VPC Security and Control
VPC Sharing using the AWS Resource Access Manager
AWS Networking Basics
Introduction to AWS PrivateLink
Using AWS Network Firewalls to Secure Your VPCs
Inter-Regional and Intra-Regional Communication Patterns
The course is part of this learning path
In this section of the AWS Certified Advanced Networking - Specialty learning path, we introduce you to the various networking and VPC services currently available in AWS that are relevant to the ANS-C01 exam.
- Identify and describe the various networking services available in AWS
- Describe how to configure an Amazon Virtual Private Cloud (VPC)
- Understand how to control network traffic via Security Groups and Network Access Control Lists (NACLs)
- Describe options for VPC connectivity, subnets, and routing
- Understand how to share VPC resources using the AWS Resource Access Manager (RAM)
- Identify how to evaluate the configuration of VPC resources using the VPC Reachability Analyzer
The AWS Certified Advanced Networking - Specialty certification has been designed for anyone with experience designing, implementing, and operating complex AWS and hybrid networking architectures. Ideally, you’ll also have some exposure to the nuances of AWS networking, particularly regarding the integration of AWS services and AWS security best practices. Many exam questions will require advanced level knowledge of many AWS services, including AWS networking services. The AWS Cloud concepts introduced in this course will be explained and reinforced from the ground up.
Hello and welcome to this lecture covering an overview of Elastic IP addresses, known as EIPs.
When architecting your infrastructure from a network perspective, you might have both public and private IP addresses. Your public IP addresses will be reachable from the internet from within a public subnet, whereas your private IP addresses will be hidden in a private subnet.
When launching an EC2 instance, you can select the subnet that it will reside in, and if you want EC2 to auto-assign a Public IP address. If you select Enable, then your instance will be launched with one of AWS' public IP addresses from their pool of available public addresses.
If this auto-assign option is selected, then that public IP address will remain with that instance until it is stopped or terminated, at which point it will be removed from your instance. However, there will be times when you need a persistent IPv4 public IP address that you need to have associated with your instance, which is exactly what an Elastic IP Address provides.
When you create a persistent elastic IP address, the IP address is associated with your account rather than an instance. This means you can attach an EIP address to an instance or an Elastic Network Interface, an ENI, and even if you stop the instance its associated with, the same EIP will remain in place. You can also detach the EIP from an instance and re-attach it to another instance. However, do bear in mind that when you detach an EIP and it's not associated with a running instance, then you will incur a cost for it. If you no longer need the EIP, you must detach it from the associated instance and release it back to AWS.
If you associate an EIP to an instance that already has a pooled public IP address, then that pooled public address will be released and put back into the pool, and your instance will take on a new EIP address. It's also worth mentioning that you can't convert an existing pooled public IP address to an EIP.
I will now provide a quick demonstration, and I will start by creating a new EIP within my account. I will then associate this EIP to a running instance in my VPC that already has a public IP address. And I will then confirm that the instance has the newly associated public IP address. I will then detached this EIP and release it back to AWS.
Let's take a look. So I've logged into my AWS management console, and I have an instance running here. Now if we look at the settings of this instance, we can see that it has currently a public IP address, 22.214.171.124. So this is sitting in a public subnet at the moment. And this IP address is just allocated out of AWS' public IP address pool. It's not an elastic IP address. If it was then you'd see an entry under this section here.
Firstly, what I want to demonstrate is that these public IP addresses that are just allocated from the pool are not persistent. So if I stop this instance and then restart it, we'll see that it will have a different public IP address. So this currently has 126.96.36.199. So if I go ahead and stop this, that'll just take a moment to stop. Okay, that's now stopped, we can see that it's released the public IP address. And if I start this instance again, and we'll see what IP address it has this time.
Okay, that's now back up and running. And we can see that it is a totally different public IP address. So it just goes to show when you stop and start your instances using one of the publicly assigned IP addresses from AWS, that is not an elastic IP address, then that IP address is going to change each time. Now let me go ahead and create an elastic IP address to show you how to do that. Now on the left hand side, under network and security, you will see elastic IPS. So if you select that, at the moment, I don't have any elastic IP addresses, so all I need to do is select Allocate new address.
Now I can select an elastic IP address that is owned by Amazon or one that's owned by myself. For this demonstration, I'm going to be using an Amazon-owned address, and select Allocate. Okay and we have our elastic IP address 188.8.131.52. So now we have that here, but at the moment, it's not actually assigned to any instance. When you have an elastic IP address created and it's not associated to an instance, it's going to cost you money. So you want to make sure that you either release any unassociated elastic IP addresses back to AWS, or associate it with an instance. To associate it with an instance, select Actions, and then Associate address.
Now here, you can either associate it to an instance or a network interface. For this demonstration, I'm going to associate it to a running instance. Now the instance that we was looking at just a moment ago, was called public instance. And as we can see that is currently running. Now also have to associate a private IP address to associate to the IP as well, so it can communicate internally with the rest of the subnets on your VPC.
So this is the private IP address that was running on our instance, so we'll select that. And now I just need to select Associate. So our EIP is now associated to a running instance. So let's go and take a look. So if we go back to our instances, we can now see that the public IP address is our EIP address, which is 184.108.40.206. And we can also see here that it's allocated the elastic IP address which is the same.
So to associate an EIP with an already running instance is very easy, it just replaces the existing public IP address that it had previously. Now if I stop this instance and restart it, we'll see that it maintains this same elastic IP address, 220.127.116.11. So let me just demonstrate that now. So I'm gonna stop this instance.
Okay, that's now stopped. And we can see here that it's still maintaining this elastic IP address, whereas previously with the general pooled public IP address, this cleared, this entry cleared when we stopped the instance. So if we start this instance again, and we can see that it's retained and persisted this public IP address. So it behaves very differently.
Okay, so now what I'm going to do is disassociate this elastic IP from this instance. So if I go back to my elastic IPs, we can see our elastic here and we can see that it's associated to our instance, if I go to Actions, Disassociate address, and it just gives us information on the instance ID and the network interface that it's going to disassociate it from.
So if I go ahead and disassociate that, we can now see that it's not related to any instance at all. And if I go back to my instance, we can see that the elastic IP address is now gone, and instead it had pooled a general AWS public IP address instead. Which as we know, is not persistent when we restart and stop the EC2 instance. However, now I have an elastic IP address that isn't being used.
So again, this is costing me money. So now I want to release it back to AWS 'cause I no longer need it. So again, I select the EIP, select Actions, and Release address. Then we just have a confirmation message, and I select Release. And it's as simple as that.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.