AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Unassociated Elastic IP Addresses Should Be Removed
More Info:
Identify and remove any unassociated Elastic IP (EIP) addresses for cost optimization.
Risk Level
Low
Address
Cost Optimisation
Compliance Standards
AWSWAF, HITRUST, SOC2, NISTCSF
Triage and Remediation
Remediation
Sure, here are the step-by-step instructions to remediate the “Unassociated Elastic IP Addresses Should Be Removed” misconfiguration for AWS using the AWS console:
- Login to your AWS console.
- Go to the EC2 dashboard by clicking on the “Services” dropdown at the top of the page and selecting “EC2” under the “Compute” section.
- Click on the “Elastic IPs” link in the left-hand navigation menu.
- Look for any Elastic IP addresses that are not associated with an EC2 instance. These will be labeled as “Not associated” in the “Association ID” column.
- Select the unassociated Elastic IP address by checking the box next to it.
- Click on the “Actions” dropdown menu at the top of the page and select “Release addresses”.
- In the confirmation dialog box, click on the “Release” button to confirm the release of the unassociated Elastic IP address.
This will remove the unassociated Elastic IP address and remediate the misconfiguration.
To remediate the misconfiguration “Unassociated Elastic IP Addresses Should Be Removed” in AWS using AWS CLI, follow these steps:
-
Open your terminal and install AWS CLI if it is not already installed.
-
Run the following command to list all the unassociated Elastic IP addresses in your AWS account:
aws ec2 describe-addresses --filters "Name=association-id,Values=null" -
Identify the Elastic IP address that needs to be removed.
-
Run the following command to release the Elastic IP address:
aws ec2 release-address --public-ip <public-ip-address>Replace
<public-ip-address>with the actual Elastic IP address that needs to be removed. -
Verify that the Elastic IP address has been successfully released by running the following command:
aws ec2 describe-addresses --public-ips <public-ip-address>Replace
<public-ip-address>with the actual Elastic IP address that was removed. You should get an error message stating that the Elastic IP address does not exist. -
Repeat steps 4 and 5 for all the unassociated Elastic IP addresses in your AWS account.
-
Once you have removed all the unassociated Elastic IP addresses, verify that the misconfiguration has been remediated by running a security scan or audit tool.
To remediate the misconfiguration “Unassociated Elastic IP Addresses Should Be Removed” for AWS using python, you can follow the below steps:
- Import the necessary libraries:
import boto3
- Instantiate a boto3 EC2 client:
ec2 = boto3.client('ec2')
- Get a list of all unassociated Elastic IP addresses:
unassociated_ips = ec2.describe_addresses(
Filters=[
{
'Name': 'association-id',
'Values': [
''
]
}
]
)
- Loop through the unassociated Elastic IP addresses and release them:
for ip in unassociated_ips['Addresses']:
ec2.release_address(AllocationId=ip['AllocationId'])
- Verify that the unassociated Elastic IP addresses have been removed:
verified_ips = ec2.describe_addresses(
Filters=[
{
'Name': 'association-id',
'Values': [
''
]
}
]
)
if len(verified_ips['Addresses']) == 0:
print("All unassociated Elastic IP addresses have been removed.")
else:
print("There are still unassociated Elastic IP addresses.")
Note: Before running this code, make sure that you have AWS credentials set up on your machine.