In this hands-on guide we will demonstrate how to locate and remove unnecessary Elastic IP addresses in order to reduce Elastic IP costs on your AWS bill.
An Elastic IP is a static, public IPv4 address that you can allocate to your AWS account, and then associate it with an EC2 instance or a Network Load Balancer.
An Elastic IP is typically used for the following purposes:
Elastic IPs are charged for the number of hours that an Elastic IP is allocated to your AWS account, even if it is not associated with a running instance or a Network Load Balancer.
You can have one Elastic IP associated with a running instance at no charge.
If you associate additional Elastic IPs with that instance, you will be charged for each additional Elastic IP associated with that instance per hour on a pro rata basis. Additional Elastic IPs are only available in Amazon VPC.
Additionally, data transfer may be charged depending on the amount of data transferred and the region of the instances.
Note that if an Elastic IP is released, it cannot be associated with the account again without being charged for additional allocation.
The hourly rate for an Elastic IP varies by region, and you can find the current rate in the AWS pricing page.
Here’s a quick review for Elastic IP charges in the case it’s not associated with a running instance or when it’s associated with a stopped instance or unattached network interface
in us-east-1 (N. Virginia) Region:
So, let’s say you have 50 unattached Elastic IP addresses associated with your account,
you might be paying 50 x (24 hours x 30 days in month) x $0.005 = $180 a month for these unused resources.
It's important to be aware of unattached Elastic IPs, especially if you are using the older EC2-Classic service. When an EC2 instance is stopped, the associated Elastic IP will be disassociated and will incur hourly charges if not manually released. Additionally, having multiple Elastic IPs set to be associated with the same EC2 instance can also result in unattached addresses.
To find and release an Elastic IP using the console:
aws ec2 describe-addresses --filters "Name=domain,Values=vpc" --query "Addresses[?AssociationId==null]"
The --query option is used to filter the results further, so that only Elastic IPs that are not currently associated with any instances or load balancers are returned.
In case you’re using EC2-Classic, you may need to use the following command:
aws ec2 describe-addresses --query "Addresses[?InstanceId==null]"
#1 Elastic IPs that are not in a VPC do not have the ‘AssociationId’ property, but Elastic IPs in both VPC and EC2 Classic will output ‘InstanceId’.
#2 Elastic IPs are also attached to NAT gateways. In that case, ‘InstanceId’ value will be ‘null’, but ‘AssociationId’ is the field which will be present there in any scenario.
So, it’s better to use ‘AssociationId’ to be sure that Elastic IP is in use or not.
aws ec2 release-address --public-ip <public-ip>
Where <public-ip> is the Elastic IP address that you want to release.
With Lightlytics Architectural Standards you can easily find unattached Elastic IPs to be released using Lightlytics out-of-the-box Cost rules or you can create your own custom rules while using tags and various Elastic IP attributes.
Example architectural standard: Elastic IP not in use
This rule identifies any unattached (unused) Elastic IP addresses in your AWS account, so you can release (remove) them to lower the cost of your monthly AWS bill.
This rule can help you with the following compliance standards: MAS, NIST4
And also help you work with AWS Well-Architected Framework.
This architectural standard’s conditions:
Review rule violations: When there are violations for this rule (or any rule in our architectural standards), this view shows each violated resource including category, amount of violations, compliance frameworks and more.
Depending on your use case, a specific team can be notified via Slack (using Lightlytics’s Slack integration) whenever an Elastic IP gets unattached, So your teams can release these IPs as soon as they stop being used.
You can create your own custom rules using the rule creation wizard on Lightlytics.
Here’s a custom rule example:
The below custom rule checks for any unattached Elastic IP addresses using an attribute filter of ‘Associationid’ OR ‘Allocationid’ having an empty value, in a Dev Environment, by using the proper Tag filter.
Monitor your Elastic IPs
Keep an eye on the number of Elastic IP addresses that are allocated to your AWS account, as well as which addresses are associated with running instances and which ones are not. This will help you identify any unattached Elastic IPs that you may be paying for but not using.
Release unused Elastic IPs
If you have Elastic IPs that are not currently associated with any instances or load balancers, consider releasing them to avoid unnecessary charges.
Remap Elastic IPs
If an instance or availability zone experiences a failure, you can use an Elastic IP address to quickly remap the address to a running instance in another availability zone, without having to update DNS records.
Use Elastic IP for NAT gateway
You can use an Elastic IP address to create a NAT gateway, which enables instances in a private subnet to connect to the internet, while still maintaining their private IP addresses.
Use Elastic IP for custom domain
You can use Elastic IPs to point your custom domain to your server, allowing visitors to access your website or application using your domain name.
Automate the process
Use AWS CloudFormation or AWS Lambda to automate the release of unattached Elastic IP addresses.
Bring Your Own Public IP (BYOPIP)
BYOPIP is a feature that allows customers to bring their own public IP addresses to AWS and associate them with their instances or Network Load Balancer. This feature can be useful in situations where customers want to maintain the same IP address for their service, for example, for compliance or to maintain existing DNS entries.
Using BYOPIP may be more cost-effective than using Elastic IP addresses for long term usage, as you avoid hourly costs and are not subjected to data transfer costs as well.
For more details, check this FAQ
Be aware of the limits
AWS has a soft limit of 5 Elastic IP addresses per region per account, and you can request more by contacting AWS support.
Read Tal's other blog posts in this series:
Reach out to Tal on LinkedIn if you'd like to suggest other topics, tips & tricks to reduce AWS cost.