Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I change or retain my IP address when I run Amazon EC2 restore in AWS Backup?

3 minute read
0

I want to change or retain my private or public IP address during an Amazon Elastic Compute Cloud (Amazon EC2) restore in AWS Backup.

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Reassociate your Elastic IP address to the restored EC2 instance

To reassociate the original Elastic IP address to the restored instance, you can use the Amazon EC2 console.

Or, run the following associate-address AWS CLI command:

aws ec2 associate-address --instance-id i-07ffe74c7330ebf53 --public-ip 198.51.100.20

Note: Replace instance-id with your instance ID and public-ip with your IP address ID.

The instance then maintains the Elastic IP address after you stop and start your instance.

Retain a private IP address to the restored EC2 instance

Note: If you're using a private IP address for an instance, then you can't retain the private IP address for a different instance. For more information, see the Resource.AlreadyAssigned error on the client error codes for specific actions table.

To retain a private IP address, complete the following steps:

  1. Run the following get-recovery-point-restore-metadata command:

    aws backup get-recovery-point-restore-metadata --backup-vault-name Default --recovery-point-arn arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa

    Note: Replace backup-vault-name with your vault's name and recovery-point-arn with your recovery point's Amazon Resource Name (ARN).
    Example output:

    {    "BackupVaultArn": "arn:aws:backup:eu-south-1:111111111111:backup-vault:Default",  
    "RecoveryPointArn": "arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa",  
    "RestoreMetadata": {  
        "CapacityReservationSpecification": "{\"CapacityReservationPreference\":\"open\"}",  
        "CpuOptions": "{\"CoreCount\":1,\"ThreadsPerCore\":1}",  
        "CreditSpecification": "{\"CpuCredits\":\"standard\"}",  
        "DisableApiTermination": "false",  
        "EbsOptimized": "false",  
        "HibernationOptions": "{\"Configured\":false}",  
        "InstanceInitiatedShutdownBehavior": "stop",  
        "InstanceType": "t2.micro",  
        "Monitoring": "{\"State\":\"disabled\"}",  
        "NetworkInterfaces": "[{\"AssociatePublicIpAddress\":true,\"DeleteOnTermination\":true,\"Description\":\"\",\"DeviceIndex\":0,\"Groups\":[\"sg-abc123\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-08e89a5a35a5495fe\",\"PrivateIpAddress\":\"172.16.1.5\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"172.16.1.5\"}],\"SecondaryPrivateIpAddressCount\":0,\"SubnetId\":\"subnet-0987\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":[],\"Ipv6Prefixes\":[]}]",  
        "Placement": "{\"AvailabilityZone\":\"eu-south-1b\",\"GroupName\":\"\",\"Tenancy\":\"default\"}",  
        "RequireIMDSv2": "true",  
        "SecurityGroupIds": "[\"sg-abc123\"]",  
        "SubnetId": "subnet-0987",  
        "VpcId": "vpc-0987",  
        "aws:backup:request-id": "caf1f9d4-abcd-4685-87ce-20c96c99c79c"  
    }  
}

  2. Manually edit the output to retain the original PrivateIpAddress. Or, change the Primary PrivateIpAddress to a different PrivateIpAddress in the NetworkInterfaces metadata field.
    The following example output retains the original PrivateIpaddress:

    {  "Architecture": "x86_64",
...
  "NetworkInterfaces": "[{\"DeleteOnTermination\":true,\"Description\":\"Primary network interface\",\"DeviceIndex\":0,\"Groups\":[\"sg-abc123\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"172.16.1.5\"}],\"SubnetId\":\"subnet-0987\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":[],\"Ipv6Prefixes\":[]}]",
  "Placement": "{\"AvailabilityZone\":\"eu-south-1b\",\"GroupName\":\"\",\"Tenancy\":\"default\"}",
  "RequireIMDSv2": "false",
  "RootDeviceType": "ebs",
  "VirtualizationType": "hvm",
  "VpcId": "vpc-xyz123",
  "aws:backup:request-id": "caf1f9d4-abcd-4685-87ce-20c96c99c79c"
}

  3. To create a script to edit the metadata, run the following get-recovery-point-restore-metadata command:

    aws backup get-recovery-point-restore-metadata --backup-vault-name Default --recovery-point-arn arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa | jq '.RestoreMetadata | del (.SecurityGroupIds, .SubnetId)' | jq '.NetworkInterfaces = (.NetworkInterfaces | fromjson | map(. + { Description: "Primary network interface" }) | map(del(.NetworkInterfaceId, .SecondaryPrivateIpAddressCount, .AssociatePublicIpAddress, .PrivateIpAddress)) | @json) ' > restore.json

    Note: Replace backup-vault-name with your vault's name and recovery-point-arn with your recovery point's ARN.

  4. To restore the instance with the private IP address, run the start-restore-job command:

    aws backup start-restore-job --region eu-south-1 --recovery-point-arn arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa --idempotency-token examplerestore --iam-role-arn "arn:aws:iam::111111111111:role/service-role/AWSBackupDefaultServiceRole" --metadata file://restore.json

    Note: Replace backup-vault-name with your vault's name and recovery-point-arn with your recovery point's ARN.

Related information

Restore an Amazon EC2 instance

Amazon EC2 instance IP addressing

How can I restore an Amazon EC2 instance from an AWS Backup recovery point using the AWS CLI?

Topics
Storage
Tags
AWS Backup
Language
English
AWS OFFICIALUpdated 3 months ago
4 Comments

Editing the serialized part of the metadata wasn't straightforward so I come up with this command:

aws backup get-recovery-point-restore-metadata --backup-vault-name Default --recovery-point-arn arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa | jq '.RestoreMetadata | del (.SecurityGroupIds, .SubnetId)' | jq '.NetworkInterfaces = (.NetworkInterfaces | fromjson | map(. + { Description: "Primary network interface" }) | map(del(.NetworkInterfaceId,  .SecondaryPrivateIpAddressCount, .AssociatePublicIpAddress, .PrivateIpAddress)) | @json) ' > restore.json

What this command does:

  • extracts RestoreMetadata
  • removes from it the fields SecurityGroupIds and SubnetId
  • then deserialize and replaces the content of NetworkInterfaces removing NetworkInterfaceId, SecondaryPrivateIpAddressCount, AssociatePublicIpAddress and PrivateIpAddress
  • serializes NetworkInterfaces and creates the json file for the restore job:
aws backup start-restore-job --region eu-south-1 --recovery-point-arn arn:aws:ec2:eu-south-1::image/ami-001a2a3a4a00005aa --iam-role-arn "arn:aws:iam::123412341234:role/service-role/AWSBackupDefaultServiceRole" --metadata file://restore.json

YMMV: for example this might not work if the primary ENI has two private addresses.

replied 2 years ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

AWS
EXPERT
replied 2 years ago

The Private IP Address should be retained.

In the step1, PrivateIpAddress is 172.16.1.5.

In the step2, PrivateIpAddress is 172.16.2.5.

AWS
replied 2 years ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

AWS
MODERATOR
replied 2 years ago

Relevant content