Unveiling the AWS Public IP Puzzle: Solvo’s Query and Cost-Saving Tips

Unveiling the AWS Public IP Puzzle Solvo's Query and Cost-Saving Tips

As we all heard back in July 2023, as of February 1st, 2024 AWS will start charging for public IPv4 addresses. The pricing is per resource, per hour. Meaning that for every EC2 you own, that works 24/7, you’ll pay an additional $3.6 a month. While this may not sound a lot, we came to realize that many AWS customers are unaware of the number of public IP addresses they actually consume. These can easily add up to an additional hundreds or thousands of dollars every month.

Public IP Address Type

While the Solvo platform’s main use is for security purposes, you can use it for Ops-related tasks. For example, look for entities with public IP addresses, to make sure you’re aware of your usage, terminate unnecessary instances, or block their internet access and public IP assignment.

Below is a Solvo customized query that checks for assignments of public IP addresses to popular resources. We are sharing this query so that even if you’re not a Solvo customer, you can use its logic and run an analysis on your environment. Solvo users can run this query in the compliance query builder as a one-off or add it to one of their bundles for continuous validation. Please note that we will flag all resources with a public IP address. Some of them probably have that configuration rightfully. Don’t forget to exclude these resources so we will not flag them later on, and only newly assigned resources or previously unfixed resources will appear.

package Solvo
import future.keywords

get_description(eni) := description {
	eni.Description != null
	description := eni.Description

get_description(eni) := description {
	eni.Description == null
	description := eni.Attachment.InstanceId

noncompliant_entities [item] {
	eni := data.awsEc2NetworkInterfaces[_]
  eni.Association.PublicIp != null
	item = {"Id": eni.Id, "Region": eni.Region, "PublicIP": eni.Association.PublicIp,  "Description": get_description(eni)}

results := noncompliant_entities

OK, I found all my assets with a public IP address, what’s next?

Here are a few steps you should consider, based on your needs and architecture:

  1. Start by removing unnecessary public IP addresses from assets that don’t need public access
  2. Move to IPv6 at no additional cost (for now 🤭)
  3. Use middleware like NATGW or Firewall and only assign a public IP address to them

If you’re not a Solvo user but still want to inspect your environment and make sure there are no surprises with the AWS February bill, you can use Solvo’s free trial and run the suggested query. To start your free trial click here.

Illuminate Cloud Risks, Empower Security.

Discover and address cloud risks effectively and empower your security team with the autonomy they need.

Or explore on your own time with a free trial

Request a demo