DEV Community

Cover image for Adding Secondary (ENI) - Private IP to Amazon EC2 (Ubuntu 22.04) for SSH
Govind Kumar
Govind Kumar

Posted on

Adding Secondary (ENI) - Private IP to Amazon EC2 (Ubuntu 22.04) for SSH

Problem:

If you have an Amazon EC2 instance running Ubuntu 22.04, you might need to access the instance from multiple private IP addresses. This can be challenging because, by default, an EC2 instance is assigned a single private IP address at the launch.

Solution and Approach:

To solve this challenge, you can add a secondary private IP address to your EC2 instance using an Elastic Network Interface (ENI). This will allow you to SSH into the instance using the new private IP address. Here are the steps you need to follow:

But before that Let's understand:

What is an ENI?

It is a virtual network interface that holds a certain number of IPs for communication. There are multiple options to configure an ENI

Option 01: Setup an ENI while launching the EC2 Instance

It is advisable not to apply these steps directly on Prod Instances. Please ensure that you have tested this setup on Dev infra before moving it to the higher environments.

Option 02: Create an ENI from the Console, Navigate to the created ENI and attach it as a secondary ENI to an EC2 Instance.

Once the ENI is attached to the EC2 Instance, you should be able to locate 2 private IPs on the EC2 (Networking Window)

Steps to make use of the ENI

Step 01: Log in to the Server Using SSH

Take a note of the IP address using the following command

ip a
Enter fullscreen mode Exit fullscreen mode

It should return the two ENIs

Step 02: Get note of the gateway

Take note of the Gateway

ip r
Enter fullscreen mode Exit fullscreen mode

The above command should return the gateway

In this case, it is default via 10.0.12.1

Step 03: Disable the Network Configuration using the following steps

sudo vi /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
Enter fullscreen mode Exit fullscreen mode

Add the Following Line

network: {config: disabled}

Step 04: Navigate to the folder and create 2 Files (ens5.yaml & ens6.yaml)

sudo vim /etc/netplan/ens5.yaml
Enter fullscreen mode Exit fullscreen mode

Past the below contents in ens5.yaml file

network:
  version: 2
  renderer: networkd
  ethernets:
     ens5:
      addresses:
       - 10.0.13.193/22 #The private IP address of primary ENI
      dhcp4: no
      routes:
       - to: 0.0.0.0/0
         via: 10.0.12.1 # Default gateway, you can find it using** ip r** command
         table: 1001 
       - to: 10.0.13.193
         via: 0.0.0.0
         scope: link
         table: 1001
      routing-policy:
        - from: 10.0.13.193
          table: 1001

Enter fullscreen mode Exit fullscreen mode

Past the below contents in ens6.yaml file

sudo vim /etc/netplan/ens6.yaml
Enter fullscreen mode Exit fullscreen mode
network:
  version: 2
  renderer: networkd
  ethernets:
     ens6:
      addresses:
       - 10.0.15.150/22 #The private ip of newly created ENI - Secondary ENI
      dhcp4: no
      routes:
       - to: 0.0.0.0/0
         via: 10.0.12.1 # Default gateway
         table: 1002
       - to: 10.0.15.150
         via: 0.0.0.0
         scope: link
         table: 1002
      routing-policy:
        - from: 10.0.15.150
          table: 1002
Enter fullscreen mode Exit fullscreen mode

Step 05: Ensure that you correctly place the IP address, Routes, Table Value and Default Gateway address.

Step 06: Apply the changes

sudo netplan --debug apply
Enter fullscreen mode Exit fullscreen mode

And, here we go! You should be able to take the ssh of your system from both IP addresses.

Summary

In conclusion, adding a secondary private IP address to an EC2 instance running Ubuntu 22.04 is a straightforward process that can be accomplished by following a few simple steps. By adding a secondary private IP address, you can access your EC2 instance from multiple private IP addresses, which can be useful in certain situations. Always remember to follow best practices such as stopping the instance before adding the secondary private IP address and assigning a private IP address from the subnet's IP address range.

Top comments (2)

Collapse
 
jeanpdt profile image
Jean Rodrigo Santos

what changes i need to do to this work with port 80 ?

Collapse
 
psingh profile image
Puneet

After following these steps I loose my SSH connection to the box and can not connect again. I need to terminate that instance.

Can you please guide?