1. Open the AWS Management Console and navigate to the VPC dashboard.
2. Select the VPC containing the public subnet that the EC2 instance is in.
3. Select the Subnets tab and then select the public subnet that the EC2 instance is in.
4. Select the Route Table tab and then select the route table associated with the public subnet.
5. Remove the route that allows traffic to the internet gateway. This will prevent any traffic from the internet from reaching the EC2 instance.
6. Create a new route table and associate it with the public subnet.
7. Add a route to the new route table that allows traffic to reach the internet gateway. This will allow any traffic from the EC2 instance to reach the internet.
8. Launch a new EC2 instance in a private subnet and associate it with the new route table. This will ensure that the EC2 instance is not accessible from the internet.
9. Terminate the old EC2 instance in the public subnet.

​

1. Identify the public subnet in which the EC2 instance is running. You can do this by checking the subnet’s route table and confirming that it has a route to an Internet Gateway.
2. Create a new private subnet in the same VPC as the public subnet. This new subnet should have a non-overlapping CIDR block and should not have a route to an Internet Gateway.
3. Stop the EC2 instance that is running in the public subnet.
4. Modify the instance’s network interface to move it from the public subnet to the new private subnet. You can do this using the following command:

aws ec2 modify-network-interface-attribute --network-interface-id <network-interface-id> --subnet-id <new-private-subnet-id>

5. Start the EC2 instance.
6. Verify that the EC2 instance now has a private IP address in the new private subnet and does not have a public IP address. You can do this by checking the instance’s network interface settings.

1. First, you need to identify the EC2 instances that are in the public subnet. You can do this by using the describe_instances method of the boto3 library in Python.

import boto3

ec2 = boto3.client('ec2')

response = ec2.describe_instances(
    Filters=[
        {
            'Name': 'subnet-id',
            'Values': [
                'subnet-0123456789abcdef0',
            ]
        },
    ]
)

for reservation in response['Reservations']:
    for instance in reservation['Instances']:
        print(instance['InstanceId'])

2. Once you have identified the instances, you need to move them to a private subnet. To do this, you can modify the network interface of the instance and attach it to a private subnet. You can use the modify_network_interface_attribute method of the boto3 library to do this.

import boto3

ec2 = boto3.client('ec2')

response = ec2.modify_network_interface_attribute(
    NetworkInterfaceId='eni-0123456789abcdef0',
    Groups=[
        'sg-0123456789abcdef0',
    ],
    Description={
        'Value': 'Modified description'
    }
)

print(response)

3. After modifying the network interface, you need to verify that the instance is now in the private subnet. You can do this by checking the SubnetId attribute of the instance using the describe_instances method.

import boto3

ec2 = boto3.client('ec2')

response = ec2.describe_instances(
    InstanceIds=[
        'i-0123456789abcdef0',
    ],
)

for reservation in response['Reservations']:
    for instance in reservation['Instances']:
        print(instance['SubnetId'])