AWS EC2 Secondary Private IPs on Debian 9 (Squeeze)

I use this script to automatically bind AWS EC2 “Secondary Private IP” addresses to my Debian 9 (Squeeze) instance. I set a cron job to run this script several times per hour so that new IP addresses are automatically added to the instance.

Prerequisites

  1. The EC2 instance is running Debian 9 (Squeeze). Script may also work with Ubuntu 17.04 or upcoming Ubuntu 17.10.
  2. The EC2 instance has a single interface (eth0) with one or more “Secondary Private IP” addresses configured in the AWS EC2 console.
#!/bin/bash
# Automatically Bind AWS EC2 Secondary Private IPs to this instance
# Source: Jason Klein
# https://jrklein.com/2017/08/19/aws-ec2-secondary-private-ips-on-debian-9-squeeze/
MAC_ADDR=$(/sbin/ifconfig eth0 | sed -n 's/.*ether \([a-f0-9:]*\).*/\1/p')
IP=($(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/$MAC_ADDR/local-ipv4s))
DATE=`date "+%Y/%m/%d %H:%M:%S"`

echo "$DATE MAC $MAC_ADDR"

for ip in ${IP[@]:1}; do
  ipaddr=`ip addr show dev eth0 | grep "inet $ip"`
  if [ -z "$ipaddr" ]; then
    echo "$DATE IP $ip ADDING"
    ip addr add dev eth0 $ip/20
  else
    echo "$DATE IP $ip OK"
  fi
done
echo "$DATE DONE"

How does this script work?

  1. Parse ethernet mac address from output of “ifconfig eth0”
  2. Request list of local IPv4 addresses configured for this interface in AWS console.
  3. Loop through IP addresses. Ignore first address (e.g. primary address) since it is automatically bound via DHCP.
  4. If IP address has not been bound to eth0 interface, bind IP address.

Sample Cron Job

Save the following to a new file in the /etc/cron.d/ directory. This will bind secondary IP addresses 15 seconds after a reboot, and check for any new secondary IP addresses every 15 minutes. Adjust path to your script and path to your log file as necessary.

# Automatically Bind AWS EC2 Secondary Private IPs to this instance
@reboot root sleep 15 && /usr/local/sbin/aws-ips.sh 2>&1 >> /var/log/cron-aws-ips.log
*/15 * * * * root /usr/local/sbin/aws-ips.sh 2>&1 >> /var/log/cron-aws-ips.log

Sample Log Output

This shows the IP addresses were successfully added during boot, and checked during the 15 minute cron job interval.

2017/08/19 23:34:21 MAC f3:3d:00:00:b3:ef
2017/08/19 23:34:21 IP 172.31.2.2 ADDING
2017/08/19 23:34:21 IP 172.31.2.3 ADDING
2017/08/19 23:34:21 IP 172.31.2.4 ADDING
2017/08/19 23:34:21 DONE
2017/08/19 23:45:01 MAC f3:3d:00:00:b3:ef
2017/08/19 23:45:01 IP 172.31.2.2 OK
2017/08/19 23:45:01 IP 172.31.2.3 OK
2017/08/19 23:45:01 IP 172.31.2.4 OK
2017/08/19 23:45:01 DONE

Acknowledgements

Based on this article posted by Jurian in 2012. His solution appeared to be based on Debian 7 (wheezy) or Debian 8 (Jesse) and was easily modified to correctly parse the new “ifconfig” output in Debian 9 (Squeeze) due to major changes in “net-tools” package. Added check for existing bindings so that I could safely run this in a cron job.

Leave a Reply

Your email address will not be published. Required fields are marked *