Ensure all EIP addresses allocated to a VPC are attached to EC2 instances

Error: Not all EIP addresses allocated to a VPC are attached to EC2 instances

Bridgecrew Policy ID: BC_AWS_NETWORKING_48
Checkov Check ID: CKV2_AWS_19
Severity: LOW

Not all EIP addresses allocated to a VPC are attached to EC2 instances

Description

Ensure that an Elastic IP (EIP) is allocated for each NAT gateway that you want to deploy within your AWS account. An EIP address is a static, public IP address designed for dynamic cloud computing. You can associate an AWS EIP address with any EC2 instance, VPC ENI or NAT gateway. A Network Address Translation (NAT) gateway is a device that helps enabling EC2 instances in a private subnet to connect to the Internet and prevent the Internet from initiating a connection with those instances. With Elastic IPs, you can mask the failure of an EC2 instance by rapidly remapping the address to another instance launched in your VPC

Fix - Buildtime

Terraform

  • Resource: aws_eip, aws_instance
  • Argument: instance and vpc of aws_eip
resource "aws_eip" "ok_eip" {
  instance = aws_instance.ec2.id
  vpc      = true
}

resource "aws_instance" "ec2" {
  ami               = "ami-21f78e11"
  availability_zone = "us-west-2a"
  instance_type     = "t2.micro"

  tags = {
    Name = "HelloWorld"
  }
}