Difference between EC2 “Elastic IP” and “IPv4 Public IP”

4
votes

I would like to understand the difference between Elastic IP and IPv4 Public IP that's assigned to an EC2 instance and their significance.

I have been trying to connect to the Internet from an EC2 instance I launched within a new public subnet created within a new VPC. I created a new Internet Gateway, a new route table, a new network ACL, and a new security group and configured them appropriately.

However, I am unable to connect to the Internet from the EC2 instance even though I was able to SSH into it remotely.

Going over Internet forums, I learned that for an EC2 instance to connect to the Internet from a public subnet, the instance should have an Elastic IP. The instance I created has IPv4 Public IP, but not Elastic IP. Can someone please explain the need for an Elastic IP?

Here are the steps to replicate this issue:

  1. Create a new VPC (Services -> Networking & Content Delivery -> VPC -> Virtual Private Cloud -> Your VPCs).
    IPv4 CIDR: 10.0.0.0/16.
    Set Edit DNS Hostnames -> Yes.
  2. Create a new Subnet (Virtual Private Cloud -> Subnets) in the above VPC.
    IPv4 CIDR: 10.0.0.0/24.
    Set Modify auto-assign IP settings -> Enable auto-assign public IPv4 address.
  3. Create a new Internet Gateway (Virtual Private Cloud -> Internet Gateways). Attach to VPC and select the new VPC.
  4. Create a new Route Table (Virtual Private Cloud -> Route Tables) and associate it with the new VPC.
    Routes tab -> Edit -> Add another route -> Destination: 0.0.0.0/0 and Target: above Internet Gateway.
    Subnet Associations -> Associate -> Select the earlier created new Subnet -> Save.

  5. Create a new Network ACL (Virtual Private Cloud -> Security -> Network ACLs) and associate it with the new VPC.
    Inbound Rules -> Edit ->
    Rule # Type Protocol Port Range Source Allow / Deny
    100 SSH (22) TCP (6) 22 0.0.0.0/0 ALLOW
    200 HTTP (80) TCP (6) 80 0.0.0.0/0 ALLOW
    300 HTTPS (443) TCP (6) 443 0.0.0.0/0 ALLOW

    Outbound Rules -> Edit ->
    Rule # Type Protocol Port Range Source Allow / Deny
    100 ALL Traffic ALL ALL 0.0.0.0/0 ALLOW

    Subnet Associations -> Associate with the new Subnet -> Save

  6. Create a new Security Group (Virtual Private Cloud -> Security -> Security Groups) and associate it with the new VPC.
    Inbound Rules -> Edit ->
    Type Protocol Port Range Source
    HTTP (80) TCP (6) 80 0.0.0.0/0
    SSH (22) TCP (6) 22 0.0.0.0/0
    HTTPS (443) TCP (6) 443 0.0.0.0/0

    Outbound Rules (No change and as below)
    Type Protocol Port Range Source
    ALL Traffic ALL ALL 0.0.0.0/0

  7. Launch a new Ubuntu Server 16.04 LTS EC2 instance.
    Configure Instance -> Network -> New/created VPC
    Configure Instance -> Subnet -> New/created Subnet (auto selected)
    Configure Security Group -> Select an existing security group -> New/created security group -> Review and Launch
    In EC2 instance description, Elastic IPs will be blank and IPv4 Public IP will be populated (this difference is what that lead to my question).
  8. SSH into the new Ubuntu EC2 instance with login: ubuntu Run $ sudo apt-get update and there is no response.

I am not sure what else needs to be done for the EC2 instance to access the internet or in which step am I making a mistake. As the instance is in the public subnet of VPC, I don't think moving it to a private subnet and connecting via NAT would be a good option. All I want is direct connectivity to the Internet from the EC2 instance.

(Thanks John for the formatting help and everyone who responded)

2
amazon-web-servicesamazon-ec2
"I learned that for an EC2 instance to connect to the internet from a public subnet, the instance should have an Elastic IP" That's not true, it just needs a public IP. - Mark B
Does your route table have open access to the outside world? A non-default VPC is private by default, the default VPC is public. - Henry
If you can SSH into the instance, then you should be able to access the Internet from the Instance. Could you please show your Outbound Security Group configuration for the instance? - John Rotenstein
Yep, the route table associated with the subnet into which I launched the EC2 instance is connected to an Internet Gateway that I created manually. Here are the route table contents: Destination Target Status Propagated 10.0.0.0/16 local Active No 0.0.0.0/0 igw-3610c451 Active No And, here are the Outbound and Inbound of the security group: Type Protocol Port Range Destination All traffic All All 0.0.0.0/0 Type Protocol Port Range Source HTTP TCP 80 0.0.0.0/0 SSH TCP 22 0.0.0.0/0 HTTPS TCP 443 0.0.0.0/0 - user3886219
Sorry, line breaks got stripped in my earlier post.. - user3886219

2 Answers

5
votes

You need an elastic IP if you want to retain the IP after a stop/start. If the instance doesn't have an elastic IP, it will get a new IP after a stop/start.

In your case, you should be able to connect to the internet. Did you modify the default outbound rules of the security group? If not, post the output of traceroute or lft which will tell where the problem is.

Did you create the VPC manually or using the VPC wizard? If you use the VPC Wizard, everything is setup automatically.

1
votes

As far as your Question is concerned , there is not much adding a Elastic IP do relative to IpV4 Public IP. At the end , both are IPs only.

Agreed with what mentioned by @helloV

I would suggest you to relook at your bi-directional Internet Gateway Configurations . and read VPC (Internet Gateway Config)