0

We have several EC2 instances that are in a private subnet, but gets a public IP address every time that instance is launched.

That private subnet has "Auto-assign Public IP" property set to No, but what happens is when instance was created, it got AssociatePublicIpAddress property set to true.

Now we don't know how to reset AssociatePublicIpAddress to false without terminating the instances.

I'd expect aws ec2 create-network-interface would have an option for that, but it's not the case.

EC2 C# API has a method to change that - see here, but we don't use that API. EC2 Console UI is clearly missing that, and we can't find anything in aws cli too. Any ideas how to modify AssociatePublicIpAddress to false for an existing instace?

Tagar
  • 10,563
  • 4
  • 78
  • 99

1 Answers1

2

Unfortunately you cannot dissociate a public IP from an EC2 instance:

You cannot manually associate or disassociate a public IP address from your instance

We release the public IP address for your instance when it's stopped or terminated

You will have to terminate the instance in order to remove the public IP address.

Source

Community
  • 1
  • 1
spg
  • 7,593
  • 3
  • 27
  • 34
  • Thanks for prompt response. I know that I can't disassociate a public IP address from a running instance. That's wasn't the question I asked. I asked how to make it not to associate a public IP address automatically when instance is started next time. More precisely, how to set instance/interface prtoperty AssociatePublicIpAddress to false. – Tagar Jan 18 '17 at 19:19
  • 1
    When you create an instance from the AWS Console, there's a listbox named "Auto-assign Public IP" (in the panel "Step 3: Configure Instance Details"). You must set it to "Disable" if you're launching the instance in a subnet that is set to auto-assign public IP addresses to new instances. – spg Jan 18 '17 at 19:48
  • Thanks for pointing to that. Yes, I know. Again, the question is how to change that for an *existing* instance. We should be able to update AssociatePublicIpAddress to false somehow and then restart instance (not terminate it), and then it will not allocate public IP. The question is how to update that AssociatePublicIpAddress? Instances are create by a tool, so it's not necessarilly we can control that. Another thing is it'll be a big hurdle to recreate those instances. – Tagar Jan 18 '17 at 20:03
  • 1
    @Ruslan you can't. This is a fixed attribute. It's also illogical that you would want to. If an instance does not need a public IP address, it should not have been launched in a public subnet, and the subnet is another attribute that cannot be changed. You need a new instance, correctly provisioned. It should be launched in a private subnet. See also [Why do we need private subnets in VPC?](http://stackoverflow.com/a/22212017/1695906) – Michael - sqlbot Jan 19 '17 at 00:56
  • Thank you Michael. "This is a fixed attribute" - if you would post this as a separate answer with reference to AWS documentation - I'll accept as correct asnwer as it'll explain why I can't find aws cli command to change that property. "If an instance does not need a public IP address, it should not have been launched in a public subnet" - Sorry, my bad. In my first sentence I meant *private* subnet. Corrected. My second sentence starts "That private subnet has.. " proves I really meant private :-) – Tagar Jan 19 '17 at 05:52