How to add a second permanent private IP to ec2 instance via cloudfomation

77 Views Asked by At

I'm running an EC2 instance through ECS and I have a requirement where I need two private IP addresses for my instance:

The default primary IP address that gets assigned automatically (this can change when a new instance is started). A secondary private IP address that remains constant/permanent regardless of instance restarts or replacements. The main reason behind this is to maintain a consistent IP address while allowing AWS to manage the primary IP.

I tried doing this through a CloudFormation template where I defined a secondary network interface and attempted to attach it to my EC2 instance. However, I ran into a problem because CloudFormation doesn't provide a direct way to reference an instance ID inside an Auto Scaling Group, which is typically how ECS manages instances.

Here's a snippet of my CloudFormation template:

AWSTemplateFormatVersion: "2010-09-09"
Parameters:
  EcsClusterName:
    Type: "String"
    Description: "Type name of your cluster"
    Default: "name"

  InstanceName:
    Type: "String"
    Description: "Name of the EC2 instance."
    Default: "name"

  KeyName:
    Type: "AWS::EC2::KeyPair::KeyName"
    Description: "Name of an existing EC2 KeyPair to enable SSH access to NAT instances."
    Default: "my-key"

  VpcId:
    Type: 'AWS::EC2::VPC::Id'
    Description: Select a VPC that allows instances to access the Internet.
    Default: "vpc-..."

  SubnetIds:
    Type: 'List<AWS::EC2::Subnet::Id>'
    Description: Select at least two subnets in your selected VPC.
    Default: "subnet-..."

  DesiredCapacity:
    Type: Number
    Default: 1  
    Description: Number of instances to launch in your ECS cluster.

  MaxSize:
    Type: Number
    Default: 1  
    Description: Maximum number of instances that can be launched in your ECS cluster.

  InstanceType:
    Description: EC2 instance type
    Type: String
    Default: "c6g.2xlarge"

  DefaultSecurityGroup:
    Type: "String"
    Description: "Default security group for the EC2 instances."
    Default: "sg-..."
  
  SecurityIngressCidrIp:
    Type: "String"
    Description: "CIDR IP range for the security group ingress."
    Default: "0.0.0.0/0"

  SecurityIngressFromPort:
    Type: "Number"
    Description: "Start of the port range for the security group ingress."
    Default: 80

  SecurityIngressToPort:
    Type: "Number"
    Description: "End of the port range for the security group ingress."
    Default: 80


Resources:
  ECSCluster:
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: !Ref EcsClusterName

  EcsSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: ECS Security Group
      VpcId: !Ref VpcId
      SecurityGroupIngress:
        - CidrIp: !Ref SecurityIngressCidrIp
          FromPort: !Ref SecurityIngressFromPort
          ToPort: !Ref SecurityIngressToPort
          IpProtocol: '-1'

  EcsAutoScalingGroup:
    Type: 'AWS::AutoScaling::AutoScalingGroup'
    Properties:
      LaunchConfigurationName: !Ref EcsLaunchConfiguration
      MinSize: !Ref DesiredCapacity
      MaxSize: !Ref MaxSize
      DesiredCapacity: !Ref DesiredCapacity
      VPCZoneIdentifier: !Ref SubnetIds
      
      Tags:
      - Key: "Name"
        Value: !Ref InstanceName
        PropagateAtLaunch: true

  SecondaryNetworkInterface:
    Type: "AWS::EC2::NetworkInterface"
    Properties: 
      SubnetId: !Select [0, !Ref SubnetIds] 
      PrivateIpAddresses:
        - 
          Primary: "true"   
        - 
          Primary: "false"
          PrivateIpAddress: "10.0.3.0" 
      GroupSet: 
        - !Ref EcsSecurityGroup
        - !Ref DefaultSecurityGroup


    AttachNetworkInterface:
    Type: "AWS::EC2::InstanceNetworkInterfaceAttachment"
    Properties: 
      InstanceId: 
      NetworkInterfaceId: !Ref SecondaryNetworkInterface
      DeviceIndex: "1"



  EcsLaunchConfiguration:
    Type: 'AWS::AutoScaling::LaunchConfiguration'
    Properties:
      ImageId: 'ami-...'
      InstanceType: !Ref InstanceType
      SecurityGroups:
        - !Ref EcsSecurityGroup
      KeyName: !Ref KeyName
      AssociatePublicIpAddress: true
      SecurityGroups:
      - !Ref EcsSecurityGroup
      - !Ref DefaultSecurityGroup
   
      #       PrivateIpAddress: '10.9.0.0' 

0

There are 0 best solutions below