Removing Unassociated Elastic IPs

Have you ever wondered why your Elastic IP (EIP) count is growing, and what’s behind the “ElasticIP:IdleAddress” line item on your AWS bill? This could be because there is an hourly charge for EIP addresses that are not associated with a running instance, when an EIP is associated with a stopped instance, or when there is an unattached network interface. In this post, we show how you can deploy an AWS Lambda function that searches all AWS Regions in your account for unassociated EIPs, documents them in a csv file stored in an Amazon Simple Storage Service (Amazon S3) bucket, and if you choose, releases them for you in order to optimize your costs.

Start by verifying any IdleAddress charges.

1. Navigate to AWS Cost Explorer in the AWS Management Console.
2. Choose Cost Explorer in the left pane.
3. Filter by usage type ‘Idle’ under Report Parameters.

Now you will see all ElasticIP:IdleAddress charges in your account. Using the Console, you can release up to 50 EIP at a time. This must be done per AWS Region. The following screenshot (figure 1) shows an example of this report.

AWS Cost Explorer IdleAddress Report Parameters

Deploying this solution

This solution and associated resources are available for you to deploy into your AWS account as an AWS CloudFormation template.

Prerequisites

For this walkthrough, you will need an AWS account.

What the CloudFormation template deploys

The CloudFormation template deploys the following resources into your AWS account:

• AWS Identity and Access Management (IAM)role for the Lambda with the following permissions
  • ec2:DescribeAddresses
  • ec2:DescribeRegions
  • ec2:ReleaseAddress
  • logs:CreateLogGroup
  • logs:CreateLogStream
  • logs:PutLogEvents
  • s3:PutObject
• Lambda function
  • eip-cleanup-py-<stack name>
• S3 Bucket

How to deploy the CloudFormation template

The following steps show how to deploy the CloudFormation template.

1. Download the yaml file here.
2. Sign in to the AWS Management Console using your AWS account and open the CloudFormation console.
3. Choose Create stack.
4. Choose Template is ready.
5. Choose upload a template file, and navigate to the yaml file that you just downloaded.
6. Choose Next.
7. For Name, enter what you want to use to identify the stack (max. length 30 characters).
8. (Optional) Enter tags and select Next.
9. Navigate to Capabilities, and select the box “I acknowledge that AWS CloudFormation might create IAM resources with custom names,” and select Submit.
10. Wait for the stack creation to complete.
11. Navigate to the AWS Lambda console, and navigate to Functions.
12. Select the Lambda function named eip-cleanup-py-<stack name>.
13. Navigate to the Code section of the Lambda function, select the Test tab, and select Test.
14. (Optional) If you would like the function to remove any unassociated IPs, then replace the code in the Event JSON in the Test tab with:

{
"operating_mode":"actual_deletion"
}

Lambda Event JSON

Once you run this solution in your account, it creates a csv file for you to review and uploads it into the S3 bucket that was created as part of the stack. The uploaded document contains a list of EIPs that, depending on the operating mode of the function, are unassociated and ready to be removed, or that have been removed.

Costs

There is a cost associated with using this solution, as it stores data in an S3 bucket. The solution runs the Lambda code, and in this case, the Lambda functions make API calls. The cost should be minimal. For example, if you are outside of the Lambda free tier, 400 EIPs across four AWS Regions would cost less than one cent USD.

All pricing details are available on the Amazon S3 and Lambda pages.

Cleaning up

If you decide that you no longer want to keep the function and associated resources, then:

1. Navigate to CloudFormation in the Console
2. Choose the stack (the one you named when it was deployed), and choose Delete.

This deletes all the resources except for the S3 bucket. To delete the S3 bucket, you must remove all contents and then manually delete.

Should you want to use this solution again in the future, simply create stack again from the CloudFormation yaml and following the instructions in this post.

Conclusion

You can use this solution to discover unassociated EIPs across AWS Regions in your account and take an action to release them. You can run this once and review the EIPs for deletion, or if you want to add more functionality, run this periodically using Amazon EventBridge Events. Using this solution quickly identifies and deletes unassociated EIPs and can help you optimize your costs.