# Configuring Amazon Virtual Private Cloud (Amazon VPC) with Elastic Beanstalk
[Amazon Virtual Private Cloud](https://docs.amazonaws.cn/vpc/latest/userguide/) (Amazon VPC) is the networking service that routes traffic securely to the EC2 instances that run your application in Elastic Beanstalk. If you don't configure a VPC when you launch your environment, Elastic Beanstalk uses the default VPC.
You can launch your environment in a custom VPC to customize networking and security settings. Elastic Beanstalk lets you choose which subnets to use for your resources, and how to configure IP addresses for the instances and load balancer in your environment. An environment is locked to a VPC when you create it, but you can change subnet and IP address settings on a running environment.
## Configuring VPC settings in the Elastic Beanstalk console
If you chose a custom VPC when you created your environment, you can modify its VPC settings in the Elastic Beanstalk console.
**To configure your environment's VPC settings**
1. Open the [Elastic Beanstalk console](https://console.amazonaws.cn/elasticbeanstalk), and in the **Regions** list, select your Amazon Web Services Region.
1. In the navigation pane, choose **Environments**, and then choose the name of your environment from the list.
1. In the navigation pane, choose **Configuration**.
1. In the **Network** configuration category, choose **Edit**.
The following settings are available.
**Topics**
+ [
### VPC
](#environments-cfg-vpc-console-vpc)
+ [
### Load balancer visibility
](#environments-cfg-vpc-console-lbvisibility)
+ [
### Load balancer subnets
](#environments-cfg-vpc-console-lbsubnets)
+ [
### Instance public IP address
](#environments-cfg-vpc-console-ec2ip)
+ [
### Instance subnets
](#environments-cfg-vpc-console-ec2subnets)
+ [
### Database subnets
](#environments-cfg-vpc-console-dbsubnets)
### VPC
Choose a VPC for your environment. You can only change this setting during environment creation.
![\[VPC section in the Modify network configuration page on the Elastic Beanstalk console\]](http://docs.amazonaws.cn/en_us/elasticbeanstalk/latest/dg/images/environments-cfg-vpc-console-vpc.png)
### Load balancer visibility
For a load-balanced environment, choose the load balancer scheme. By default, the load balancer is public, with a public IP address and domain name. If your application only serves traffic from within your VPC or a connected VPN, deselect this option and choose private subnets for your load balancer to make the load balancer internal and disable access from the Internet.
### Load balancer subnets
For a load-balanced environment, choose the subnets that your load balancer uses to serve traffic. For a public application, choose public subnets. Use subnets in multiple availability zones for high availability. For an internal application, choose private subnets and disable load balancer visibility.
![\[Load balancer settings section in the Modify network configuration page on the Elastic Beanstalk console\]](http://docs.amazonaws.cn/en_us/elasticbeanstalk/latest/dg/images/environments-cfg-vpc-console-lb.png)
### Instance public IP address
If you choose public subnets for your application instances, enable public IP addresses to make them routable from the Internet.
### Instance subnets
Choose subnets for your application instances. Choose at least one subnet for each availability zone that your load balancer uses. If you choose private subnets for your instances, your VPC must have a NAT gateway in a public subnet that the instances can use to access the Internet.
![\[Instance settings section in the Modify network configuration page on the Elastic Beanstalk console\]](http://docs.amazonaws.cn/en_us/elasticbeanstalk/latest/dg/images/environments-cfg-vpc-console-ec2.png)
### Database subnets
When you run an Amazon RDS database attached to your Elastic Beanstalk environment, choose subnets for your database instances. For high availability, make the database multi-AZ and choose a subnet for each availability zone. To ensure that your application can connect to your database, run both in the same subnets.
## The aws:ec2:vpc namespace
You can use the configuration options in the `aws:ec2:vpc` namespace to configure your environment's network settings.
The following [configuration file](ebextensions.md) uses options in this namespace to set the environment's VPC and subnets for a public-private configuration. In order to set the VPC ID in a configuration file, the file must be included in the application source bundle during environment creation. See [Setting configuration options during environment creation](environment-configuration-methods-during.md) for other methods of configuring these settings during environment creation.
**Example .ebextensions/vpc.config – Public-private**
```
option_settings:
aws:ec2:vpc:
VPCId: vpc-087a68c03b9c50c84
AssociatePublicIpAddress: 'false'
ELBScheme: public
ELBSubnets: subnet-0fe6b36bcb0ffc462,subnet-032fe3068297ac5b2
Subnets: subnet-026c6117b178a9c45,subnet-0839e902f656e8bd1
```
This example shows a public-public configuration, where the load balancer and EC2 instances run in the same public subnets.
**Example .ebextensions/vpc.config – Public-public**
```
option_settings:
aws:ec2:vpc:
VPCId: vpc-087a68c03b9c50c84
AssociatePublicIpAddress: 'true'
ELBScheme: public
ELBSubnets: subnet-0fe6b36bcb0ffc462,subnet-032fe3068297ac5b2
Subnets: subnet-0fe6b36bcb0ffc462,subnet-032fe3068297ac5b2
```
# Migrating Elastic Beanstalk environments from EC2-Classic to a VPC
This topic describes different options for how to migrate your Elastic Beanstalk environments from an EC2-Classic network platform to an [Amazon Virtual Private Cloud](https://docs.amazonaws.cn/vpc/latest/userguide/) (Amazon VPC) network.
If you created your Amazon account before December 4, 2013, you might have environments that use the EC2-Classic network configuration in some Amazon Web Services Regions. All Amazon accounts created on or after December 4, 2013 are already VPC-only in every Amazon Region. The only exemptions are if Amazon EC2-Classic was enabled as a result of a support request.
**Note**
You can view the network configuration settings for your environment in the **Network configuration** category on the [Configuration overview](environments-cfg-console.md#environments-cfg-console.overview) page of the [Elastic Beanstalk console](https://console.amazonaws.cn/elasticbeanstalk).
## Why you should migrate
Amazon EC2-Classic will reach its end of standard support on August 15, 2022. To avoid interruptions to your workloads, we recommend that you migrate from Amazon EC2-Classic to a VPC before August 15, 2022. We also request that you don't launch any Amazon resources on Amazon EC2-Classic in the future and use Amazon VPC instead.
When you migrate your Elastic Beanstalk environments from Amazon EC2-Classic to Amazon VPC, you must create a new Amazon account. You must also re-create your Amazon EC2-Classic environments in your new Amazon account. No additional configuration work for your environments is required to use the default VPC. If the default VPC doesn't meet your requirements, manually create a custom VPC and associate it with your environments.
Alternatively, if your existing Amazon account has resources that you can't migrate to a new Amazon account, add a VPC into your current account. Then, configure your environments to use the VPC.
For more information, see the [EC2-Classic Networking is Retiring - Here's How to Prepare](https://www.amazonaws.cn/blogs/aws/ec2-classic-is-retiring-heres-how-to-prepare/) blog post.
## Migrate an environment from EC2-Classic into a new Amazon account (recommended)
If you don't already have an Amazon account that was created on or after December 4, 2013, create a new account. You will migrate your environments into this new account.
1. Your new Amazon account provides a default VPC to its environments. If you don't need to create a custom VPC, skip to step 2.
You can create a custom VPC in one of the following ways:
+ Create a VPC quickly using the Amazon VPC console wizard with one of the available configuration options. For more information, see [Amazon VPC console wizard configurations](https://docs.amazonaws.cn/vpc/latest/userguide/VPC_wizard.html).
+ Create a custom VPC on the Amazon VPC console if you have more specific requirements for your VPC. We recommend you do this, for example, if your use case requires a specific number of subnets. For more information, see [VPCs and subnets](https://docs.amazonaws.cn/vpc/latest/userguide/VPC_Subnets.html).
+ Create a VPC using the [elastic-beanstalk-samples](https://github.com/awsdocs/elastic-beanstalk-samples/) repository on the GitHub website if you prefer to use Amazon CloudFormation templates with your Elastic Beanstalk environments. This repository includes Amazon CloudFormation templates. For more information, see [Using Elastic Beanstalk with Amazon VPC](vpc.md).
**Note**
You can also create a custom VPC at the same time you recreate the environment in your new Amazon account using the [create new environment wizard](environments-create-wizard.md). If you use the wizard and choose to create a custom VPC, the wizard redirects you to the Amazon VPC console.
1. In your new Amazon account, create a new environment. We recommend that the environment includes the same configuration as your existing environment in the Amazon account that you're migrating from. You can do this by using one of the following approaches.
**Note**
If your new environment must use the same CNAME after you migrate, terminate the original environment on the EC2-Classic platform. This releases the CNAME for use. However, doing so can result in downtime for that environment and can also risk that another customer might select your CNAME between you terminating your EC2-Classic environment and creating the new one. For more information, see [Terminate an Elastic Beanstalk environment](using-features.terminating.md).
For environments that have their own proprietary domain name, the CNAME doesn't have this issue. You can just update your Domain Name System (DNS) to forward requests to your new CNAME.
+ Use the [create new environment wizard](environments-create-wizard.md) on the [Elastic Beanstalk console](https://console.amazonaws.cn/elasticbeanstalk). The wizard provides an option to create a custom VPC. If you don't choose to create a custom VPC, a default VPC is assigned.
+ Use the Elastic Beanstalk Command Line Interface (EB CLI) to re-create your environment in your new Amazon account. One of the [examples](eb3-create.md#eb3-createexample1) in the **eb create** command description demonstrates the creation of an environment in a custom VPC. If you don't provide a VPC ID, the environment uses the default VPC.
By using this approach, you can use a saved configurations file across the two Amazon accounts. As a result, you don't need to manually enter all the configuration information. However, you must save the configuration settings for the EC2-Classic environment that you're migrating with the [eb config save](eb3-config.md) command. Copy the saved configuration file to a new directory for the new account environment.
**Note**
You must edit some of the data in the saved configuration file before you can use it in the new account. You must also update information that pertains to your previous account with the correct data for your new account. For example, you must replace the Amazon Resource Name (ARN) of the Amazon Identity and Access Management (IAM) role with the IAM role ARN for the new account.
If you use the [eb create](eb3-create.md) command with the `cfg`, the new environment is created using the specified saved configuration file. For more information, see [Using Elastic Beanstalk saved configurations](environment-configuration-savedconfig.md).
## Migrate an environment from EC2-Classic within your same Amazon account
Your existing Amazon account might have resources that you can't migrate to a new Amazon account. In this case you must re-create your environments and manually configure a VPC for every environment you create.
### Migrate your environments to a custom VPC
**Prerequisites**
Before you begin, you must have a VPC. You can create a non-default (custom) VPC in one of the following ways:
+ Create a VPC quickly using the Amazon VPC console wizard with one of the available configuration options. For more information, see [Amazon VPC console wizard configurations](https://docs.amazonaws.cn/vpc/latest/userguide/VPC_wizard.html).
+ Create a custom VPC on the Amazon VPC console if you have more specific requirements for your VPC. We recommend you do this, for example, if your use case requires a specific number of subnets. For more information, see [VPCs and subnets](https://docs.amazonaws.cn/vpc/latest/userguide/VPC_Subnets.html).
+ Create a VPC using the [elastic-beanstalk-samples](https://github.com/awsdocs/elastic-beanstalk-samples/) repository on the GitHub website if you prefer to use Amazon CloudFormation templates with your Elastic Beanstalk environments. This repository includes Amazon CloudFormation templates. For more information, see [Using Elastic Beanstalk with Amazon VPC](vpc.md).
In the following steps, you use the generated VPC ID and subnet IDs when you configure the VPC in the new environment.
1. Create a new environment that includes the same configuration as your existing environment. You can do this by using one of the following approaches.
**Note**
The Saved Configurations feature can help you re-create your environments in the new account. This feature can save an environment’s configuration, so you can apply it when you create or update other environments. For more information, see [Using Elastic Beanstalk saved configurations](environment-configuration-savedconfig.md).
+ Using the [Elastic Beanstalk console](https://console.amazonaws.cn/elasticbeanstalk), apply a saved configuration from your EC2-Classic environment when you configure the new environment. This configuration will use the VPC. For more information, see [Using Elastic Beanstalk saved configurations](environment-configuration-savedconfig.md).
+ Using Elastic Beanstalk Command Line Interface (EB CLI), run the [eb create](eb3-create.md) command to re-create your environment. Provide the parameters of your original environment and the VPC identifier. One of the [examples](eb3-create.md#eb3-createexample1) in the **eb create** command description shows how to create an environment in a custom VPC.
+ Use the Amazon Command Line Interface (Amazon CLI), and re-create your environment using the **elasticbeanstalk create-environment** command. Provide the parameters of your original environment with the VPC identifier. For instructions, see [Creating Elastic Beanstalk environments with the Amazon CLI](environments-create-awscli.md).
1. Swap the CNAMEs of the existing environment with the new environment. This way, the new environment that you created can be referenced with the familiar address. You can use the EB CLI or the Amazon CLI.
+ Using the EB CLI, swap the environment CNAMEs by running the **eb swap** command. For more information, see [Setting up the EB command line interface (EB CLI) to manage Elastic Beanstalk](eb-cli3.md).
+ Using the Amazon CLI, swap the environment CNAMEs with the [ elasticbeanstalk swap-environment-cnames ](https://docs.amazonaws.cn/cli/latest/reference/elasticbeanstalk/swap-environment-cnames.html) command. For more information, see the [Amazon CLI Command Reference](https://docs.amazonaws.cn/cli/latest/reference/).