Ensure all unused Elastic IPs are deleted

Error: Unused Elastic IPs are present

Bridgecrew Policy ID: BC_AWS_GENERAL_19
Severity: LOW

Unused Elastic IPs are present

Description

AWS charges for unused or unallocated Elastic IPs as these are a finite resource. Elastic IPs can sometimes be overlooked when infrastructure is decommissioned. Its is sub-optimal to pay for a resource you aren't using. Checking for unused Elastic IPs enables costs to be aligned with usage.

Fix - Runtime

EC2 console

Open your AWS console to EC2 for your region e.g. https://eu-west-2.console.aws.amazon.com/ec2/v2/home?region=eu-west-2#Addresses:

2350

If you have any unallocated Public IPs (They will show no value for Association ID), select them and choose "Release Elastic IP address".

3518

CLI command

If you run the AWS cli command:
aws ec2 describe-addresses

Find all the Elastics IPs that don't have an allocated id and then use:

aws ec2 release-address --public-ip <theIPyoudontneed>

https://docs.aws.amazon.com/cli/latest/reference/ec2/release-address.html

Fix - Buildtime

Terraform

In the unlikely event that you have an unallocated elastic IP in Terraform, then you will need to de-provision it with Terraform destroy:

resource "aws_eip" "lonely-ip" {}

CloudFormation

  • Resource: "AWS::EC2::EIP"
    If you have managed to provision an unassociated Elastic IP in Cloudformation, you will need to find the resource that has the type: "Type" : "AWS::EC2::EIP" and delete that section. Make sure there is no AWS::EC2::EIPAssociation for that Elastic IP and double check its association before attempting the edit.