Elastic IP Addresses

The use of auto-assigned public IPv4 addresses can be useful, but they are somewhat ephemeral in nature. Often, you may need to allocate static IPv4 addresses for your AWS resources that are more controlled in nature and, again, elastic. You will use EIPs for these use cases. A perfect example of an EIP is when replacing a workload that has externally facing services that must be reachable via the same IP address; when the workload is replaced, the EIP can be migrated and associated with the new one.

An EIP is a public IPv4 address that is allocated and associated with your AWS account. Much like ENIs, these EIPs can be moved between resources as needed. EIPs are allocated first and then associated with specific resources. From an EC2 perspective, you can associate an EIP with either an EC2 instance or a network interface. When associating an EIP to an EC2 instance, the EIP will be associated with the IP address assigned to the primary network interface. Additionally, any EIPs assigned to secondary ENIs attached to an instance will also show up on the EC2 dashboard as being associated with the instance.

Note

EIPs can also be assigned to resources like elastic load balancers and NAT gateways.

When an EIP is reassigned from one instance to another, the public IPv4 address is reassigned and associated with the private IP of the interface on the new instance. If you recall the one-to-one NAT association that is built on the internet gateway (IGW), this NAT entry is what gets updated. This process is represented in Figure 1.7:

Figure 1.7: Reassociate an EIP

Reassociating an EIP is just configuring the one-to-one NAT entry on the internet gateway of the VPC.

Configuring Elastic IP Addresses

This section details the creation of an EIP both from the AWS console and using the AWS CLI. To configure an EIP, navigate to the EC2 dashboard of the AWS console, select Elastic IPs, and choose the Allocate Elastic IP address option. As shown in Figure 1.8, you must give the EIP a name and define what AWS network border group to allocate the EIP from. This is a geographic representation of the AWS border and governs from which public IP address pool the IP should come.

Figure 1.8: Allocate EIP details

The main choice to make with an EIP is to which regional area the IP should be allocated; this should match the geographic area in which you expect to use the IP.

Next, you will need to associate the EIP with a resource. The process of associating the EIP with either an EC2 instance or a network interface is shown in Figure 1.9 and continued in Figure 1.10. Figure 1.9 shows the AWS console menu where the association action can be selected.

Figure 1.9: Associate Elastic IP address

This begins the process of choosing the ENI or EC2 instance with which to associate the Elastic IP.

Figure 1.10 offers two options: the EC2 instance (and its default network interface), or an ENI that is not the default network interface of an EC2 instance.

Figure 1.10: Associate EIP details

Selection of one or the other is a matter of whether the ENI will be associated with an EC2 instance that will use the interface in a dedicated fashion with the Elastic IP, or whether the EC2 instance will use its default network interface for traffic related to the associated Elastic IP.

An EIP can be created using the AWS CLI aws ec2 allocate-address command.

For example, the following code will allocate an EIP using the AWS CLI:

aws ec2 allocate-address --domain vpc

An EIP can be associated using the AWS CLI aws ec2 associate-address command.

For example, to associate an EIP using the AWS CLI, use this code:

aws ec2 associate-address --instance-id i-12345678 --allocation-id eipalloc-12345678