Introduction

Public IP addresses on AWS EC2 instances can incur additional costs and expose your infrastructure to potential security risks. You can optimize costs and enhance security by removing auto-assigned public IPs and using Elastic Network Interfaces (ENIs) with Elastic IPs (EIPs). This guide will walk you through eliminating public IPs from your AWS EC2 instances with minimal downtime.

Understanding the Cost Shift of Public IPs in AWS

When assigned to EC2 instances, public IPs can lead to higher costs due to data transfer charges. You can significantly reduce these expenses by using private IPs within your VPC and associating Elastic IPs only when necessary. Elastic IPs offer more control and flexibility, allowing you to associate and disassociate them as needed.

Creating an AMI from an Existing Server

  1. Log in to the AWS Management Console.
  2. Navigate to EC2 Dashboard.
  3. Select the instance from which you want to create an AMI.
  4. Choose Actions > Image > Create Image.
  5. Fill in the required details for the image and click “Create Image.”

Creating an AMI ensures you have a backup of your instance before making any changes, allowing for a quick rollback.

Launching an Instance from the AMI

  1. Go to the AMIs section in the EC2 dashboard.
  2. Select the AMI you just created.
  3. Click on Launch.
  4. Configure the instance details as needed.
  5. Under Network Settings, disable the option to auto-assign a public IP.
  6. Complete the launch process.

Launching a new instance from the AMI without a public IP helps transition smoothly without affecting the original instance.

Removing the Auto-Assigned Public IP

  1. Stop the instance if it’s running.
  2. Go to the instance settings and disable the auto-assign public IP option.
  3. Restart the instance to apply the changes.

Creating an Elastic Network Interface (ENI) and Elastic IP (EIP)

  1. Navigate to the Network Interfaces section in the EC2 dashboard.
  2. Click on Create Network Interface.
  3. Fill in the details and create the ENI.
  4. Go to the Elastic IPs section.
  5. Allocate a new Elastic IP.
  6. Associate the EIP with the ENI.

Associating the EIP with the ENI and Disassociating When Not Needed

  1. Go to the EC2 Dashboard.
  2. Select the ENI you created.
  3. Click on Actions > Manage IP Addresses.
  4. Associate the EIP with the ENI.
  5. When the public IP is not needed, disassociate the EIP from the ENI to avoid unnecessary costs.

Keeping the Additional ENI to Prevent Auto-Assignment of Public IP

Keeping an additional ENI ensures that the instance does not get an auto-assigned public IP in the future. This ENI acts as a placeholder for network configurations.

Verification Steps

Verifying Public IP Association

  1. Go to the EC2 Dashboard.
  2. Select the instance.
  3. Check the instance details to ensure no public IP is associated.

Checking Network Interfaces

  1. Navigate to Network Interfaces.
  2. Verify the status and associations of the ENIs.
  3. Ensure that the primary ENI has no public IP.

Server Restart Verification

  1. Restart the instance.
  2. Check connectivity and ensure all configurations persist.
  3. Verify that the public IP has not been re-assigned.

Conclusion

Removing public IPs from AWS EC2 instances helps optimize costs and enhance security. By following these steps, you can ensure minimal downtime and maintain a stable infrastructure. Use Elastic IPs and ENIs strategically to manage your network configurations efficiently.

References

Bring your IP addresses (BYOIP) to Amazon EC2

Associate Elastic IP addresses with resources in your VPC