Why doesn't AWS allocate elastic IP's to all the servers being spawned? They allocate public IP by default to all the servers, which gets lost after a reboot of EC2 instances.
What's the logic behind not allowing elastic IPs automatically?
TL;DR Because Elastic IP (EIP) addresses are not needed for all/most use cases.
There is a limited supply of routable IP addresses. If every server on a public subnet received one, those IP addresses would remain allocated even when the servers were off. If the server was terminated it would be unclear if the use of that IP was concluded or is still necessary for other use. Which brings up the real reason for Elastic IP's.
An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. [1]
The take away from this is if you're not using EIP's for dynamic cloud computing you're probably using them incorrectly. This is a good example of a correct use case.
If you require a persistent public IP address that can be associated to and from instances as you require, use an Elastic IP address instead. For example, if you use dynamic DNS to map an existing DNS name to a new instance's public IP address, it might take up to 24 hours for the IP address to propagate through the Internet. As a result, new instances might not receive traffic while terminated instances continue to receive requests.[2]
Related
My API accesses a service that wants to know what the possible IP address range is for the API so they can whitelist us. How do I know what IP addresses AWS may assign when the load balancer creates new instances?
Direct answer: AWS publishes its IP address ranges in a publicly accessible JSON file. IP ranges are associated with a region and a service, and as you can imagine, there are a lot of them. At the current moment there are 71 CIDR blocks associated with EC2 in us-west-2, for example. That's as specific as you can get, though. So you'd have to supply your partner with all of the EC2 IP address ranges for your region in order to guarantee that they would permit any IP address assigned to an instance your autoscale group might start up. Oh, and they do change periodically, so your partner would have to maintain that list.
Suggestion: Sounds like you have your EC2 instances in public subnets and are assigning public IPs to them. Instead, you can create your EC2 instances in private subnets and use a NAT Gateway to allow them to access the Internet. If you do this, the source IP for outbound traffic will the be the elastic IP address you assign to the NAT gateway. So you can give your partner a definite IP address they can permit to access their service.
Using a private subnet for your EC2 instances also reduces your attack surface area, since the EC2 instances won't have individual public IP addresses.
we whitelist client IPs on our server. We have a new client and the client is telling us they use AWS servers and they said "you'll need to whitelist their (AWS) IPs list from the us-east-1 region". They provided us a spreadsheet of these IPs (164 ips).
Does this seem reasonable that a customer would use all IPs from a AWS region ?
Thanks
It doesn't make sense that they would use ALL the IPs. It does make sense that they don't know the IP they will be using ahead of time, and can only tell you that it will be from that list of IPs. If that's a problem then you could ask your customer to create a NAT Gateway with a static IP address (AWS Elastic IP), which you could then whitelist. However that will require added monthly costs, and added complication to your user.
A NAT gateway is NOT REALLY MANDATORY for meeting this requirement.
There are 2 possibilities:
Your Client will be accessing your service from a single server which has a public static IP (Elastic IP)
Your Client will be accessing your service from a single server/multiple servers that don't have a public static IP
In first case, you can simply white-list the clients elastic IP.
In second case, all their traffic will be routed via an AWS internet gateway which definitely will have an IP address associated to it. You will just need to white list that internet gateway IP instead of white-listing all the IPs
I want to use the Amazon Web Service free micro-instance for my different projects for testing and personal purpose. But I required some static-public IP on which I can run my server.
Is that possible? From where I can buy just IP and use it with my AWS?
EC2 Elastic IP Addresses
Elastic IPs are tied to an account, not an instance.
You need to look at AWS VPC for this.
Whilst VPC is free outside of the usual instance pricing, it doesn't work with Micro instances (the cheapest ones).
When not using VPC, you're assigned IP addresses through DHCP. When the DHCP lease expires, or you restart, your IP is released back to the pool.
VPC lets you use private IP addressing, you can use it with Elastic IPs and is much easier to integrate with a physical infrastructure setup.
If you're only testing/investigating AWS and have little or no budget to use anything other than a Micro instance, I'd just suck it up and deal with the changing of IPs.
If you've got a budget that lets you use instances other than Micro, then go for VPC.
Also, if you're doing more than testing/investigating I'd recommend starting with VPC straight away as trying to migrate from a non VPC to a VPC infrastructure is a massive PITA.
For every AWS account, 5 free elastic ips are provided. You have to just allocate them to required instance. But make sure that the allocate address(newly created elastic ip) in in use, because you will billed if the Elastic ip is not in use.
Looks like they have configured ARP statically so you can only use the IP address on an instance that was bound to that instance through the EC2 management console.
I just configured one of my instances to use a static IP address other than the one assigned through the management console and rebooted the instance.
I'm still receiving ARP responses on the old address but not receiving ARP responses on the new address at all.
Unfortunately for me, I have a not responding instance (NFS File Server) stuck in a stopping state while I attempt to terminate it.
The IP Address bound to that instance cannot be re-assigned to a replacement instance so now I have to reconfigure
On the whole pricing delima: When you come to think of it, there is a limited amount of static IPs so there must some pricing (supply and demand). This pricing is two fold: 1) for upto a limited number (5 per account) you don't have to pay. 2) if you created one you need to use it if you don't you'll be billed (to prevent every user to get 5 static IPs)
When I launch an EC2 instance,I will get a private ip and public ip.The public ip can be
visited by a dns domain like 'ec2-184-73-237-10.compute-1.amazonaws.com'.When I ping it,I got ip address 184.73.237.10.
My question is: does 184.73.237.10 only belongs to me or it's shared by different instances?
If it's shared by different instances,how does it work? As far as I know, each instances(linux) can be accessed by ssh.
Thanks in advance :-)
It only belongs to you (there is a 1:1 mapping between public and private IP addresses), but it can change at any time. For this reason, if you need an instance to be permanently accessible by IP they recommend using an Elastic IP Address. EIP is free as long as it's actually associated with an instance.
It is recommended to create and associate an Elastic IP (AWS's static IP) to your instance. And this IP will be only yours.
The benefit of Elastic IP, is that, even you can associate it to other instance, restored server from the AMI image of parent instance, thus bring back your site in case of any issues/attacks.
Does the ELB's IP Ever Change once setup, or will it always access instances from the same location during its lifetime no matter what might be going on with it behind the scenes at Amazon?
ELB's IP address keeps changing. You should instead use the DNS name provided to you.
http://developer.amazonwebservices.com/connect/thread.jspa?threadID=32280
The short answer: Yes, ELB's IP addresses (both the ones that are publicly distributed to clients of your service, and the internal IPs from which ELB sends traffic to your instances) dynamically change.
The long answer: See my article about how ELB works for more info:
http://shlomoswidler.com/2009/07/elastic-in-elastic-load-balancing-elb/
I understand this question has been already answered but I found the article "Best Practices in Evaluating Elastic Load Balancing" on the AWS site that explains why the ELB's IP addresses keep changing.
By default, Elastic Load Balancing will return multiple IP addresses
when clients perform a DNS resolution, with the records being randomly
ordered on each DNS resolution request.
...and the importance to ask to the DNS the actual IPs to use
If clients do not re-resolve the DNS at least once per minute, then
the new resources Elastic Load Balancing adds to DNS will not be used
by clients.
http://aws.amazon.com/articles/1636185810492479
Note: originally ELB (Elastic Load Balancer) referred to an L7 balancer what is now called ALB (Application Load Balancer), which indeed has changing IPs.
But there's an other kind of ELB, the L4 NLB (Network Load Balancer), which by default uses static IP addresses (and you can stick Elastic IP as well, if you want flexibility of moving the ElasticIP around).
So it is important to distinguish which ELB we are talking about - ALB or NLB.