7

I think the answer is no, but I want to make sure that I'm not missing anything. Is it possible for an EC2 instance to have IP addresses in more than one VPC at the same time?

I tried creating 2 VPCs, and then two network interfaces, one in each VPC, but it seems it's not possible to attach them to the same EC2 instance because it's not possible to attach them to an instance that's not on that VPC, is this correct?

For example, I create vpc1 and eni1 (network interface) in vpc1. Then I create vpc2 and eni2 in vpc2. Then I create ec21 (an EC2 instance) and put it in vpc1 with eni1 as its network interface. When I open eni2 and I select attach, I can't select ec21, it says:

No running or stopped instances in us-esat-1f in vpc2.

Pablo Fernandez
  • 7,648

2 Answers2

9

Update: since Oc. 26, 2023, it's now possible with Multi-VPC ENI Attachments.

No, that is not possible

Network interfaces can only be attached to instances in the same VPC as the interface.

Amazon VPC FAQs

Your ec2 instance is bound to the VPC of its primary network interface. If you want cross VPC connection you need to setup VPC peering or VPN.

A ec2 instance can have multiple network interfaces in multiple subnets but they must all be in the same VPC.

didxga
  • 103
Henrik Pingel
  • 9,965
0

I've just confirmed that this is doable now, as long as the two VPCs you're trying to multi-home with are from the same account and availability zone.

You can launch an EC2 instance in one VPC and attach a secondary ENI from another VPC (but in the same Availability Zone) to the instance. This enables you to create multi-homed instances across VPCs with different networking and security configurations. You cannot create multi-homed instances across VPCs across different AWS accounts. (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/scenarios-enis.html#creating-dual-homed-instances-with-workloads-roles-on-distinct-vpcs)

UI Quirk (Nov 2023): I tried to use the "Attach ENI" feature of the Web Console UI to add a nic from a different VPC to an existing instance, and it wouldn't let me pick the ENI I wanted (despite the ENI being available, in the same account, and same AZ) -- it only let me choose ENIs from the same primary VPC as the first nic on the instance. I think that's just a Web UI limitation.

You can work around it in the web UI by creating a launch template, in which you add two network interfaces, and those interfaces CAN be from different VPC, no problem. If you launch an instance from that template, it will get (depending on your config) an address from both vpcs respective subnets.

I suspect that if you go about it from the terminal (using aws-cli), you can bypass this quirk and modify your existing instances too (in addition to launching new ones). But I've not confirmed.

init_js
  • 241