Login/Register
Public IP of AWS Internet gateway [closed]
Asked Answered
amazon-web-servicesnetworkingcloudamazon-vpc
K

1

30

I would like to know the public IP of AWS internet gateway. My client needs it to do an IP whitelist. How can I get it? My instance is faced to the internet directly and didn't route via any NAT gateway. From my understanding, The public IP should be the elastic IP of EC2 instance, which connects to my client. Can any guy make sure of my understanding?

Thanks

Keats answered 29/5, 2020 at 11:14 Comment(1)
This seems like a reasonable question to me. Maybe its been cleaned up a bit.Poohpooh
C
52

You are correct.

An Internet Gateway is a logical connection between a VPC and the Internet. If there is no Internet Gateway, then there is no connection between the VPC and the Internet.

Every Amazon EC2 instance in a VPC has a private IP address. They can optionally also have a public IP address. This can either be a random one assigned when an instance is started, or a static Elastic IP address can be assigned to the instance.

Actually, these public IP addresses are assigned to an Elastic Network Interface (ENI). An instance can have multiple ENIs.

The instance itself doesn't actually 'know' that it has a public IP address / Elastic IP address. Instead, when traffic comes from the Internet destined for the public IP address, the Internet Gateway performs a reverse NAT and sends the traffic to the private IP address of the instance. Similarly, any traffic going from the instance to the Internet Gateway comes from the private IP address of the instance, which the Internet Gateway then forwards as coming from the instance's public IP address.

Thus, the Internet Gateway 'owns' the public IP address, but forwards it to the instance. It's all quite magical, so sometimes it's just easier to imagine as the instance having the public IP address.

One benefit of this method is that an Elastic IP address can be reassigned to another instance and traffic will immediately flow to the new instance without any configuration changes on the 'old' or 'new' instance. They just get traffic via their private IP addresses without knowing that a public IP address was involved.

Creatural answered 29/5, 2020 at 12:17 Comment(6)
Great answer, i can startup an instance with public ip in a priv subnet (without igw). who owns the public ip then ? isnt that an inconsistency? who knows about the mapping between public and priv ip in that case ?Begonia
An EC2 instance in a private subnet with a public IP address is exactly as described above -- the Internet Gateway will still associate the public IP address with the private IP address. However, there won't be any connectivity between the private subnet and the Internet, so communications will fails.Creatural
i wonder how the igw can associate priv and public ips, if there is no igw by definition in a priv subnetBegonia
The Internet Gateway would continue to translate the public IP address into a private IP address, but it would be unable to send traffic to the private subnet. So, the traffic would just disappear into a 'black hole'.Creatural
so I create an EC2 with private IP inside VPC attached to a Internet gateway, now I need access it from the internet, I need assign a public IP to this EC2 and set up route table, that works. Can this work when EC2 has no public IP assigned? i.e. the Internet Gateway uses its own public IP and then forward to private EC2. I could not find the public IP of the gateway though.Homophone
@LaoShaw When you can an Amazon EC2 instance in a Private Subnet, it is not accessible from the Internet. That is the definition of a "private subnet".Creatural

© 2022 - 2024 — McMap. All rights reserved.