Elastic Compute Cloud EC2 IP Addressed

Securely using an instance:

There are several ways that an instances may be addressed over the web upon creation:

  • Public Domain Name System ( DNS ) Name – When you launch an instances, AWS creates a DNS name that can used to access the instance. This DNS name is generated automatically and cannot be specified by the customer.
  • The name can be found in the Description tab of the AWS Management Console or via the command line Interface (CLI) or Application Programming Interface (API). This DNS name persist only while the instances is running and cannot be transferred to another instance.
  • Public IP – A launched instance may also have a public IP address assigned. This IP address is assigned from the addresses reserved by AWS and cannot be specified. This IP address is unique on the internet, persist only while the instances is running, and cannot be transferred to another instance.
  • Elastic IP – An Elastic IP address is an address unique on the internet that you reserve independently and associate with an Amazon EC2 instance. While similar to a public IP, there are some key differences.
  1. Private IP Address:
  • All EC2 instances are automatically created with a PRIVATE IP address.
  • The private IP address is used for internal ( inside the VPC ) communication between instances

      2. Public IP Address:

  • When creating an EC2 instance, you have the option to enable (or auto-assign ) a public IP Address.
  • A public IP address is required if you want the EC2 instance to have direct communication with resources across the open internet.
  • Auto-assigning is based on the setting for the selected subnet that you are provisioning the instance in.

     3. Elastic IP Address (EIP):

  • An EIP is a static IPv4 address designed for dynamic cloud computing.
  • An EIP is a public IPv4 address.
  • With an EIP you can attach a public IP address to an EC2 instances that was created with only a private IP address.
  • You can mask the failure of an instances or software by rapidly remapping the address to another instance in your account ( i.e. detaching the EIP from one instance and attaching it to another).
  • Attaching an EIP to an instance will replace its default public IP address for as long as it is attached.


 4. Initial Access:

  • Amazon EC2 uses public-key cryptography to encrypt and decrypt login information.
  • Public-key cryptography uses a public key to encrypt a piece of data and an associated private key to decrypt the data.
  • These two keys together are called a key pair. Key pairs can be created through the aws management Console, CLI or API, or customers can upload their own key pairs.
  • AWS stores the public hey, and the private key is kept by the customer.The private key is essential to acquiring secure access to an instances for the first time.

  5. In Case of Windows:

  • When launching a Windows instance, Amazon EC2 generates a random password for the local administrator account and encrypts the password using the public key. Initial access to the instance is obtained by decrypting the password with the private key, either in the console or through the API.
  • The decrypt password can be used to log in to the instances with the local administrator account via RDP.

6. Virtual Firewall Protection:


Types of security group                                            Capabilities

  •          EC2-Classic Security Groups                                    Control outgoing instance traffic
  •          VPC Security Groups                                                  Control outgoing and incoming instance traffic


  7. Security Group Rule Attributes :


Attribute                                                                   Meaning

Post                                                                                  The port number affected by this rule. For instance, port 80 for HTTP traffic.

Protocol                                                                          The communications standard for the traffic affected by this rule.

Source/Destination                                                     Identifies the other end of the communication, the source for incoming traffic rules, or the                                                                                                           destination for outgoing traffic rules.

 CIDR block – An x.x.x.x/x style definition that defines a specific range of IP addresses.

Security group – Includes any instances that is associated with the given security. This helps                                                                                                   prevent coupling security group rules with specific IP addresses.





Post Author: Rohit

Leave a Reply

Your email address will not be published. Required fields are marked *