Can I remove the public IP on my instance without terminating it?

Question

I have several instances on a vpc that communicate with each other through their private ips. Each instance was launched sometime ago and assigned a random public IP which is not used for anything. Since anything that is public presents a vulnerability and they are not used at all, I would like to removed them.

Is it possible to Remove public Ip Addresses without terminating the instance?

Answer 1

Amazon now brings this option that you can remove the auto-assigned public ipv4 from AWS EC2 NIC console. Please do the following steps to remove the public IPV4.

1. Navigate to AWS EC2 console
2. Select your EC2 instance
3. Choose Networking of your EC2 instance and select primary NIC
4. Choose Actions and select Manage IP address
5. Then expand your eth0
6. Now you can see the Auto-assign public IP with enable/disable.
7. Just disable the Auto-assign public IP as per below image
8. Finally save it.
9. If you want public ipv4 then you can assign it again.

Answer 2

Below worked

create temp-priv-ni same subnet private interface use default security group
eni-xx-temp-priv-ni 
allocate new public elastic ip
associate new public elastic ip to instance 
attach eni-xx-temp-priv-ni to same instance

check instance has two private ips and new public elastic ip and past public eip is gone
then 
disassociate public eip 
go to instance network interfaces and detach eni-xx-temp-priv-ni
server will be now with same private ip and its public ip gone 

the new public ip and new private ips can be deleted

Answer 3

Steps worked for me:

1. Disable auto assign public IP setting on vpc subnet.
2. Stop the ec2 instance.
3. Open Network Interface Manage IP address settings and assign a secondary private IP.
4. Open Elastic IPs and associate an elastic IP to the ec2 with secondary private IP.
5. Start the Ec2 Instace.
6. Open Network Interface Manage IP address settings and unassign the secondary IP.
7. Done, now you can release the previously associated elastic IP.

Answer 4

Yes you can remove a public IP address from an instance.

This solution applies when your instance was launched in a subnet with the "auto-assign public IP" setting enabled. This makes AWS add a public IP address that seems hard to remove.

Notes:

• If you change the subnet auto-assign setting and stop and start the instance, this does not work, it has no effect. The public IP remains.
• If you got your public IP by associating an elastic IP then it's a different case and easy to fix; all you need to do is right-click on the instance or on the Elastic IP, and choose "Networking", "Disassociate Elastic IP Address")

There is a voted-down solution here that seems to work at first, but the public IP comes back (as a different address) when you start the instance up again.

Solution: (detailed steps below)

You need to first add another Network Interface, (so there are two or more N.Is), then you can release the public address by adding and removing an elastic IP.

Here is a detailed step-by-step guide:

1. Create a new network interface.
2. Attach the new network interface to your instance. Now there will be two or more network interfaces attached to your instance. This is important. There MUST be two or more for this to work.
3. Create a new Elastic IP (in the EC2 console).
4. Right-click on the new EIP and associate it to the instance whose public IP you want to remove. The original public IP will be replaced by the new one.

5. Now do the reverse of step 4, disassociate the EIP you have just added. At this point, right-click on the instance and select "Networking", "Manage IP addresses", you will see there are no public IPs on you instance any more. at this point. You must refresh the instances view otherwise you will not see this.

   The public IP is now gone for good. Even if you stop and start the instance, it will not return.

6. Tidy up: delete the elastic IP you created earlier. Don't delete the new extra Network Interface. This has to stay in place. If you remove the new / second NI then the public IP will come back the next time you stop and start the instance.

I know this sounds a bit strange, but it is in the AWS docs here and I've tested it and it works.

The relevant part from the AWS documentation on that page, is this: "If the public IP address of your instance in a VPC has been released, it will not receive a new one if there is more than one network interface attached to your instance."

Answer 5

It is a very old thread but the easiest way of removing a public ip associated via VPC settings is:

1. create an elastic IP
2. assign the elastic ip to the host owning the public ip that you want to release (the ip is released at this step)
3. disassociate the ip address from the elasic ip management screen.

Answer 6

Nope that is not possible without terminating the instance. If it was Elastic Ip then it would have worked.

The only option is Take AMI of the instance, terminate the instance and launch the AMI in the VPC without enabling Public Ip address for that instance.

Once you terminate the instance with that private IP you can assign that private ip again to a new Instance you created from the Image. (As long as it's in the same VPC and subnet) This way you don't need to update the private IPs off all the "instances on a vpc that communicate with each other through their private ips"