DEV Community

Prashant Lakhera
Prashant Lakhera

Posted on

Why do I only see the private IP address when logged into an AWS EC2 instance?

This is a common question that comes to everyone's mind. Some of you may have thought about it, while others might have ignored it.
The simple answer to this question is that you don't see the public IP address directly within the instance because this is how Amazon Web Service networking is structured, particularly involving public and private IP addresses, NAT, and Elastic IP addresses. Let's understand this with step by step.

Let's first start with Private IP address
What is a Private IP address?
A private IP address is assigned to a Virtual Private Cloud subnet instance. This address is only routable within the VPC and is used for communication between instances within the same VPC.

Now, what is a Public IP address?
A public IP address is assigned to an instance to allow communication over the internet. This IP address is routable over the internet and can be used to access the instance from outside the VPC
Now combine both of them and see how it works
When you launch an EC2 instance in a VPC, Amazon Web Service assigns a private IP address to the instance from the IP range of the subnet. If you choose to associate a public IP address, Amazon Web Service handles this as follows
Amazon Web Service assigns a public IP address from its pool. This public IP address is mapped to the private IP address of the instance
Amazon Web Service uses Network Address Translation to map the public IP address to the private IP address. This allows the instance to be accessible from the internet while keeping its private IP address within the VPC.
When you send a request to the public IP address, Amazon Web Service routes the request to the private IP address of the instance using NAT. This ensures that the instance receives the request on its private IP address
The instance has an Elastic Network Interface that holds the private IP Elastic Network Interface. This Elastic Network Interface is configured within the VPC.
The public IP address is mapped to the private IP address Elastic Network Interface through the Elastic Network Interface, enabling communication with the instance via the public IP address.

But I still have the same question: why do I still not see the public IP when I log into the instance?
When you log into the instance via SSH or any other method:
You are actually connecting to the public IP address, but the NAT process translates this to the private IP address, allowing you to establish the connection.
Once logged in, the instance itself only recognizes its private IP address because the public IP address is an external mapping managed by Amazon Web Service
If you are still confused let's understand this one more time
The instance operates entirely within the VPC using its private IP address. The public IP address is not directly configured on the instance itself; it is an external mapping for internet-facing communication.
Amazon Web Service's NAT mechanism ensures that any outgoing traffic from the instance to the internet appears to come from the public IP address, and incoming traffic to the public IP address is routed to the private IP address.

So is there is anyway I can see public IP associated with the instance, the answer is yes?
You can also query the instance metadata to retrieve the public IP address from within the instance.
So, to summarize, The reason you only see the private IP address when logged into the instance is due to the separation of network configuration and IP address management between the instance's internal configuration and Amazon Web Service's external infrastructure. The public IP is mapped and managed by Amazon Web Service at the network layer, ensuring that the instance only needs to be aware of its private IP addresses for internal communication

For more content like this, check out my book, Cracking the DevOps Interview.
https://pratimuniyal.gumroad.com/

Top comments (0)