- Newest
- Most votes
- Most comments
If you are using public IPv4 addresses, and not Elastic IP addresses you will lose the IP if the instance is stopped. See the following about releasing public IPs from EC2 instances:
- We release your instance's public IP address when it is stopped, hibernated, or terminated. Your stopped or hibernated instance receives a new public IP address when it is started.
- We release your instance's public IP address when you associate an Elastic IP address with it. When you disassociate the Elastic IP address from your instance, it receives a new public IP address.
- If the public IP address of your instance in a VPC has been released, it will not receive a new one if there is more than one network interface attached to your instance.
- If your instance's public IP address is released while it has a secondary private IP address that is associated with an Elastic IP address, the instance does not receive a new public IP address. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
You are most likely losing SSM Manager access when the public IP is lost. SSM requires either internet access to reach the service, or VPC Endpoints/PrivateLink if there is no internet access. https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html
For the NLB issue it sounds like you may be using the wrong port, protocol, or have a security group blocking the request. Check out this article on things to look for with failed health checks. https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-troubleshooting.html
Hello.
1]We are loosing SSM manager access too. Is there any way to prevent this.
There may be a problem with the network interface settings on the OS side.
If you check the EC2 system log, there may be some error logs output.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/troubleshoot-unreachable-instance.html#instance-console-console-output
2]If we configure NLB for such EC2 instance where apache is installed our targets are unhealthy. Is this because of multiple ENI's?
Are you listening on the port number used for NLB health checks in EC2?
Also, are the necessary communications allowed in the EC2 security group?
Thank you @ Riku_Kobayashi for your reply We have added necessary port number and details in SG. we are just implementing basic scenario, where apache is running on EC2 instance. Here, problem is we have few ENI's which are not having EIP and few ENI's are having EIP.
If I have only one ENI with one EIP then my health check is working.
By Default apache is listening on all ethernet Listen 80 this is mentioned in the official document.
Sounds like a IP routing issue on the server when you have more than one ENI.
All return packets take the default route.
Relevant content
- asked 5 years ago
AWS OFFICIALUpdated 6 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 3 months ago
Thanks for this reply. yes, we are using EIP for few ENI's or interface. I am just confused here is like I have other interface attached to same EC2 which is having EIP in this case it should have internet access. there are 4 different ENI's attached to EIP.