AWS EC2: IP Types, Metadata, User Data, Launch Steps & Global Accelerator
This post picks up where we left off on EC2, covering the concepts every AWS practitioner needs to understand before touching the console. We walk through IP addressing, instance metadata, bootstrap scripts, the seven steps to launch an EC2 instance, and a bonus deep dive into Global Accelerator.
Types of IP Addresses in AWS
There are three types of IP addresses in AWS EC2. They are:
Public IP
Private IP
Elastic IP (also written as EIP)
Note: Elastic IP can be abbreviated as EIP. Public IP and Private IP are written in full. There is no short form like PIP for them.
Private IP
Whenever you launch an EC2 instance, one IP address is assigned to it automatically by default. That IP is the Private IP.
Private IP is mandatory. Every EC2 instance will always have a Private IP, no exceptions.
Private IP addresses fall in one of three ranges:
172.x series
10.x series
192.x series
These three ranges are reserved for private use. Any IP address outside these ranges is a public IP.
When do you use the Private IP?
Within the VPC, when two EC2 instances need to talk to each other, they communicate using their Private IPs. Think of it like family members inside the same house. They do not need to go through the front gate to talk to each other.
Also, if you are connecting to AWS from your office through a VPN (Virtual Private Network), you connect using the Private IP because VPN creates a private-to-private connection.
Private IP is static. It does not change when you stop and start an instance.
Public IP
Public IP is optional. It is the IP address assigned by AWS that allows you to connect to your EC2 instance over the internet.
Public IP is dynamic. This is the important part. If you stop and start your EC2 instance, the Public IP address changes.
Here is a scenario that illustrates why this matters:
Say you give a colleague the Public IP of an EC2 instance so they can connect to it every day. A few days later, you have to stop and restart the instance for maintenance. The IP changes. Your colleague can no longer connect. They come back to you confused. You check, see the IP changed, and give them the new one. Two days later the same thing happens again. This becomes frustrating for everyone.
Public IP is assigned by AWS automatically. You do not choose it or control it.
Elastic IP
Elastic IP solves exactly the problem described above. It is a static Public IP. No matter how many times you stop and start your EC2 instance, the Elastic IP never changes.
Static IPs are expensive by nature because one IP address has to be permanently reserved for you. In everyday home internet, your ISP gives you a dynamic IP. If you want a static one, you pay extra.
AWS, however, gives you five Elastic IPs for free, with one condition: you must actually attach and use them on a running EC2 instance. If you allocate an Elastic IP and leave it idle without attaching it to anything, AWS will charge you for it. The logic is simple: AWS has a limited pool of IP addresses. If you are holding one but not using it, that is wasteful, and AWS will bill you for that waste.
So the rule is: do not create Elastic IPs unless you need them. If you do create one, attach it to an EC2 instance immediately.
Can you have multiple IP types on one instance?
| Combination | Possible? |
|---|---|
| Private IP only | Yes |
| Private IP plus Public IP | Yes |
| Private IP plus Elastic IP | Yes |
| Public IP plus Elastic IP on same instance | No, only one of them |
Summary: Three IP Types at a Glance
| Property | Public IP | Private IP | Elastic IP |
|---|---|---|---|
| Mandatory? | No | Yes | No |
| Static or Dynamic | Dynamic | Static | Static |
| Assigned by | AWS | AWS | AWS (on request) |
| Changes on stop/start | Yes | No | No |
| Internet accessible | Yes | No | Yes |
| Free | Yes | Yes | 5 free (must be in use) |
| Used for | Internet access | Internal VPC traffic, VPN | Persistent internet access |
Instance Metadata
Metadata means data about data. Instance metadata means data about your EC2 instance.
This includes information such as:
Who launched it
When it was launched
Which key pair is attached
Which security group is attached
Which AMI it was launched from
Which volumes are attached
How do you access instance metadata from the console?
Go to EC2, select your instance, and click the Details tab. Everything about that instance is visible there.
How do you access instance metadata from the CLI or command line?
You cannot open a browser in the CLI. Instead, you use a special URL. The URL is:
http://169.254.169.254/latest/meta-data
To access this from a Linux instance, use the curl command:
curl http://169.254.169.254/latest/meta-data
This is a certification question. Remember the URL: 169.254.169.254/latest/meta-data
User Data and Bootstrap Scripts
User data is the mechanism by which you provide a script to an EC2 instance at launch time.
Here is the traditional workflow without user data:
Launch the EC2 instance
Log into the EC2 instance
Download and install the application (for example, Tomcat)
Start the application
Every step is manual. Now imagine doing this across 10 machines.
With user data, you write a script that contains all those installation and configuration steps, and you paste it into the user data field during EC2 launch (this is step 7 of the launch wizard). When the instance boots up for the first time, it runs that script automatically. By the time the machine is ready, the application is already installed and running.
This is called a bootstrap script: a script that runs at boot time.
On Linux, bootstrap scripts are written in shell script. On Windows, they are written in PowerShell.
Why is this powerful?
Instead of manually installing Tomcat on 10 different machines one by one, you write the install script once, put it in the user data field, and set the desired count to 10. All 10 machines launch and configure themselves automatically. That is automation.
There is another approach: launch one EC2 instance, install everything manually, create an AMI from it, and then use that AMI to launch 10 machines. Both methods are valid and serve different use cases.
The Seven Steps to Launch an EC2 Instance
This is something that gets asked repeatedly, and for good reason. Every step maps to a concept covered over the course of learning EC2.
| Step | What You Do | Concept Covered |
|---|---|---|
| 1 | Give the instance a name | Tags |
| 2 | Choose an operating system | AMI (Amazon Machine Image) |
| 3 | Choose instance type | CPU and Memory combination (use t2.micro for free tier) |
| 4 | Choose or create a key pair | PEM file for login authentication |
| 5 | Select a security group | Inbound and outbound rules (use Default SG while learning) |
| 6 | Configure storage | EBS volumes (default root volume: 8 GB for Linux, 30 GB for Windows) |
| 7 | Instance configuration (includes VPC, subnet, user data, public IP toggle) | VPC, subnets, bootstrap scripts |
Then you click Launch.
A few things to keep in mind:
Always use t2.micro unless you have a specific reason to go higher. Anything above t2.micro will incur charges outside the free tier.
Use the Default VPC and Default Security Group while learning.
Mumbai region has three subnets by default, one for each Availability Zone.
The volume size can be increased but not decreased.
EBS volume types: GP2, GP3, IO1, IO2, SC1, ST1, and Standard.
Global Accelerator
This is an advanced topic worth understanding conceptually, even if you will not use it regularly.
The Latency Problem
Suppose your application is hosted in the Mumbai region. A user in the United States tries to access it. The request has to travel a long distance. Along the way, it passes through multiple network hops: the user's ISP, several intermediate networks, and finally reaches Mumbai. More hops mean more latency. High latency means poor performance.
One solution is CloudFront. CloudFront caches content at edge locations close to users, reducing the number of hops.
But here is a specific customer request that CloudFront cannot fulfill: "Give me a fixed IP address for your website so I can whitelist it in my firewall."
CloudFront does not give you static IPs. Your load balancer's IP can change. So what do you do?
What Global Accelerator Does
AWS Global Accelerator provides you with two static IPs that are always fixed. These IPs use anycast routing.
Understanding the difference between unicast and anycast:
Unicast: Every server has its own unique IP address.
Anycast: Multiple servers share the same IP. The request is automatically routed to the nearest server.
Global Accelerator uses anycast. AWS places Global Accelerator endpoints at edge locations around the world. When a user sends a request to your Global Accelerator IP, it gets routed to the nearest edge location first, then forwarded to your load balancer through AWS's private backbone network. This significantly reduces hops and latency compared to traffic traveling across the public internet.
Global Accelerator vs CloudFront
| Feature | CloudFront | Global Accelerator |
|---|---|---|
| Caches content | Yes | No |
| Provides static IPs | No | Yes (2 static IPs) |
| Uses edge locations | Yes | Yes |
| Protocol | HTTP/HTTPS | HTTP, HTTPS, TCP, UDP |
| Best for | Static content delivery | IP-based routing, non-HTTP traffic |
| Connected to | Your load balancer or origin | Your load balancer |
They are not competitors. Global Accelerator can sit in front of CloudFront. The chain looks like this:
User request
Global Accelerator (2 static anycast IPs)
Edge Location
Load Balancer
Application servers
Global Accelerator is not free. AWS charges approximately $18 per month. For learning purposes, understand the concept but skip creating one.
The Two Entry Points of AWS
There are two primary entry points into your AWS infrastructure:
Load Balancer (direct routing, no caching)
CloudFront (with caching via edge locations)
Both of these can have WAF (Web Application Firewall) attached to protect against attacks. And both can be fronted by Global Accelerator if static IPs are needed.
If you are building an API-based application, requests first go to the API Gateway, and from there to your backend services. If you are just doing path-based routing without APIs, requests go directly to the load balancer.
Stickiness (Session Affinity)
Before wrapping up, one concept worth noting is load balancer stickiness, also called session affinity.
Normally, a load balancer distributes each incoming request to different servers in a round-robin or weighted fashion. But consider a scenario where a user logs in and their session data is stored on Server 1. If their next request goes to Server 2, which has no knowledge of their session, they might get logged out or see incorrect data.
Stickiness solves this. You can instruct the load balancer to always send requests from a specific user to the same server for a defined period of time (for example, five minutes). This is useful for session management and cookie-based applications.
Recap: Everything Covered in This Post
There are three IP types in AWS: Public (dynamic, optional), Private (static, mandatory), Elastic (static, optional, 5 free but must be in use).
Two EC2 instances communicate with each other using Private IPs inside the VPC.
Instance metadata (data about the instance) is accessible via console Details tab or via the URL 169.254.169.254/latest/meta-data using the curl command.
User data is a bootstrap script that runs automatically at instance boot time, used for automating software installation and configuration.
Bootstrap scripts use shell script on Linux and PowerShell on Windows.
There are seven steps to launch an EC2 instance: name and tags, AMI, instance type, key pair, security group, storage, and instance configuration.
Global Accelerator provides two static anycast IPs, reduces latency through edge locations, and is used when customers need fixed IPs for firewall whitelisting.
Global Accelerator does not cache; CloudFront does.
The two entry points into AWS are the Load Balancer and CloudFront, both of which can have WAF attached.
