Amazon EC2
      Back to home
      1. Knowledge Base
      2. AWS Knowledge Base
      3. Amazon EC2

      VPC Elastic IP Limit Breach

      Ensure that the number of allocated VPC EIPs (Elastic IP) is under the AWS limits

      Risk Level: Low

      Description

      This plugin detects if the number of allocated VPC EIPs (Elastic IP) is close to the AWS per-account limit. AWS has a limit on certain resources. Exceeding those limits could prevent them from launching.

      About the Service

      Amazon EC2: Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. With the EC2 instance, you can launch as many virtual servers as you need, configure security and networking, and manage storage without worrying about the hardware needs of the process. 

      Elastic IP is a static, IPv4 address designed for dynamic cloud computing. In the event of failure of an instance, the Elastic IP address can be assigned to another instance for smooth functioning of the cloud infrastructure.

      Impact

      EIP stands for Elastic Internet Protocol. When an EC2 instance is created in AWS, it is automatically assigned a private and a public IP address. Public IP addresses are dynamic in nature. If the instance is restarted, it changes, which can make managing instances a cumbersome task.

      Elastic IPs, on the other hand, are static and remain unaffected by instance failures/restarts. AWS provides limited EIPs per account. Exceeding these limits can prevent the launching of resources associated with exceeded EIPs, resulting in the breakdown of cloud infrastructure.

      Steps to Reproduce

      Using AWS Console-

      1. Log In to your AWS Console.
      2. Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
      3. From the left navigation pane, migrate to the Network & Security section and select Elastic IPs.
      4. This will display a list of EIPs owned by you. By default, AWS permits 5 EIPs per account. If the list contains more than 5 EIPs, it means the limit has been exceeded.
      5. Repeat steps 3 to 4 for all the AWS accounts you want to investigate.

      Steps for Remediation

      Follow these steps to increase the VPC EIPs limit for your account:

      1. Log In to your AWS Console.
      2. Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
      3. From the top-right corner, click on Support and select Support Center from the drop-down menu.
      4. From the Open support cases section, click on Create case.
      5. Click the radio button corresponding to the Service limit increase.
      6. From the Case Details section, set the Limit type to Elastic IPs. 
      7. Select the region, the limit type, and the new increased limit for Elastic IPs for the AWS account. Provide the description for the requests.
      8. Finally, select the contact option best suited and click on the Save button. 
      9. Repeat steps 4 to 8 for all the vulnerable AWS Accounts.