iCompaas Support

Profile Applicability:

 Level 2

Description

Elastic IP addresses (EIPs) are public IPv4 addresses designed for use in Amazon Web Services (AWS). An EIP that is allocated but not associated with a running EC2 instance or network interface incurs costs unnecessarily. Ensuring that unassigned Elastic IPs are identified and released optimizes costs and reduces resource mismanagement.

Rationale

• Cost Optimization: AWS charges for unused Elastic IPs that are not associated with a resource. Releasing them avoids unnecessary expenses.

• Resource Management: Prevents mismanagement and unnecessary allocation of Elastic IPs.

• Environmental Impact: Promotes efficient use of AWS resources by reducing unused allocations.

Impact

Pros:

• Reduces monthly costs by releasing unused EIPs.

• Simplifies IP address management in large-scale environments.

• Encourages better resource hygiene and allocation practices.

Cons:

• Accidental release of needed EIPs may require reallocation and reconfiguration.

• May disrupt services if unused EIPs were intended for future use but not documented properly.

Default Value

By default, Elastic IPs remain allocated in your AWS account until explicitly released, even if not associated with an instance or network interface.

Pre-Requisite

IAM Permissions:

• ec2:DescribeAddresses

• ec2:ReleaseAddress

• AWS CLI installed and configured.

Remediation

Test Plan: 

Using AWS Console:

1. Sign in to the AWS Management Console.

2. Navigate to the EC2 Dashboard.

3. Select Elastic IPs from the left-hand navigation menu under the "Network & Security" section.

4. Identify any EIPs that are marked as "Not associated" in the Associated Resource column.

Using AWS CLI:

List all Unassociated Elastic IPs:

aws ec2 describe-addresses --query "Addresses[?AssociationId==null].{AllocationId:AllocationId,PublicIp:PublicIp}"

Implementation Steps:

 Using AWS Console:

1. Sign in to the AWS Management Console.

2. Navigate to the EC2 Dashboard

3. Select Elastic IPs from the left-hand menu.

4. Identify unassociated Elastic IPs.

5. For each unassociated EIP:

   • Select the Elastic IP address.

   • Click Actions, and choose Release Elastic IP Address.

6. Confirm the release to free the resource.

Using AWS CLI:

Release Unassociated Elastic IPs:

aws ec2 release-address --allocation-id <allocation-id>

1. Replace <allocation-id> with the Allocation ID of the unassociated Elastic IP.

Verify Remaining EIPs:

aws ec2 describe-addresses --query "Addresses[*]"

Backout Plan

Using AWS Management Console:

1. Sign in to the AWS Management Console.

2. Navigate to VPC > Elastic IPs.

3. Identify unassigned Elastic IPs:

   • Use the Unassociated filter to locate Elastic IPs not attached to any instance or network interface.

4. If an Elastic IP was mistakenly removed, allocate a new Elastic IP:

   • Click Allocate Elastic IP Address and associate it with the required instance or network interface.

5. Verify the association and ensure the Elastic IP is functioning as expected.

Using AWS CLI:

List all Elastic IPs and their associations:

aws ec2 describe-addresses

1. Identify unassigned Elastic IPs:

   • Look for Elastic IPs without an AssociationId in the output.

If an Elastic IP was mistakenly released, allocate a new Elastic IP:

aws ec2 allocate-address --domain vpc

Associate the Elastic IP with the required instance or network interface:

aws ec2 associate-address --instance-id <instance-id> --allocation-id <allocation-id>

2. Verify the updated configuration:
   aws ec2 describe-addresses

References

• AWS Elastic IP Documentation

• AWS CLI - Elastic IP Commands

CIS Controls