A few words about Public IP addressing in AWS (or: “Why can’t you tell me what all our public IPs are?”)
I had a question today from one of my non-cloud-enabled coworkers. They got a request about a list of certain Public IPs that traced back to one of our 90+ AWS accounts. He was a quite taken back when I told him I could not just reference a list of IP addresses and tell him what systems they belonged to. Here is how I explained it:
There are two types of public IPs available in AWS: durable and poolable.
Durable Public IPs are called “Elastic IPs” or simply “EIPs”. These are what you think of in most networking situations: a static address that doesn’t change. These are not free (you pay for the privilege to use them) but they never change so you can put them out directly and know they are production worthy.
Pooled Public IPs are exactly like DHCP-served internal addresses in your network (Public VPC). They have a lease time and will be recycled. AWS adds some stability by promising that the IP wont lease out UNTIL your machine is powered off, so there is that. These are most often used in DEV/INT situations where you need to test with an external partner over public internet.
Here is where things get tricky. Almost all AWS services that offer public availability only use pooled IPs. I can hear you now: “How can that be production stable?” AWS gets around this by providing you a CNAME that they host in their public DNS, and when IPs change on the back end, they update your CNAME. What they expect you to do is have an alias in YOUR DNS that points to their CNAME, thus providing production-worthy access. This is all related to how they do load balancing in the shared responsibility model, and IPs can change hourly if they need them to...