Associate an EIP with a cloud resource - Elastic IP Address

Associate an Elastic IP Address (EIP) with a cloud resource to enable the resource to communicate with the internet.

Associate a cloud resource

You can associate an EIP with the following types of cloud resources: Elastic Compute Service (ECS), Elastic Network Interface (ENI), Application Load Balancer (ALB), Network Load Balancer (NLB), Classic Load Balancer (CLB), NAT Gateway, and high-availability virtual IP address (HaVip).

Associate with an ECS instance

You can directly associate an EIP with an ECS instance that is in the same region and deployed in a virtual private cloud (VPC).

An ECS instance can be associated with only one EIP.
Before you associate the EIP, make sure that the ECS instance is in the Running or Stopped state. The ECS instance cannot be assigned a static public IP address or associated with another EIP.
An EIP is associated with an ECS instance in NAT mode. In this mode, the EIP can process only IP layer and transport-layer address and port information. Protocols that involve NAT Application Layer Gateway (ALG) are not supported.

Console

Associate an EIP with an ECS instance

Go to the Elastic IP Addresses page. In the top navigation bar, select the region where the EIP is created.
Click Bind Resource in the Actions column of the target EIP, select ECS Instance, and then select the corresponding ECS instance.

Change the EIP for an ECS instance

To change the EIP for an ECS instance, you must first disassociate the current EIP and then associate a new EIP.

Recover an EIP

An EIP provides a static IP address. However, an EIP may be released if it expires or if your account has an overdue payment. You can try to recover an EIP that was released from your account within the last seven days.

API

Call the AssociateEipAddress operation. Set InstanceType to EcsInstance to associate the EIP with an ECS instance.

Associate with an ENI to support multiple EIPs

An ECS instance can be associated with only one EIP. To deploy multiple independent services that are accessible over the internet on a single ECS instance, you can associate multiple EIPs with the ENIs of the ECS instance in NAT mode.

The number of secondary ENIs that can be attached to an ECS instance varies based on the instance type.

After a secondary ENI is attached to an ECS instance, some images cannot automatically detect the IP address of the secondary ENI and add a route. In this case, you must configure the secondary ENI.

In NAT mode, an EIP is associated with an ENI. Protocols that involve NAT ALG are not supported. You can associate EIPs with primary and secondary ENIs. The number of EIPs that can be associated depends on the number of private IP addresses that are assigned to the ENI. Each EIP is mapped to a private IP address.

Multiple ENIs: Attach multiple secondary ENIs to a single ECS instance and associate one EIP with each secondary ENI. You can associate different security groups with each ENI and configure different network isolation policies to implement fine-grained security access control.
Multiple EIPs on a single ENI: If you do not require network isolation and only need multiple EIPs to host different services, you can attach one secondary ENI to a single ECS instance. Then, assign multiple secondary private IP addresses to the secondary ENI and associate multiple EIPs with the secondary private IP addresses in NAT mode.

Console

Associate with an ENI

Go to the Elastic IP Addresses page. In the top navigation bar, select the region where the EIP is created.
Click Bind Resource in the Actions column of the target EIP, select Elastic Network Interface, and select NAT mode to attach it to the corresponding secondary private IP address.

API

Call the AssociateEipAddress operation to associate an EIP with an ENI:
- Set InstanceType to NetworkInterface.
- Set Mode to NAT.
Call the AssociateEipAddressBatch operation to associate multiple EIPs with secondary ENIs in a batch.

Associate with an ENI: Cut-through mode

In NAT mode, an EIP is mapped to the private IP address of an ENI on an ECS instance. Therefore, the operating system of the ECS instance can detect only the private IP address, not the EIP. You can associate an EIP with a secondary ENI in cut-through mode to make the EIP visible on the ENI.

Associating an EIP with a secondary ENI in cut-through mode is subject to several limitations. We recommend that you use a secondary CIDR block of a VPC to make an EIP visible on an ENI. You can configure a public CIDR block as a secondary CIDR block for a VPC, create a secondary ENI in the CIDR block, associate an EIP with the ENI, and then attach the ENI to an ECS instance. After the ENI is attached, you can manage the EIP in the operating system.

Cut-through Mode: The EIP replaces the private IP address of the secondary ENI. The secondary ENI becomes a public-facing ENI and its private IP address becomes unavailable.

You cannot associate an EIP with a primary ENI. You can associate an EIP only with the primary private IP address of a secondary ENI.
You must first associate the EIP with the secondary ENI and then attach the secondary ENI to the ECS instance.
In this mode, the private communication capability of the ENI is disabled. If a subscription EIP expires and is released, you must detach the secondary ENI from the ECS instance and then reattach it to restore the private communication capability.
Supported regions: China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Guangzhou), China (Chengdu), Singapore, Indonesia (Jakarta), Germany (Frankfurt), UK (London), and US (Virginia).
The EIP supports all IP protocol types, including protocols that involve NAT ALG.

Multi-EIP-to-ENI Mode: In this mode, both the private IP address and the public IP address of the secondary ENI are available. However, this mode is no longer available for new applications. Users who have been granted permissions can continue to use this mode.

You cannot associate EIPs with a primary ENI. You can associate up to 10 EIPs with a secondary ENI.
Supported regions: China (Shenzhen), China (Shanghai), China (Beijing), China (Zhangjiakou), China (Chengdu), Singapore, Germany (Frankfurt), US (Virginia), and UK (London).
Supported instance types: ecs.d1ne, ecs.ebmc4, ecs.ebmg5, ecs.ebmhfg5, ecs.f1, ecs.gn5i, ecs.gn6v, ecs.i2, ecs.r1, ecs.re4, ecs.re4e, ecs.sccg5, ecs.sccgn6, ecs.scch5, ecs.g5, ecs.c5, ecs.r5, ecs.t5, ecs.sn2ne, ecs.se1ne, and ecs.sn1ne.
The EIP supports all IP protocol types, including protocols that involve NAT ALG.

Console

Associate with an ENI

Go to the Elastic IP Addresses page. In the top navigation bar, select the region where the EIP is created.
Click Bind Resource in the Actions column of the target EIP, select Elastic Network Interface, select cut-through mode, and then associate the EIP with the corresponding secondary private IP address.

API

Call the AssociateEipAddress operation to associate an EIP with an ENI:
- Set InstanceType to NetworkInterface.
- Set Mode to BINDED or MULTI_BINDED.
Call the AssociateEipAddressBatch operation to associate multiple EIPs with secondary ENIs in a batch.

Associate with a NAT gateway: Centralized egress

If you have multiple ECS instances that need to access the internet, configuring an EIP for each instance increases costs. You can use the SNAT feature of a NAT Gateway to allow multiple ECS instances to share EIPs to access the internet. This reduces costs, improves security by hiding the private IP addresses of the instances, and restricts inbound connections.

A NAT Gateway supports up to 20 EIPs.
Starting from September 19, 2022, when you associate an EIP with a newly created NAT gateway, a private IP address is used from the vSwitch of the NAT gateway. Existing NAT gateway instances are not affected. Ensure that the vSwitch of the NAT gateway has sufficient private IP addresses.

Console

Associate with an ENI

Go to the Elastic IP Addresses page. In the top navigation bar, select the region where the EIP is created.
Click Bind Resource in the Actions column of the target EIP, select NAT Gateway Instance, and then select the corresponding public NAT Gateway instance.

API

Call the AssociateEipAddress operation. Set InstanceType to Nat to associate the EIP with a NAT gateway.
Call the AssociateEipAddressBatch operation to associate multiple EIPs with a NAT gateway in a batch.

Associate with a load balancer: Centralized ingress

We recommend that you use ALB and NLB. You can add backend servers in different zones to an ALB or NLB instance. The ALB or NLB instance distributes traffic to the backend servers to increase the throughput of your application, eliminate single points of failure (SPOFs), and improve availability.

Console

Associate with an ALB or NLB instance

You cannot associate an EIP with an ALB or NLB instance on the Elastic IP Addresses page.

Associate an EIP when you create an instance: Go to the ALB purchase page or the NLB purchase page, and create an ALB instance or NLB instance of the Internet network type.
Change the network type of the instance: Go to the ALB list page or the NLB list page and select the region of the instance from the top menu bar. Click the ID of the target instance to go to the details page and change the Network Type to Internet.

Associate with a CLB instance

Go to the Elastic IP Addresses page. In the top navigation bar, select the region where the EIP is created.
Click Bind Resource in the Actions column of the target EIP, select Server Load Balancer (SLB) Instance, and then select the corresponding CLB instance.

API

Call the CreateLoadBalancer operation. Set AddressType to Internet to create a public-facing ALB instance.
Call the UpdateLoadBalancerAddressTypeConfig operation. Set AddressType to Internet to change the network type of an ALB instance to public-facing.
Call the CreateLoadBalancer operation. Set AddressType to Internet to create a public-facing NLB instance.
Call the UpdateLoadBalancerAddressTypeConfig operation. Set AddressType to Internet to change the network type of an NLB instance to public-facing.
Call the AssociateEipAddress operation. Set InstanceType to SlbInstance to associate an EIP with a CLB instance.

Associate with an HaVip: IP drift

You can use the HaVip feature to ensure that the service IP address remains unchanged during an active-standby switchover between servers in the same zone. After you associate an EIP with an HaVip, the HaVip can provide highly available services over the internet using the EIP.

Before you can use an HaVip, you must apply for the permission to create HaVips in the Quota Center console. After the application is approved, the quota is displayed as 1. By default, you can create up to 50 HaVips per account.
An HaVip can be associated with only one EIP.
The HaVip must be in the Available or Assigned state.

Console

Associate with an HaVip

Go to the Elastic IP Addresses page. In the top navigation bar, select the region where the EIP is created.
Click Bind Resource in the Actions column of the target EIP, select High-availability Virtual IP, and then select the corresponding HaVip instance.

API

Call the AssociateEipAddress operation. Set InstanceType to HaVip to associate an EIP with an HaVip.

Disassociate a cloud resource

After you disassociate a pay-as-you-go EIP from a resource, you are still charged configuration fees for the EIP. If you no longer need the EIP, we recommend that you release it.
After you disassociate a subscription EIP from a resource, you can directly unsubscribe from it if you no longer need it.

Console

Click Detach Resource in the Actions column of the target EIP.

API

Call the UnassociateEipAddress operation to disassociate an EIP from a cloud resource.