru the hassle of needing to monitor your public IP address.
I'm new to setting up applications and currently facing issues connecting to my IP address.
Recently, I launched my first AWS instance and it was working fine before I attached it to an Elastic IP (trying to attach to my GoDaddy domain). The instance state is "running" and everything looks healthy, but when I go to the Public IP/Elastic IP, I get an error message saying: "This site can’t be reached. XX.XXX.XX.XXX refused to connect". I'm using a Mac and my web server is listening on port 80.
Things I have checked:
internet connection is working
not using any firewall/anitvirus
emptied all cache/cookies
not using a proxy server
My Security Group
– inbound ports 80, 8080, 22 and 3389;
– outbound ports 8080, All traffic.
My VPC
– subnet ID is verified and "available"
– route Tables 172.31.0.0/16 & 0.0.0.0/0 are "active", not propagated
Can someone help and please point out what I'm doing wrong?
Attaching an Elastic IP Address to an Amazon EC2 instance does not change anything on the instance itself. It is purely an assignment of a Public IP Address within the Amazon VPC.
Amazon EC2 instances do not normally know their own public IP address. Instead, traffic sent to the Public IP Address is routed through the Internet Gateway and then to the private IP address of the instance. As long as you did not somehow configure the old public IP address within the instance, the assignment of the Elastic IP Address should not be a problem.
You can remove the Elastic IP Address and try connecting again -- the instance will receive an auto-assigned IP address again (which might change whenever you start/stop the instance).
Some things you could try are:
Connect to another instance in the same subnet, with the same Security Group. If this works, then you know that the problem is with the instance itself, rather than the network.
Try connecting to the non-responsive instance from another instance in the same subnet using the private IP address of the non-responsive instance. This will eliminate potential networking problems.
The standard things to always check when attempting to connect from the Internet to an EC2 instance are:
Internet Gateway attached to the VPC
You are referencing the instance via a Public IP Address
Instance was launched in a public subnet, which means that the subnet is associated to a Route Table that routes to the Internet Gateways
Security Group is permitting the inbound traffic from your IP Address and port (outbound traffic configuration is irrelevant because Security Groups are stateful)
Network ACL is not blocking the traffic (by default it permits all inbound and outbound traffic)
The instance is listening on the port (eg Linux SSH on port 22, Windows RDP on port 3389)
There are no host-based firewalls on the instance blocking traffic (eg Windows Firewall)
I always reboot my Linux servers on AWS after associating an elastic IP. Normally I wouldn't blindly suggest rebooting a Linux server, but I have found it helpful in cases like this. There are several things you should think about before rebooting. Making sure you don't have important files exclusively on volatile storage would be one example.
Re "...when I go to the Public IP/Elastic IP..." How are you going to the address? Sounds like you're trying to connect with a web browser.
Have you tried connecting from your Mac over some other protocol, like ssh? That would be another way to confirm that your elastic IP is in effect
Have you tried to connect to the web server more directly? Like using wget from the server's shell? You would use the private IP address or localhost, so that doesn't help diagnose the elastic IP address.
I have several instances on a vpc that communicate with each other through their private ips. Each instance was launched sometime ago and assigned a random public IP which is not used for anything. Since anything that is public presents a vulnerability and they are not used at all, I would like to removed them.
Is it possible to Remove public Ip Addresses without terminating the instance?
Yes you can remove a public IP address from an instance.
This solution applies when your instance was launched in a subnet with the "auto-assign public IP" setting enabled.
This makes AWS add a public IP address that seems hard to remove.
Notes:
If you change the subnet auto-assign setting and stop and start the instance,
this does not work, it has no effect. The public IP remains.
If you got your public IP by associating an elastic IP then it's
a different case and easy to fix; all you need to do is right-click on
the instance or on the Elastic IP, and choose "Networking", "Disassociate
Elastic IP Address")
There is a voted-down solution here that seems to work at first, but the public IP comes back (as a different address) when you start the instance up again.
Solution: (detailed steps below)
You need to first add another Network Interface, (so there are two or more N.Is), then you can release the public address by adding and removing an
elastic IP.
Here is a detailed step-by-step guide:
Create a new network interface.
Attach the new network interface to your instance. Now there will be two
or more network interfaces attached to your instance. This is important.
There MUST be two or more for this to work.
Create a new Elastic IP (in the EC2 console).
Right-click on the new EIP and associate it to the instance whose public IP
you want to remove. The original public IP will be replaced by the new one.
Now do the reverse of step 4, disassociate the EIP you have just added.
At this point, right-click on the instance and select "Networking", "Manage
IP addresses", you will see there are no public IPs on you instance any
more. at this point. You must refresh the instances view otherwise you
will not see this.
The public IP is now gone for good.
Even if you stop and start the instance, it will not return.
Tidy up: delete the elastic IP you created earlier. Don't delete the new
extra Network Interface. This has to stay in place. If you remove the new /
second NI then the public IP will come back the next time you stop and
start the instance.
I know this sounds a bit strange, but it is in the AWS docs here and I've tested it and it works.
The relevant part from the AWS documentation on that page, is this: "If the public IP address of your instance in a VPC has been released, it will not receive a new one if there is more than one network interface attached to your instance."
Nope that is not possible without terminating the instance. If it was Elastic Ip then it would have worked.
The only option is Take AMI of the instance, terminate the instance and launch the AMI in the VPC without enabling Public Ip address for that instance.
Once you terminate the instance with that private IP you can assign that private ip again to a new Instance you created from the Image. (As long as it's in the same VPC and subnet) This way you don't need to update the private IPs off all the "instances on a vpc that communicate with each other through their private ips"
Steps worked for me:
Disable auto assign public IP setting on vpc subnet.
Stop the ec2 instance.
Open Network Interface Manage IP address settings and assign a secondary private IP.
Open Elastic IPs and associate an elastic IP to the ec2 with secondary private IP.
Start the Ec2 Instace.
Open Network Interface Manage IP address settings and unassign the secondary IP.
Done, now you can release the previously associated elastic IP.
Below worked
create temp-priv-ni same subnet private interface use default security group
eni-xx-temp-priv-ni
allocate new public elastic ip
associate new public elastic ip to instance
attach eni-xx-temp-priv-ni to same instance
check instance has two private ips and new public elastic ip and past public eip is gone
then
disassociate public eip
go to instance network interfaces and detach eni-xx-temp-priv-ni
server will be now with same private ip and its public ip gone
the new public ip and new private ips can be deleted
It is a very old thread but the easiest way of removing a public ip associated via VPC settings is:
create an elastic IP
assign the elastic ip to the host owning
the public ip that you want to release (the ip is released at this
step)
disassociate the ip address from the elasic ip management
screen.
I have a windows EC2 instance running a production website and DNS is configured to have my domain name point to its public IP. There is currently no Elastic IP (EIP) associated with the instance. I would like to start using a Elastic IP and have my domain name point to it instead of the public IP (which can change if I ever have to change the instance).
Reading the documentation I find this statement troubling:
When you associate an EIP with an instance, the instance's current
public IP address is released to the EC2-Classic public IP address
pool.
My fear is this:
I assign an EIP to the instance and the public IP is released.
Now my website no longer works, because the domain name points to the public IP, which is no longer associated with my EC2 instance.
I must then point DNS records to the EIP. But this could take up to 48 hours for propagation to take place (i.e. my site may be be unreachable for up to 48 hours).
How can I do this without having to live through DNS propagation?
If your EC2 instance is in a VPC, you can add a second network interface onto your EC2 instance. You can associate your Elastic IP address with that second network interface. This way, your EC2 instance could respond to both IP addresses.
Instructions
Create a new Network Interface in the same subnet as your EC2 instance.
Allocate a new Elastic IP for your VPC (if you haven't done so already).
Associate the Elastic IP address with your new Network Interface (eni).
Attach your new Network Interface to your EC2 instance.
Do not change your DNS yet.
You may need to RDP/SSH into your EC2 instance to make some configuration changes to ensure your EC2 instance responds correctly to the new IP address.
Modify the hosts file on your local computer to test connecting to your website via the new IP address.
When that works, do the DNS switch and restore your hosts file.
48 to 72 hours before your pre-determined switch-over time, reduce the time-to-live (TTL) on your DNS entry to 300 seconds (5 minutes).
At your designated switch-over time:
Attach the Elastic IP address
Update your DNS entry to point to your Elastic IP address
Doing this, your effective "downtime" is reduced to 5 minutes.
You can have two identical EC2 instances. One with the old public IP where DNS record is pointing to. One with the EIP assigned. Requests should be able to access anyone of the two instances without noticing it. Your application must be able to scale horizontally. Then you change DNS record to point to EIP. Eventually, when DNS is updated, all requests to your domain will end up going to the EC2 instance with the EIP. At that moment you can stop or terminate the old EC2 instance.
Other possibility if your application cannot scale horizontally and if it is a web application, the web server in the old EC2 instance can redirect requests to the EIP. It would redirect to an IP address but it's a possibility.
If you don't use EC2-Classic instances, you can freely move the Elastic IP to any other EC2 instance without losing the EIP.
aws ec2 associate-address --region us-east-1 --allocation-id eipalloc-xxxxxxxxxxx --allow-reassociation --network-interface-id eni-xxxxxxxxxx
where eipalloc-xxxxxxxxxxx is the id of the Elastic IP and eni-xxxxx is the id of the target EC2 instance.
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-recover-ip-address/
Elastic IP addresses
It's a best practice to use an Elastic IP address. Elastic IP addresses are allocated to your account, instead of to the instance. You can associate your Elastic IP addresses to and from instances as needed.
If you release the Elastic IP address that was allocated to your account, you might be able to recover it. For more information, see Recovering an Elastic IP address.
All instances except EC2-Classic instances retain their associated Elastic IP addresses when stopped. AWS continues to bill for Elastic IP addresses associated with a stopped instance.
Note: Elastic IP addresses associated with EC2-Classic instances aren't recoverable.
I recently moved a small R project from a regular EC2 instance to an instance behind a VPC. I installed rstudio-server as normal, and it seems to be running. However, unlike a regular EC2 instance, there is no public DNS to connect to. (There is a public IP address, but going there doesn't seem to do the trick.)
In this case, what browser address should I go to to access rstudio server?
Many thanks!
You have launched the instance in VPC. Here is the check list:
When launching the instances in VPC, make sure you launch it in the public subnet of your VPC. Else it will not be accessible from outside
When launching the instances in VPC (presuming public Subnet), do ensure that you check a box which says something like "assign a public IP address to the instance" at the time of creating the instance. By default this is not checked. So if you fail to check this box, then Instance will not have a public host name. You can however, assign an elastic IP later on.
Make sure you VPC security groups are configured properly to allow necessary incoming/outgoing access. In your case, incoming access on port 80 is/443 is essential.