Risk level: Low (generally tolerable level of risk)

Rule ID: EC2-001

Check for any unattached Elastic IP (EIP) addresses in your AWS account and release (remove) them in order to lower the cost of your monthly AWS bill.

This rule can help you with the following compliance standards:

• MAS
• NIST 800-53 (Rev. 4)

This rule can help you work with the AWS Well-Architected Framework

Amazon Web Services enforce a small hourly charge if an Elastic IP (EIP) address within your account is not associated with a running EC2 instance or an Elastic Network Interface (ENI). nOps recommends releasing any unassociated EIPs that are no longer needed to reduce your AWS monthly costs.

Audit

To identify any unattached Elastic IPs currently available in your AWS account, perform the following:

Using AWS Console

1. Sign in to the AWS Management Console.
2. Navigate to VPC dashboard at https://console.aws.amazon.com/vpc/.
3. In the left navigation panel, under Virtual Private Cloud section, choose Elastic IPs.
4. Look for Association ID column as shown below.

Association ID is the right most column in this screenshot.

1. You can see a few Elastic IPs that are not currently associated with any running EC2 instances or Elastic Network Interfaces (ENIs). The unattached EIPs returned at this step can be safely released (see Remediation/Resolution section).
2. Change the AWS region from the navigation bar and and repeat the process for the other regions.

Using AWS CLI

1. Run describe-addresses command (OSX/Linux/UNIX) with a query to list all the Elastic IPs available in the selected region and not associated with any instance or Network Interface: