Unassociated Elastic IP’s - Nasty Little Buggers

Amazon's Elastic IP’s (EIP). Simple, useful, effective IPv4 address created for cloud computing. These are used to allow us users the ability to keep the same IP address for services even when the underlying compute resources changes. Designed to be used ‘you can have one EIP address associated with a running instance at no charge.’

That’s right no charge!!

But wait, why am I bringing this up if it’s free? Well similar to your cloudtrails, the first one is free but any additional IP address associated with a running instance cost $0.005 per hour. Also, and possibly more importantly, if the EIP is NOT associated with a running instance it is $0.005 per hour. This, I believe, is more important because this is where you can potentially save money! An unattached EIP costs $0.12 a day, which is $3.36 a month, which is approx $40.32 a year! Just for something that could be released quicker than you can say Quidditch.

Unattached EIP’s can occur through a simple events such as an error when deleting EC2’s and not completely cleaning up after yourself. The same can occur with Network Interfaces.

So how do you prevent yourself from leaving these EIPs around? Well a simple answer to that is deploy all infrastructure as code, not manually. This will initially prevent any random EIP’s being built and enable you to keep better control of what's in your account. Alongside this you can use an AWS config rule which can alert you if you have any EIP’s unattached in your account. Enabling you to rectify when necessary.

Ok so if you are starting out with a fresh account you can now ensure you don’t let yourself have unattached EIP’s that you don’t need. But maybe you already have an account, how can you check this? Well if you look in the EC2 Console, under Elastic IP's you can view all your EIP’s for that account in the current region. Looking at the ‘Association ID’ field you can see if any EIP’s are free, and their the ones costing you. Remove these by selected and clicking on the Dissociate Address, nice and simple.

However if you are like me and you have several accounts, this isn't really a viable option. So I have a couple of different options for you:

1. Roll out the Config rule and get an alert for all the unassociated EIP’s in your estate

2. Look at your billing data to find where you have been charged for EIP’s and these will either be unassociated or ones that have been attached to an EC2 that already had one

3. You can run this python script, with the eip option, to find all your unallocated EIP’s for your organization

All these options depend on how your estate is setup. If you can roll out config easily across your estate this should be done anyway and provide you will the data you need as well as prevent you from having issues in the future. If you have setup your billing data such as in the Cost and Usage Report blog post I did you can run:

SELECT line_item_resource_id, line_item_usage_account_id

FROM <database>.<Table>

where product_product_family = 'IP Address'

group by line_item_resource_id, line_item_usage_account_id

On your athena table and find the results of charges. However if you just want one script to find them all you can use the script.

Leaving these unattached EIP’s around in accounts can seem like an insignificant fee but keeping track of your resources is good practice in general. Say you leave some EIP’s in your account, next a domain renews that you no longer use, then maybe some old EC2’s don’t shut down. Insignificant at first but without controls and reviews you will end up racking a bill of resources you don’t even need! It’s like paying for a light to be on a room in your house that no one goes into, what's the point? FinOps cost optimisation is not always about stopping you stopping you spending more, it’s about stopping you wasting it.