AWS Private IP vs Public IP vs Elastic IP
When you start working with AWS - especially with EC2 instances - one of the most confusing topics is IP addressing. You launch a server, and suddenly you see Private IP, Public IP, and sometimes something called an Elastic IP.
Understanding the difference between these three is critical if you’re preparing for AWS certifications, working in DevOps, or building production infrastructure.
Private IP is used for internal communication inside a VPC, Public IP allows internet access, and Elastic IP is a static public IP you control and can remap.
Let’s break everything down simply and practically.
1️⃣ What is a Private IP in AWS?
A Private IP address is assigned to an EC2 instance within a VPC (Virtual Private Cloud). It is used for internal communication between resources inside the AWS network.
Private IPs:
Are assigned from your VPC CIDR block (e.g., 10.0.0.0/16)
Cannot be accessed directly from the internet
Remain with the instance for its lifetime
Are used for backend communication (e.g., app server → database)
Example
If you launch two EC2 instances in the same VPC:
Instance A: 10.0.1.10
Instance B: 10.0.1.20
They can communicate using these private IPs without going over the internet.
When to Use Private IP
Connecting application servers to databases
Internal microservices communication
Backend-only systems
Secure internal networking
In real-world production setups, databases like RDS are accessed only via private IPs for security.
2️⃣ What is a Public IP in AWS?
A Public IP address allows your EC2 instance to communicate with the internet.
Public IPs:
Are assigned automatically (if enabled)
Change when you stop and start the instance
Allow inbound/outbound internet traffic
Are mapped to the instance’s private IP
If your EC2 instance is in a public subnet and has an Internet Gateway attached to the VPC, it can receive a public IP.
Example
You launch a web server:
Private IP: 10.0.1.15
Public IP: 3.110.45.123
Users access your website via the public IP.
Important Limitation
If you:
Stop the instance
Start it again
The public IP changes.
This is a big problem for production systems.
3️⃣ What is an Elastic IP (EIP)?
An Elastic IP is a static public IP address that you allocate manually and attach to your EC2 instance.
Unlike regular public IPs:
It does NOT change when you stop/start the instance
It belongs to your AWS account
You can remap it to another instance
Elastic IP solves the “changing public IP” problem.
Why “Elastic”?
Because you can:
Detach it from one instance
Attach it to another instance instantly
This is useful in:
Disaster recovery
Failover setups
Production environments
Quick Comparison Table
| Feature | Private IP | Public IP | Elastic IP |
| Internet Accessible | ❌ No | ✅ Yes | ✅ Yes |
| Static | ✅ Yes | ❌ No | ✅ Yes |
| Used For | Internal communication | Basic internet access | Production-grade public access |
| Changes on Restart | ❌ No | ✅ Yes | ❌ No |
| Extra Cost | ❌ No | ❌ No | ⚠️ Yes (if unused) |
Real-World Use Case Example
Let’s say you're deploying a production application:
Load Balancer → Public access
EC2 App Servers → Private IP only
RDS Database → Private IP only
In some cases:
You attach an Elastic IP to a Bastion Host
Or attach an Elastic IP to a production EC2 server
This setup improves both security and reliability.
Cost Considerations (Important)
Elastic IPs are free only when attached to a running instance.
AWS charges you if:
You allocate an Elastic IP, but don’t use it
You attach more than one Elastic IP per instance (in some cases)
Always release unused Elastic IPs to avoid charges.
Security Perspective
Best practice in AWS architecture:
❌ Never expose databases with a public IP
❌ Avoid unnecessary public IP assignments
✅ Use private subnets for backend services
✅ Use Elastic IP only when you truly need static public access
Security Groups and NACLs still control traffic regardless of IP type.
Final Thoughts
Understanding Private, Public, and Elastic IPs is foundational for AWS networking.
If you remember just one thing:
Private IP → Internal communication
Public IP → Temporary internet access
Elastic IP → Permanent public identity
Once you master this, VPC architecture becomes much easier to design and troubleshoot.
Happy Learning 🚀
