By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cannot associate the Elastic IP address with a Network interface

0

I created an Elastic IP address, but when I am trying to associate the Elastic IP address with a Network interface, there was an error that says: "Elastic IP address could not be associated. Elastic IP address xx.xx.xx.xx: You do not have permission to access the specified resource.", although my AWS account has Administrator Access permission. There is a note that my subnets are public ones, is it an issue?

Another question, in order to convert a public subnet to a private subnet, do we only need to remove the Internet gateways from Route tables? Thanks in advance.

Topics
Networking & Content DeliveryCompute
Tags
Amazon VPCAmazon EC2
Language
English
rePost-User-3071397
asked 6 months ago438 views
2 Answers
0

Hello.

Usually that error can occur if you don't have enough privileges to associate an Elastic IP.
Please make sure that the IAM policy described in the following document is attached to the IAM user you are using.
https://repost.aws/knowledge-center/ec2-troubleshoot-elastic-ip-addresses

Another question, in order to convert a public subnet to a private subnet, do we only need to remove the Internet gateways from Route tables? Thanks in advance.

Yes, to make it a private subnet you need to remove the route to the internet gateway from your route table.

profile picture
EXPERT
Riku_Kobayashi
answered 6 months ago
profile picture
EXPERT
Gary Mclean
reviewed 6 months ago
  • rePost-User-3071397
    6 months ago

    Thank you for your help. I tried to add the following policy to my user but it does not still work: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AllocateAddress", "ec2:AssociateAddress" ], "Resource": "*" } ] }

    Any suggestion on this?

  • Riku_Kobayashi EXPERT
    6 months ago

    Which resource is the ENI you are trying to configure Elastic IP associated with? As @Kallu says, if your account is an unmanaged ENI, the configuration may fail.

0

Are you sure the network interface you try to attach EIP to, is from your instances you control, or could it be deployled by some AWS managed services like EFS that provision interfaces into your VPC but you still can not modify those.

profile picture
EXPERT
Kallu
answered 6 months ago
  • rePost-User-3071397
    6 months ago

    The network interface is from my ECS task which is provisioned by terraform. The issue is that its subnets are public so the ECS task has it owns public IP. Now I would like to associate the network interface with an Elastic IP address I created. But unfortunately, I got that error.

  • Kallu EXPERT
    6 months ago

    I think ENIs you are trying to modify are ones created by ECS. And therefore you can not modify them.

    See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking-awsvpc.html

    These ENIs are visible in the Amazon EC2 console for your account, but they can't be detached manually or modified by your account. This is to prevent accidental deletion of an ENI that is associated with a running task.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content