AWS-EIP-001 is an AWS security check performed by cloud-audit, an open-source AWS security scanner. Checks for Elastic IPs that are allocated but not associated with any resource.

Why it matters

Unattached Elastic IPs cost $0.005/hour (approximately $3.65/month) each since February 2024, when AWS started charging for all public IPv4 addresses. An organization with 50 forgotten EIPs wastes over $2,000/year. Beyond cost, unattached EIPs represent IP addresses that were previously associated with your services - if released and reassigned to another AWS customer, they could receive traffic intended for your applications (a technique called IP squatting). Conversely, holding unused EIPs prevents other customers from using the scarce IPv4 address space. Either associate the EIP with an active resource or release it and use dynamic public IPs or IPv6 instead.

Common causes

Elastic IPs become unattached when the associated EC2 instance is terminated but the EIP was created separately and not cleaned up. Terraform configurations that manage EIPs and instances in different modules can leave orphaned EIPs when the instance module is destroyed. Teams allocate EIPs for future use or reserve them for specific projects that get cancelled, and the EIPs remain allocated indefinitely without anyone tracking them.

Detection

Run cloud-audit to detect this issue:

pip install cloud-audit
cloud-audit scan -R

The -R flag includes remediation details for every finding, including this one.

Remediation: AWS CLI

aws ec2 release-address --allocation-id ALLOC_ID --region REGION

Remediation: Terraform

# Remove the aws_eip resource or associate it:
resource "aws_eip_association" "this" {
  allocation_id = "eipalloc-xxx"
  instance_id   = aws_instance.example.id
}

This check is part of cloud-audit - install with pip install cloud-audit