Release & Remove AWS Elastic IP Addresses

Risk level: Low

Rule ID: EC2-003

Check for any unattached Elastic IP (EIP) addresses in your AWS account and release (remove) them in order to lower the cost of your monthly AWS bill.

This rule can help you with the following compliance standards:

This rule can help you work with the AWS Well-Architected Framework

Amazon Web Services enforce a small hourly charge if an Elastic IP (EIP) address within your account is not associated with a running EC2 instance or an Elastic Network Interface (ENI). nOps recommends releasing any unassociated EIPs that are no longer needed to reduce your AWS monthly costs.

Audit

To identify any unattached Elastic IPs currently available in your AWS account, perform the following:

 

Using AWS Console

1. Sign in to the AWS Management Console.

2. Navigate to VPC dashboard at https://console.aws.amazon.com/vpc/.

3. In the left navigation panel, under Virtual Private Cloud section, choose Elastic IPs.

4. Look for Association ID column as shown below.

Release & Remove Elastic IP Addresses

5. You can see a few Elastic IPs that are not currently associated with any running EC2 instances or Elastic Network Interfaces (ENIs). The unattached EIPs returned at this step can be safely released (see Remediation/Resolution section).

6. Change the AWS region from the navigation bar and and repeat the process for the other regions.

Using AWS CLI

1. Run describe-addresses command (OSX/Linux/UNIX) with a query to list all the Elastic IPs available in the selected region and not associated with any instance or Network Interface:

aws ec2 describe-addresses \\
--region us-east-1 \\
--query 'Addresses[?AssociationId==null]'

 
2. The command output should return an array with all the unassociated EIPs in the selected region and their metadata:

[
    {
        "PublicIp": "18.214.64.132",
        "AllocationId": "eipalloc-0287c07cca688eb9a",
        "Domain": "vpc",
        "PublicIpv4Pool": "amazon",
        "NetworkBorderGroup": "us-east-1"
    },
    {
        "PublicIp": "18.214.96.38",
        "AllocationId": "eipalloc-0a89fd84116786a5f",
        "Domain": "vpc",
        "PublicIpv4Pool": "amazon",
        "NetworkBorderGroup": "us-east-1"
    },
    {
        "PublicIp": "18.233.20.135",
        "AllocationId": "eipalloc-0c8bbeb5dd93e74a2",
        "Domain": "vpc",
        "PublicIpv4Pool": "amazon",
        "NetworkBorderGroup": "us-east-1"
    },
    {
        "PublicIp": "3.211.95.89",
        "AllocationId": "eipalloc-02646476a469723eb",
        "Domain": "vpc",
        "PublicIpv4Pool": "amazon",
        "NetworkBorderGroup": "us-east-1"
    }
]

 
3. Repeat step no. 1 and 2 to identify any unattached EIPs available in other AWS regions.
 

Remediation / Resolution

To release (remove) any unassociated Elastic IP (EIP) addresses available in your AWS account, perform the following:

IMPORTANT: Once released, you cannot reuse the Elastic IP again so make sure to update any DNS records that communicate with the EIP before removing it.

 

Using AWS Console

1. Sign in to the AWS Management Console.
 
2. Navigate to VPC dashboard at https://console.aws.amazon.com/vpc/.
 
3. In the left navigation panel, under Virtual Private Cloud section, choose Elastic IPs.
 
4. Look for Association ID column as shown below.
 
5. Select an unassociated Elastic IP returned, click the Actions dropdown button from the dashboard top menu and select Release Elastic IP Address.
 

 
6. In the Release Address confirmation box, review the unattached EIP(s) listed and click Release button to remove the selected EIP(s) from your AWS account.
 

 
7. Change the AWS region from the navigation bar and repeat steps no. 4 - 6 to remove any unassociated EIPs within the other regions.
 

Using AWS CLI

1. Run describe-addresses command (OSX/Linux/UNIX) with a query to list all the Elastic IPs available in the selected region and not associated with any instance or Network Interface:

aws ec2 describe-addresses \\
--region us-east-1 \\
--query 'Addresses[?AssociationId==null]'

 
2. The command output should return an array with all the unassociated EIPs in the selected region and their metadata (note AllocationId value as you will need it in next step):

[
    {
        "PublicIp": "18.214.64.132",
        "AllocationId": "eipalloc-0287c07cca688eb9a",
        "Domain": "vpc",
        "PublicIpv4Pool": "amazon",
        "NetworkBorderGroup": "us-east-1"
    },
    {
        "PublicIp": "18.214.96.38",
        "AllocationId": "eipalloc-0a89fd84116786a5f",
        "Domain": "vpc",
        "PublicIpv4Pool": "amazon",
        "NetworkBorderGroup": "us-east-1"
    },
    {
        "PublicIp": "18.233.20.135",
        "AllocationId": "eipalloc-0c8bbeb5dd93e74a2",
        "Domain": "vpc",
        "PublicIpv4Pool": "amazon",
        "NetworkBorderGroup": "us-east-1"
    },
    {
        "PublicIp": "3.211.95.89",
        "AllocationId": "eipalloc-02646476a469723eb",
        "Domain": "vpc",
        "PublicIpv4Pool": "amazon",
        "NetworkBorderGroup": "us-east-1"
    }
]

 
3. Run release-address command (OSX/Linux/UNIX) using the EIP allocation ID as identifier to release (delete) any unassociated Elastic IPs available in the selected region.

aws ec2 release-address \\
–-region us-east-1 \\
--allocation-id eipalloc-02646476a469723eb

 
4. Repeat step no. 3 to release (remove) any other unattached EIPs available in the selected region.
 
5. Repeat steps no. 1 – 3 to release any unattached EIPs available in other AWS regions.
 

Still Need Help?

Come see why we are the #1 cloud management platform and why companies like Uber, Dickey’s BBQ Pit and Norwegian Cruise Line trust nOps to manage their cloud.