How do I change or retain my IP address when I run Amazon EC2 restore in AWS Backup?

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Reassociate your Elastic IP address to the restored EC2 instance

To reassociate the original Elastic IP address to the restored instance, you can use the Amazon EC2 console.

Or, run the following associate-address AWS CLI command:

aws ec2 associate-address --instance-id i-07ffe74c7330ebf53 --public-ip 198.51.100.20

Note: Replace instance-id with your instance ID and public-ip with your IP address ID.

The instance then maintains the Elastic IP address after you stop and start your instance.

Retain a private IP address to the restored EC2 instance

Note: If you're using a private IP address for an instance, then you can't retain the private IP address for a different instance. For more information, see the Resource.AlreadyAssigned error on the client error codes for specific actions table.

To retain a private IP address, complete the following steps:

1. Run the following get-recovery-point-restore-metadata command:

   aws backup get-recovery-point-restore-metadata --backup-vault-name Default --recovery-point-arn arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa

   Note: Replace backup-vault-name with your vault's name and recovery-point-arn with your recovery point's Amazon Resource Name (ARN).
   Example output:

   {    "BackupVaultArn": "arn:aws:backup:eu-south-1:111111111111:backup-vault:Default",  
       "RecoveryPointArn": "arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa",  
       "RestoreMetadata": {  
           "CapacityReservationSpecification": "{\"CapacityReservationPreference\":\"open\"}",  
           "CpuOptions": "{\"CoreCount\":1,\"ThreadsPerCore\":1}",  
           "CreditSpecification": "{\"CpuCredits\":\"standard\"}",  
           "DisableApiTermination": "false",  
           "EbsOptimized": "false",  
           "HibernationOptions": "{\"Configured\":false}",  
           "InstanceInitiatedShutdownBehavior": "stop",  
           "InstanceType": "t2.micro",  
           "Monitoring": "{\"State\":\"disabled\"}",  
           "NetworkInterfaces": "[{\"AssociatePublicIpAddress\":true,\"DeleteOnTermination\":true,\"Description\":\"\",\"DeviceIndex\":0,\"Groups\":[\"sg-abc123\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-08e89a5a35a5495fe\",\"PrivateIpAddress\":\"172.16.1.5\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"172.16.1.5\"}],\"SecondaryPrivateIpAddressCount\":0,\"SubnetId\":\"subnet-0987\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":[],\"Ipv6Prefixes\":[]}]",  
           "Placement": "{\"AvailabilityZone\":\"eu-south-1b\",\"GroupName\":\"\",\"Tenancy\":\"default\"}",  
           "RequireIMDSv2": "true",  
           "SecurityGroupIds": "[\"sg-abc123\"]",  
           "SubnetId": "subnet-0987",  
           "VpcId": "vpc-0987",  
           "aws:backup:request-id": "caf1f9d4-abcd-4685-87ce-20c96c99c79c"  
       }  
   }

2. Manually edit the output to retain the original PrivateIpAddress. Or, change the Primary PrivateIpAddress to a different PrivateIpAddress in the NetworkInterfaces metadata field.
   The following example output retains the original PrivateIpaddress:

   {  "Architecture": "x86_64",
   ...
     "NetworkInterfaces": "[{\"DeleteOnTermination\":true,\"Description\":\"Primary network interface\",\"DeviceIndex\":0,\"Groups\":[\"sg-abc123\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"172.16.1.5\"}],\"SubnetId\":\"subnet-0987\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":[],\"Ipv6Prefixes\":[]}]",
     "Placement": "{\"AvailabilityZone\":\"eu-south-1b\",\"GroupName\":\"\",\"Tenancy\":\"default\"}",
     "RequireIMDSv2": "false",
     "RootDeviceType": "ebs",
     "VirtualizationType": "hvm",
     "VpcId": "vpc-xyz123",
     "aws:backup:request-id": "caf1f9d4-abcd-4685-87ce-20c96c99c79c"
   }

3. To create a script to edit the metadata, run the following get-recovery-point-restore-metadata command:

   aws backup get-recovery-point-restore-metadata --backup-vault-name Default --recovery-point-arn arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa | jq '.RestoreMetadata | del (.SecurityGroupIds, .SubnetId)' | jq '.NetworkInterfaces = (.NetworkInterfaces | fromjson | map(. + { Description: "Primary network interface" }) | map(del(.NetworkInterfaceId, .SecondaryPrivateIpAddressCount, .AssociatePublicIpAddress, .PrivateIpAddress)) | @json) ' > restore.json

   Note: Replace backup-vault-name with your vault's name and recovery-point-arn with your recovery point's ARN.

4. To restore the instance with the private IP address, run the start-restore-job command:

   aws backup start-restore-job --region eu-south-1 --recovery-point-arn arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa --idempotency-token examplerestore --iam-role-arn "arn:aws:iam::111111111111:role/service-role/AWSBackupDefaultServiceRole" --metadata file://restore.json

   Note: Replace backup-vault-name with your vault's name and recovery-point-arn with your recovery point's ARN.

Related information

Restore an Amazon EC2 instance

Amazon EC2 instance IP addressing

How can I restore an Amazon EC2 instance from an AWS Backup recovery point using the AWS CLI?