An ec2 instance from a RHEL ami (i havent checked any other) only has the private address assigned to it.
i.e. ip addr
yields:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 02:6d:c3:86:ce:e0 brd ff:ff:ff:ff:ff:ff
inet 172.39.16.198/20 brd 172.39.31.255 scope global eth0
inet6 fe80::6d:c2ff:fe86:cee0/64 scope link
valid_lft forever preferred_lft forever
the public IP is working and the machine can be reached through it. It can can access the internet via the VPC's gateway.
But how do I make sure the interface has the public IP, so outgoing packages actually contain the correct IP? This is necessary for ipsec to work properly.