Amazon EC2

Unassociated Elastic IP Addresses

This plugin ensures all Elastic IPs are allocated to a resource

Risk Level: Medium

Description

This plugin ensures all Elastic IPs are allocated to a resource. To avoid accidental usage or reuse and to save costs, Elastic IPs must be associated with a network interface. 

About the Service

Amazon EC2: Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. With the EC2 instance, you can launch as many virtual servers as you need, configure security and networking, and manage storage without worrying about the hardware needs of the process. Security Groups act as a firewall for an EC2 instance to control the incoming and outgoing traffic. You can read more about security groups here.

Impact

As described by AWS, an Elastic IP address is a static IPv4 address designed for dynamic cloud computing. Instance failures can be masked by using Elastic IP addresses. It avoids the task of remapping the address every time the instance restarts. In order to avoid unexpected charges, the Elastic IP address must have an association.

Steps to Reproduce

Using AWS Console-

  1. Log In to your AWS Console.
  2. Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
  3. Move to the Elastic IPs in the Network & Security section from the left navigation pane.
  4. Scroll right to the Association ID column. If the association ID is empty, the vulnerability exists.
  5. Repeat steps for all the IPs you want to investigate.

Steps for Remediation

Delete the unassociated Elastic IP.

  1. Log In to your AWS Console.
  2. Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
  3. Move to the Elastic IPs in the Network & Security section from the left navigation pane.
  4. Select the vulnerable IP address by clicking on the checkbox next to it. From the Actions menu, select Release Elastic IP address.
  5. Repeat steps for all the vulnerable IPs.