I'm running an EC2 instance through ECS and I have a requirement where I need two private IP addresses for my instance:
The default primary IP address that gets assigned automatically (this can change when a new instance is started). A secondary private IP address that remains constant/permanent regardless of instance restarts or replacements. The main reason behind this is to maintain a consistent IP address while allowing AWS to manage the primary IP.
I tried doing this through a CloudFormation template where I defined a secondary network interface and attempted to attach it to my EC2 instance. However, I ran into a problem because CloudFormation doesn't provide a direct way to reference an instance ID inside an Auto Scaling Group, which is typically how ECS manages instances.
Here's a snippet of my CloudFormation template:
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
EcsClusterName:
Type: "String"
Description: "Type name of your cluster"
Default: "name"
InstanceName:
Type: "String"
Description: "Name of the EC2 instance."
Default: "name"
KeyName:
Type: "AWS::EC2::KeyPair::KeyName"
Description: "Name of an existing EC2 KeyPair to enable SSH access to NAT instances."
Default: "my-key"
VpcId:
Type: 'AWS::EC2::VPC::Id'
Description: Select a VPC that allows instances to access the Internet.
Default: "vpc-..."
SubnetIds:
Type: 'List<AWS::EC2::Subnet::Id>'
Description: Select at least two subnets in your selected VPC.
Default: "subnet-..."
DesiredCapacity:
Type: Number
Default: 1
Description: Number of instances to launch in your ECS cluster.
MaxSize:
Type: Number
Default: 1
Description: Maximum number of instances that can be launched in your ECS cluster.
InstanceType:
Description: EC2 instance type
Type: String
Default: "c6g.2xlarge"
DefaultSecurityGroup:
Type: "String"
Description: "Default security group for the EC2 instances."
Default: "sg-..."
SecurityIngressCidrIp:
Type: "String"
Description: "CIDR IP range for the security group ingress."
Default: "0.0.0.0/0"
SecurityIngressFromPort:
Type: "Number"
Description: "Start of the port range for the security group ingress."
Default: 80
SecurityIngressToPort:
Type: "Number"
Description: "End of the port range for the security group ingress."
Default: 80
Resources:
ECSCluster:
Type: 'AWS::ECS::Cluster'
Properties:
ClusterName: !Ref EcsClusterName
EcsSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: ECS Security Group
VpcId: !Ref VpcId
SecurityGroupIngress:
- CidrIp: !Ref SecurityIngressCidrIp
FromPort: !Ref SecurityIngressFromPort
ToPort: !Ref SecurityIngressToPort
IpProtocol: '-1'
EcsAutoScalingGroup:
Type: 'AWS::AutoScaling::AutoScalingGroup'
Properties:
LaunchConfigurationName: !Ref EcsLaunchConfiguration
MinSize: !Ref DesiredCapacity
MaxSize: !Ref MaxSize
DesiredCapacity: !Ref DesiredCapacity
VPCZoneIdentifier: !Ref SubnetIds
Tags:
- Key: "Name"
Value: !Ref InstanceName
PropagateAtLaunch: true
SecondaryNetworkInterface:
Type: "AWS::EC2::NetworkInterface"
Properties:
SubnetId: !Select [0, !Ref SubnetIds]
PrivateIpAddresses:
-
Primary: "true"
-
Primary: "false"
PrivateIpAddress: "10.0.3.0"
GroupSet:
- !Ref EcsSecurityGroup
- !Ref DefaultSecurityGroup
AttachNetworkInterface:
Type: "AWS::EC2::InstanceNetworkInterfaceAttachment"
Properties:
InstanceId:
NetworkInterfaceId: !Ref SecondaryNetworkInterface
DeviceIndex: "1"
EcsLaunchConfiguration:
Type: 'AWS::AutoScaling::LaunchConfiguration'
Properties:
ImageId: 'ami-...'
InstanceType: !Ref InstanceType
SecurityGroups:
- !Ref EcsSecurityGroup
KeyName: !Ref KeyName
AssociatePublicIpAddress: true
SecurityGroups:
- !Ref EcsSecurityGroup
- !Ref DefaultSecurityGroup
# PrivateIpAddress: '10.9.0.0'