All Products
Search
Document Center

Elastic IP Address:Associate an EIP with a cloud resource

Last Updated:Jun 08, 2026

Associate an EIP with a cloud resource to enable internet access.

EIP supports associating with ECS instances, elastic network interfaces (ENIs), Application Load Balancer (ALB) instances, Network Load Balancer (NLB) instances, Classic Load Balancer (CLB) instances, Internet NAT gateways, and high-availability virtual IP addresses (HaVips).

Associate an EIP with an ECS instance

Associate an EIP with a VPC-type ECS instance in the same region.

Constraints:

  • Each ECS instance supports only one EIP.

  • The ECS instance must be in the Running or Stopped state, with no fixed public IP address or other EIP already associated.

  • The EIP associates in NAT mode. NAT ALG-dependent protocols are not supported.

Console

Associate an EIP

  1. Go to the Elastic IP Addresses console and select the region of the EIP.

  2. Find the target EIP, click Associate with Resource in the Actions column, select ECS Instance, then select the target instance.

Replace the EIP

Disassociate the current EIP first, then associate the new one.

Recover a released EIP

An EIP keeps its address throughout its lifecycle. If released due to expiration or overdue payment, recover it within 7 days.

API

Call AssociateEipAddress with InstanceType set to EcsInstance.

Associate EIPs with ENIs

Each ECS instance supports only one directly associated EIP. To use multiple public IPs, associate EIPs with the instance's ENIs instead.

NAT mode (multiple EIPs per ECS instance)

In NAT mode, each EIP maps to one private IP on the ENI. The maximum EIP count equals the number of private IPs on the ENI.

The number of secondary ENIs supported varies by instance type.
After attaching a secondary ENI to an ECS instance, some images may not automatically recognize the ENI IP address or add routes. If so, configure the secondary ENI manually.
In NAT mode, protocols that depend on NAT ALG are not supported. Both primary and secondary ENIs are supported.

Two approaches:

  • Multiple ENIs: Associate multiple secondary ENIs with a single ECS instance, associate one EIP with each, and associate each ENI with a different security group for fine-grained access control.

  • Multiple EIPs on a single ENI: Attach one secondary ENI, assign multiple secondary private IPs, and associate an EIP with each in NAT mode.

Console

  1. Go to the Elastic IP Addresses console and select the region of the EIP.

  2. Find the target EIP, click Associate with Resource in the Actions column, select ENI, choose NAT Mode, and select the secondary private IP to associate with.

API

Cut-through mode

In NAT mode, the EIP is invisible to the ECS OS. Cut-through mode makes the EIP visible on the secondary ENI.

  • After associating in cut-through mode, 100.64.0.0/10 (Alibaba Cloud internal services) becomes inaccessible through the ENI. Route 100.64.0.0/10 traffic to the primary ENI or another secondary ENI not in cut-through mode.

  • Cut-through mode has more restrictions. Consider EIPs with additional CIDR blocks instead: configure a public IP CIDR block as a VPC additional CIDR block, create a secondary ENI in that block, associate the EIP, and attach the ENI to the ECS instance to manage the EIP from the OS.

After attaching a secondary ENI, some images require manual ENI configuration. The system creates a route with the secondary ENI as the outbound interface at a lower priority than the primary ENI route. Adjust route priorities based on your requirements.

EIP cut-through mode (not recommended)

The EIP replaces the secondary ENI's private IP. The ENI becomes public-only and the private IP is no longer usable.

  • Only secondary ENIs are supported. The EIP can only associate with the primary private IP of the secondary ENI.

  • Associate the EIP with the ENI first, then attach the ENI to the ECS instance.

  • If a subscription EIP expires and is released, detach and reattach the secondary ENI to restore private network functionality.

  • Supported regions: China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Guangzhou), China (Chengdu), Singapore, Indonesia (Jakarta), Germany (Frankfurt), UK (London), US (Virginia), SAU (Riyadh - Partner Region).

  • All IP protocol types are supported, including NAT ALG protocols.

  • The VPC where the secondary ENI to attach resides cannot contain an IPv4 gateway.

Multi-EIP cut-through mode (no longer accepting new applications)

Both private and public IP addresses remain available on the secondary ENI. This mode is no longer accepting new applications. Existing authorized users can continue using it.

  • Only secondary ENIs are supported. Each supports up to 10 EIPs.

  • Supported regions: China (Shenzhen), China (Shanghai), China (Beijing), China (Zhangjiakou), China (Chengdu), Singapore, Germany (Frankfurt), US (Virginia), UK (London).

  • Supported instance families: ecs.d1ne, ecs.ebmc4, ecs.ebmg5, ecs.ebmhfg5, ecs.f1, ecs.gn5i, ecs.gn6v, ecs.i2, ecs.r1, ecs.re4, ecs.re4e, ecs.sccg5, ecs.sccgn6, ecs.scch5, ecs.g5, ecs.c5, ecs.r5, ecs.t5, ecs.sn2ne, ecs.se1ne, ecs.sn1ne.

  • All IP protocol types are supported, including NAT ALG protocols.

  • DHCP must be enabled on the ECS instance for this mode to take effect.

  • After association, call DescribeEipGatewayInfo to query the gateway and subnet mask of the EIP and complete the following configuration for the ECS instance: Change the gateway and subnet mask of the secondary private IP to those of the EIP.

Console

  1. Go to the Elastic IP Addresses page and select the region of the EIP.

  2. Find the target EIP, click Associate with Resource in the Actions column, select ENI, choose Cut-through Mode, and select the secondary private IP to associate with.

API

  • Call AssociateEipAddress with InstanceType set to NetworkInterface and Mode set to BINDED or MULTI_BINDED.

  • Call AssociateEipAddressBatch to associate multiple EIPs with secondary ENIs in a single request.

Associate an EIP with a NAT gateway

Associate EIPs with an Internet NAT gateway and configure SNAT rules to let multiple instances share EIPs for outbound access.

Constraints:

  • Each Internet NAT gateway supports up to 20 EIPs.

  • Since September 19, 2022, associating an EIP with a newly created Internet NAT gateway consumes a private IP from the gateway's vSwitch. Ensure the vSwitch has sufficient private IPs. Existing gateways are not affected.

Console

  1. Go to the Elastic IP Addresses page and select the region of the EIP.

  2. Find the target EIP, click Associate with Resource in the Actions column, select NAT Gateway, then select the target instance.

API

Associate an EIP with an SLB instance

Associate EIPs with SLB instances to distribute traffic across backend servers in multiple zones.

For new deployments, use ALB or NLB.

Console

ALB or NLB

The Elastic IP Addresses page does not support directly associating EIPs with ALB or NLB instances. Instead:

CLB

  1. Go to the Elastic IP Addresses page and select the region of the EIP.

  2. Find the target EIP, click Associate with Resource in the Actions column, select SLB Instance, then select the target CLB instance.

API

Action

API

Key parameter

Create an Internet-facing ALB instance

CreateLoadBalancer (ALB)

AddressType = Internet

Change an ALB instance to Internet-facing

UpdateLoadBalancerAddressTypeConfig (ALB)

AddressType = Internet

Create an Internet-facing NLB instance

CreateLoadBalancer (NLB)

AddressType = Internet

Change an NLB instance to Internet-facing

UpdateLoadBalancerAddressTypeConfig (NLB)

AddressType = Internet

Associate an EIP with a CLB instance

AssociateEipAddress

InstanceType = SlbInstance

Associate an EIP with an HaVip

HaVips implement IP failover between primary and standby servers in the same zone. Associating an EIP with an HaVip enables it to serve Internet traffic with high availability.

Constraints:

  • Apply for HaVip creation permission in the Quota Center console first. A quota of 1 means creation is enabled. Each account supports up to 50 HaVips by default.

  • Each HaVip supports only one EIP.

  • The HaVip must be in the Available or Assigned state.

Console

  1. Go to the Elastic IP Addresses page and select the region of the EIP.

  2. Find the target EIP, click Associate with Resource in the Actions column, select HaVip, then select the target instance.

API

Call AssociateEipAddress with InstanceType set to HaVip.

Disassociate an EIP from a cloud resource

Console

Find the target EIP and click Disassociate from Resources in the Actions column.

API

Call UnassociateEipAddress to disassociate an EIP from a cloud resource.

After disassociation