More Info:

Identify and remove any unassociated Elastic IP (EIP) addresses for cost optimization.

Risk Level

Low

Address

Cost Optimisation

Compliance Standards

AWSWAF, HITRUST, SOC2, NISTCSF

Triage and Remediation

Remediation

Using Console

Sure, here are the step-by-step instructions to remediate the “Unassociated Elastic IP Addresses Should Be Removed” misconfiguration for AWS using the AWS console:
  1. Login to your AWS console.
  2. Go to the EC2 dashboard by clicking on the “Services” dropdown at the top of the page and selecting “EC2” under the “Compute” section.
  3. Click on the “Elastic IPs” link in the left-hand navigation menu.
  4. Look for any Elastic IP addresses that are not associated with an EC2 instance. These will be labeled as “Not associated” in the “Association ID” column.
  5. Select the unassociated Elastic IP address by checking the box next to it.
  6. Click on the “Actions” dropdown menu at the top of the page and select “Release addresses”.
  7. In the confirmation dialog box, click on the “Release” button to confirm the release of the unassociated Elastic IP address.
This will remove the unassociated Elastic IP address and remediate the misconfiguration.

To remediate the misconfiguration “Unassociated Elastic IP Addresses Should Be Removed” in AWS using AWS CLI, follow these steps:
  1. Open your terminal and install AWS CLI if it is not already installed.
  2. Run the following command to list all the unassociated Elastic IP addresses in your AWS account: aws ec2 describe-addresses --filters "Name=association-id,Values=null"
  3. Identify the Elastic IP address that needs to be removed.
  4. Run the following command to release the Elastic IP address: aws ec2 release-address --public-ip <public-ip-address> Replace <public-ip-address> with the actual Elastic IP address that needs to be removed.
  5. Verify that the Elastic IP address has been successfully released by running the following command: aws ec2 describe-addresses --public-ips <public-ip-address> Replace <public-ip-address> with the actual Elastic IP address that was removed. You should get an error message stating that the Elastic IP address does not exist.
  6. Repeat steps 4 and 5 for all the unassociated Elastic IP addresses in your AWS account.
  7. Once you have removed all the unassociated Elastic IP addresses, verify that the misconfiguration has been remediated by running a security scan or audit tool.
To remediate the misconfiguration “Unassociated Elastic IP Addresses Should Be Removed” for AWS using python, you can follow the below steps:
  1. Import the necessary libraries:
import boto3
  1. Instantiate a boto3 EC2 client:
ec2 = boto3.client('ec2')
  1. Get a list of all unassociated Elastic IP addresses:
unassociated_ips = ec2.describe_addresses(
    Filters=[
        {
            'Name': 'association-id',
            'Values': [
                ''
            ]
        }
    ]
)
  1. Loop through the unassociated Elastic IP addresses and release them:
for ip in unassociated_ips['Addresses']:
    ec2.release_address(AllocationId=ip['AllocationId'])
  1. Verify that the unassociated Elastic IP addresses have been removed:
verified_ips = ec2.describe_addresses(
    Filters=[
        {
            'Name': 'association-id',
            'Values': [
                ''
            ]
        }
    ]
)

if len(verified_ips['Addresses']) == 0:
    print("All unassociated Elastic IP addresses have been removed.")
else:
    print("There are still unassociated Elastic IP addresses.")
Note: Before running this code, make sure that you have AWS credentials set up on your machine.

Additional Reading: