Have you ever launched an EC2 instance into a subnet only to discover your instance doesn't have a public IPv4 address? Your subnet configuration may be the reason for this issue. In this quick tip, I will explain why this happens and show you how to control this behavior.
When launching an EC2 instance from the AWS portal, you need to specify how a public IP address gets assigned to the instance. There are a few options, but the one I want to focus on here allows AWS to auto-assign an IPv4 address. This option pulls an IP address from Amazon's public IP address pool and assigns it to your instance.
The auto-assign option is set via the launch wizard's auto-assign Public IP setting, as shown in the image below. There are three values to choose from, "Use subnet setting", "enable", or "disable".
The "enable" and "disable" values do exactly what you would expect; enable or disable the auto-assign functionality. Disabling the auto-assign property is useful when the EC2 instance shouldn't be publicly available or maybe you will assign an Elastic IP (EIP) address to the instance. Choosing the "Use subnet setting" can lead to an instance that isn't available publicly over the Internet.
It's All About the Subnet
Notice in the image below that subnets have a property named Enable auto-assign public IPv4 address. This property configures the subnet's auto-assign behavior.
An instance launched with the "Use subnet setting" value instructs AWS to apply the IP address assignment behavior as configured at the subnet level.
Subnet Behavior
Subnets created by AWS are called default subnets. These subnets have their auto-assign property set to true by default. Subnets you create, called non-default subnets, set the property's value to false by default. The one exception to this rule is a subnet created by the Instance Launch Wizard. The wizard sets the auto-assign property to true.
If you select the default subnet at the time of instance creation and choose the "Use subnet setting" option, the instance will have a public IPv4 address assigned. However, if you choose a non-default subnet, that instance may not get a public IP address. It all depends on how you configured your subnet to use the auto-assign functionality.
AWS provides an API to modify the subnet's auto-assign property. You can use the AWS CLI to enable or disable the property.
To enable auto-assign:
aws ec2 modify-subnet-attribute --subnet-id <your-subnet-id> --map-public-ip-on-launch
To disable auto-assign:
aws ec2 modify-subnet-attribute --subnet-id <your-subnet-id> --no-map-public-ip-on-launch
Changing the value does not affect existing instances. It only applies to future instances created within the subnet. The AWS portal can be used to modify this setting as well.
In this quick tip I wanted to point out the behavior of the auto-assign property, both at the instance, and more so at the subnet level. Not enabling the auto-assign option at the subnet level may lead to the creation of an EC2 instance that doesn't have a public IP address, forcing you to recreate the instance after you've modified the subnet properties.
Top comments (1)
Thank you for this posting. I'm learning AWS and I was stuck on this issue. Now I got the logic and can easily handle this situation.
I fixed my group by changing the public subnet attribute :)