Open menu

EC2-VPC Elastic IP Address Limit

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Knowledge Base Best practice rules for Amazon Web Services AWS EC2 Best Practices EC2-VPC Elastic IP Address Limit
Performance
efficiency
Risk level: Medium (should be achieved)
Rule ID: EC2-010

Determine if the number of EC2-VPC Elastic IPs (EIPs) allocated per region is close to the limit number established by AWS for accounts that support Virtual Private Clouds (VPCs) and request limit increase in order to avoid encountering IP resource limitations on future EC2 provisioning sessions. As the IPv4 public IP addresses are a scarce resource nowadays, all AWS accounts are limited to 5 (five) Elastic IP addresses per region.

This rule can help you with the following compliance standards:

  • APRA
  • MAS

This rule can help you work with the AWS Well-Architected Framework

This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS

Monitoring your Elastic IP (EIP) limits will help you avoid public IP resources starvation in case you need to expand fast your AWS EC2-VPC infrastructure.

Audit

When you create your account, AWS sets automatically a fixed limit of 5 for the number of Elastic IPs available per region. To determine if your account has reached the EIP limit, perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under NETWORK & SECURITY section, choose Elastic IPs.

04 Click inside the EIP attributes filter box located under the dashboard top menu, choose Network Platform from the dropdown list and select EC2-VPC. This filtering technique will help you to detect how many Elastic IP addresses are currently allocated within the current AWS region in order to determine if your account has already reached the default limit of 5 (five) EIP addresses.

05 Change the AWS region from the navigation bar and repeat the process for other regions.

Using AWS CLI

01 Run describe-account-attributes command (OSX/Linux/UNIX) to expose the maximum number of Elastic IP addresses that you can allocate for your EC2-VPC infrastructure within the selected AWS region: 

aws ec2 describe-account-attributes
	--region us-east-1
	--attribute-names vpc-max-elastic-ips

02 The command output should return the limit set by AWS for the number of allocated EIPs as the value of the AttributeValue parameter: 

{
    "AccountAttributes": [
        {
            "AttributeName": "vpc-max-elastic-ips",
            "AttributeValues": [
                {
                    "AttributeValue": "5"
                }
            ]
        }
    ]
}

03 Run describe-addresses command (OSX/Linux/UNIX) using the AWS region name to determine how many Elastic IPs are currently allocated within the selected region (if the command does not produce an output, there are no Elastic IPs assigned): 

aws ec2 describe-addresses
	--region us-east-1
	--filters "Name=domain,Values=vpc"
	--output table
	--query 'Addresses[].PublicIp'

04 The command output should return all EIPs assigned in the US East region:

--------------------
| DescribeAddresses|
+------------------+
|  52.204.147.117  |
|  52.21.39.200    |
|  52.204.11.47    |
|  52.204.142.140  |
|  52.204.141.157  |
+------------------+

If the number of EIPs returned is equal to 5 and your architecture needs to scale up, we highly recommend that you open an AWS support case and request a limit increase for Elastic IPs as explained in the Remediation/Resolution section.

05 Repeat steps no. 1 – 4 to perform the CLI audit process for other AWS regions.

Remediation / Resolution

To request an increase for the EC2-VPC Elastic IP limit, you need to perform the following:

Note: Requesting to increase the limit for the number of Elastic IPs per region using the AWS API via Command Line Interface (CLI) is not currently supported.

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to AWS Support Center page at http://aws.amazon.com/contact-us/eip_limit_request/.

03 On the Create Case support page, perform the following:

  1. Under Regarding section, select Service Limit Increase.
  2. Choose Elastic IPs from the Limit Type dropdown list as the type of limit to increase.
  3. In the Request <number> section, perform the following actions:
    • Select the AWS region where an EIP limit increase is required from the Region dropdown list.
    • Select New VPC Elastic IP Address Limit from the Limit dropdown list.
    • In the New limit value box, enter the new EIP limit value to request for the selected region.
  4. If you need to add multiple limit requests (e.g. for other AWS regions), click the Add another request button to add as many requests as needed.
  5. In the Use Case Description textbox, describe your use case(s) so AWS Support can evaluate your request and understand your need for additional EIPs.
  6. Under Contact method, select a preferred contact method that AWS support team can use to respond to your request.
  7. Click Submit to send the limit request. A customer support representative will contact you shortly. Once the request is approved, you will be able to allocate new EC2-VPC Elastic IPs within the specified AWS regions.

References

Publication date Jun 9, 2016

Related EC2 rules

Thanks!

A verification email has been sent to

Thanks!

A verification email has been sent to

Thanks!

A verification email has been sent to