Amazon EC2 instances within a Virtual Private Cloud (VPC) can now have multiple IP addresses. This oft-requested feature builds upon several other parts of AWS including Elastic IP Addresses and Elastic Network Interfaces.
Use Cases
Here are some of the things that you can do with multiple IP addresses:
- Host multiple SSL websites on a single instance. You can install multiple SSL certificates on a single instance, each associated with a distinct IP address.
- Build network appliances. Network appliances such as firewalls and load balancers generally work best when they have access to multiple IP addresses on a network interface.
- Move private IP addresses between interfaces or instances. Applications that are bound to specific IP addresses can be moved between instances.
The Details
When we launched the Elastic Network Interface (ENI) feature last December, you were limited to a maximum of two ENI's per EC2 instance, each with a single IP address. With today's release we are raising these limits, allowing you to have up to 30 IP addresses per interface and 8 interfaces per instance on the m2.4xl and cc2.8xlarge instances, with proportionally smaller limits for the less powerful instance types. Inspect the limits with care if you plan to use lots of interfaces or IP addresses and expect to switch between different instance sizes from time to time.
When you launch an instance or create an interface, a private IP address is created at the same time. We now refer to this as the "primary private IP address." Amazingly enough, the other addresses are called "secondary private IP addresses." Because the IP addresses are assigned to an interface (which is, in turn attached to an EC2 instance), attaching the interface to a new instance will also bring all of the IP addresses (primary and secondary) along for the ride.
You can also allocate Elastic IP addresses and associate them with the primary or secondary IP addresses of an interface. Logically enough, the Elastic IP's also come along for the ride when the interface is attached to a new instance. You will, of course, need to create an Internet Gateway in order to allow Internet traffic into your VPC.
In addition to moving interfaces to other instances, you can also move secondary private IP addresses between interfaces or instances. The Elastic IP associated to the secondary private IP will move with the private IP to its new home.
As I mentioned when we launched the ENI feature, each ENI has its own MAC Address, Security Groups, and a number of other attributes. With today's release, these attributes apply to all of the IP addresses associated with the ENI.
In order to make use of multiple interfaces and IP addresses, you will need to configure your operating system accordingly. We are planning to publish additional documentation and some scripts to show you how to do this. Code and scripts running on your instance can consult the EC2 instance metadata to ascertain the current ENI and IP address configuration.
Console Support
The VPC tab of the AWS Management Console includes full support for this feature. You can manage the IP addresses associated with each interface of a running instance:
You can associate IP addresses with network interfaces:
You can set up interfaces and IP addresses when you launch a new instance:
Pricing
You can use one Elastic IP Address per instance at no charge (as long as it is mapped to an EC2 instance), as has always been the case. We are reducing the price for Elastic IP Addresses not mapped to running instances to $0.005 (half of a penny) per hour in both EC2 and VPC.
Each additional Elastic IP Address on an instance will also cost you $0.005 per hour. We have also changed the billing model for Elastic IP Addresses to prorate usage, so that you'll be charged for partial hours as appropriate.
There is no charge for private IP addresses.
I hope that you have some ideas for this important new feature, and that you are able to make good use of it.
-- Jeff;
excellent - when will this be rolled out to normal EC2 instances and ELB's ?
Posted by: Andy | July 09, 2012 at 02:25 AM
yes, we need this for regular ec2 instances please!
Posted by: Dan | July 09, 2012 at 02:28 PM
How does this affect network throughput? Does an instance with two NICs (each with a single IP) have the same network throughput of a single NIC with two IPs?
Posted by: Corbett | July 10, 2012 at 05:19 AM
Corbett, this is covered in the EC2 User Guide ( http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-eni.html )
"Attaching another network interface to an instance is not a method to increase or double the network bandwidth to or from the dual-homed instance."
Posted by: Jeff Barr | July 10, 2012 at 08:56 AM
So could I use a virtual firewall (a Vyatta, for example) to route and firewall between IPs in an instance?
Posted by: Daniel Schrader | July 11, 2012 at 11:52 AM
Daniel, yes you can! This is the multi-homed model, which I described at http://aws.typepad.com/aws/2011/12/new-elastic-network-interfaces-in-the-virtual-private-cloud.html .
Posted by: Jeff Barr | July 12, 2012 at 04:47 PM
Totally agree we need this for instances outside of VPC.
Posted by: Sean Bannister | July 24, 2012 at 09:37 AM
+1 for regular EC2, please.
Posted by: Mkennedy | August 29, 2012 at 07:07 PM
For those requesting this outside of a VPC, you won't be able to do that because you are using dynamic IP addresses. If Amazon ever decides to permit static addresses like they do in a VPC, you would then be able to do the above of multi-homing. Until then, simply move to a VPC, it's not difficult.
Posted by: Amazoneuser1 | September 11, 2012 at 12:56 PM
"....with proportionally smaller limits for the less powerful instance types. Inspect the limits with care if you plan to use lots of interfaces or IP addresses and expect to switch between different instance sizes from time to time...."
What is the breakdown ? We want multiple IP's on the M1.medium platform.
Posted by: Peter | November 06, 2012 at 10:13 PM