Search code examples
linuxamazon-web-servicesamazon-ec2ipv4aws-security-group

Private IP of an EC2 instance

Whenever I create a new amazon EC2 instance(linux or windows), in addition to public IP there is also private IP assigned to it.

We use public IP to access resources on that instance. Resources like tomcat etc...

What is the exact purpose of private IP provided for that instance?

Solution

  • The primary reason to use primary IP of a EC2 instance is to route the traffic internally within your subnet or VPC. If you have two instances instA and instB in the same VPC:

    • If you use the private IP to communicate, traffic will stay within the VPC, it will not be routed out, the routing table will route it internally
    • If you use the public IP to communicate, traffic will go out to internet (through NAT or internet gateway) and come back to your VPC. This unnecessary roundtrip can be avoided if you use the private IP
    • Since private IP is internal, it is more secure since there is no chance for third party to inspect/inject the traffic
    • No data transfer charge if the traffic stays internal to VPC (and same availability zone). But if data flows out of VPC, you need to pay for data xfer charge
    • Unless you expect your instance to accept traffic from outside, you should not launch your instances in public subnet or assign public IPs to it