How to Remove a Public IP from an AWS EC2 Instance without Restart or Termination
I was doing some security upgrades when I ran into a particularly novel problem — once an instance is started, there isn’t a magical button in AWS to remove an auto-assigned public IP. Certainly, there had to be others out there who have faced a similar issue. After all, removing the public IP to a server is a surefire way to help prevent unwanted mischief from the world at large.
Of course, you could always take a snapshot, terminate the original instance, and start a new instance without a public IP, but that takes time. There’s got to be a better way, right? Well, after taking a look at what other people suggested, I was disheartened initially. Let’s see some forums weigh in on the topic:
Ok, not looking good. What about the AWS forum?
Ouch! Well looks like it can’t be done…
…But that’s not the way we do it! Who the hell do you think I am? (Sorry about the obscure reference 😂)
After a bit of struggle, here is the step-by-step process of removing an auto-assigned public IP from an AWS EC2 instance:
Instructions
Be sure to follow these steps in this exact order!
- Go to your running EC2 instance with the public IP you want to remove. Note what region and availability zone are associated with that instance.
2. On the left-hand panel, scroll and go into “Network Interfaces” under the “Network and Security” Dropdown. Once there, click “Create Network Interface.” In the description, give it a memorable name (we used “TEST 1b” in this example). For the subnet, pick a matching one for the instance from Step 1. Click “Create” to finish.
3. Next, go it elastic IPs (also under the “Network and Security” Dropdown). After you create a new elastic IP, associate it with the EC2 instance.
4. Next, go back to your running EC2. Right-click it and select “Attach Network Interface” under the “Networking” option
5. From here, attach the network interface made previously.
6. Next, disassociate the elastic IP from the instance. If done properly, the public IP should disappear.
7. Finally, detach the network interface, this will remove the second private IP that was added.
Make sure to disassociate the elastic IP first before detaching the extra network interface!
Overall this process takes only about 30 seconds as opposed to potentially an hour or more to take a snapshot and restart a new instance (not including any specific configuration that might be needed afterward!). The elastic IP and network interface can be used over and over again if you have multiple instances, you need to do this in the same availability zone. I hope you find this helpful!
