πŸ” Why You Only See a Private IP Inside an AWS EC2 Instance — Even If It Has a Public IP

Why You Only See a Private IP Inside an AWS EC2 Instance

πŸ€” The Mystery: Where Did My Public IP Go?

Let’s say you’ve just launched an EC2 instance in AWS. You assign it a public IP address like 54.201.112.34, and you successfully SSH into it:

ssh ec2-user@54.201.112.34

Once inside, you run:

ip addr

But instead of seeing the public IP, you get something like:

inet 10.0.1.42/24 brd 10.0.1.255 scope global eth0

So… where’s the public IP?

🧠 What’s Actually Happening Behind the Scenes

Every EC2 instance gets a private IP from the VPC subnet. If you assign a public IP (or Elastic IP), AWS performs a 1:1 NAT mapping externally — not inside the instance. The OS inside the instance never sees the public IP.

TL;DR: The public IP is mapped outside the instance by AWS NAT. The instance is only aware of its private IP.

🌐 Visual Flow (Conceptual)

YOU (Public Internet)
   |
   | Connects to Public IP: 54.201.112.34
   |
[ AWS NAT Gateway ]
   |
Translates Public → Private (1-to-1 NAT)
   |
[ EC2 Instance ]
   |
Private IP: 10.0.1.42

πŸ§ͺ Real-World Example

Action Behind the Scenes
You SSH to 54.201.112.34 AWS NAT translates it to 10.0.1.42
You run ifconfig or ip addr You only see 10.0.1.42
You curl an external API Traffic leaves as 54.201.112.34, but source is still private internally

πŸ’‘ How to See Your Public IP from Inside EC2

The operating system doesn’t know the public IP. You can ask AWS directly using the Instance Metadata Service.

✅ IMDSv1 (Legacy)

curl http://169.254.169.254/latest/meta-data/public-ipv4

πŸ” IMDSv2 (Recommended)

TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" \
  -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")

curl -H "X-aws-ec2-metadata-token: $TOKEN" \
  http://169.254.169.254/latest/meta-data/public-ipv4

β„Ή️ What is 169.254.169.254?

It's a link-local IP that AWS uses to expose instance metadata such as:

  • Instance ID
  • Region
  • Public/Private IPs
  • IAM roles
  • Tags, AZ, etc.

πŸ“Œ What About Elastic IPs?

Elastic IPs are static public IPs that can be reassigned to other instances. But even EIPs behave the same way — they’re still externally mapped. The EC2 instance will still only know about its private IP.

⚠️ Common Gotchas

  • Use private IP in internal firewalls and configs
  • Use public IP for allowlists in external services
  • Don’t forget: public IPs can change unless you're using an Elastic IP
  • Public IP discovery must go through metadata service

✅ Summary

What You See Why It Happens
Only private IP in EC2 Public IP mapped externally via AWS NAT
Public IP missing from ifconfig Not attached to the OS, only available via metadata
Elastic IP behaves same Still NAT-mapped externally

🧠 Final Thoughts

Understanding how AWS handles networking and NAT can save hours of confusion, especially in production environments where public IPs are required for access control, logging, and external APIs.

Pro tip: Always query the metadata API to retrieve public IPs and instance-specific details reliably.

πŸ“Ž Further Reading

Comments

Post a Comment

Popular posts from this blog

A Day in the Life of a DevOps Engineer – Roles & Responsibilities

  Introduction In the fast-paced world of software development and IT operations , the role of a DevOps Engineer is crucial in bridging the gap between development (Dev) and operations (Ops). DevOps professionals streamline workflows, automate processes, and ensure seamless deployment and monitoring of applications. In this blog post, we will cover: ✅ Who is a DevOps Engineer? ✅ Key Roles & Responsibilities ✅ A Typical Day in the Life of a DevOps Engineer ✅ Essential DevOps Tools & Technologies ✅ Skills Required for a DevOps Engineer ✅ Conclusion Let’s dive in! πŸš€ Who is a DevOps Engineer? A DevOps Engineer is responsible for: πŸ”Ή Automating software development, testing, and deployment pipelines πŸ”Ή Ensuring infrastructure is scalable and reliable πŸ”Ή Managing cloud environments and CI/CD pipelines πŸ”Ή Monitoring and improving system performance πŸ”Ή Collaborating with developers, testers, and operations teams DevOps engineers reduce the time-to-market by maki...
Read more

Docker and Its Usage in DevOps – A Complete Guide

  Introduction In modern software development, containerization has revolutionized the way applications are built, shipped, and deployed. Docker is the most widely used containerization tool that allows developers to package applications with all dependencies into a lightweight, portable container . This blog will cover: ✅ What is Docker? ✅ Why use Docker in DevOps? ✅ How to install Docker? ✅ Basic Docker commands ✅ Using Docker in CI/CD Pipelines ✅ Deploying Docker Containers with Kubernetes Let’s dive in! πŸš€ What is Docker? Docker is an open-source platform that enables developers to build, deploy, and run applications in isolated environments called containers . These containers encapsulate application code, dependencies, and runtime environment into a single package, ensuring consistent behavior across different systems. Why Use Docker in DevOps? ✅ Portability: Write once, run anywhere – Docker containers run the same way on any system. ✅ Scalability: Easily s...
Read more