cityofaustin / atd-data-tech

Austin Transportation Data & Technology Services
18 stars 2 forks source link

Release unused elastic IPs from AWS account #18452

Open frankhereford opened 4 months ago

frankhereford commented 4 months ago

AWS allows 6 elastic IPs to be allocated per account, and we're at that cap. 👎

Of our 6, only 1 is connected to a resource, and the rest are idle. I have temporarily reused one of the 5 idle ones for the VZ data model workspace machine.

Idle EIPs are $15/month, so we've been spending $75/month for no return. 💸

This issue is to make 100% sure that we can release those IPs and stop paying for those resources -- not to mention, being able to allocate new ones as needed. It would also include finding any DNS entries we may have on these and cleaning those up too.

frankhereford commented 4 months ago

@mddilley - for when you are ready to bring this on -- thanks!

frankhereford commented 1 month ago

EC2 resources

aws ec2 describe-instances --filters "Name=vpc-id,Values=vpc-xxxxxxxx"

Subnets

aws ec2 describe-subnets --filters "Name=vpc-id,Values=vpc-xxxxxxxx"

Security Groups

aws ec2 describe-security-groups --filters "Name=vpc-id,Values=vpc-xxxxxxxx"

Network Interfaces

aws ec2 describe-network-interfaces --filters "Name=vpc-id,Values=vpc-xxxxxxxx"

Classic Load Balancers

aws elb describe-load-balancers --query 'LoadBalancerDescriptions[?VPCId==`vpc-xxxxxxxx`]'

Application / Network Load Balancers

aws elbv2 describe-load-balancers --query 'LoadBalancers[?VpcId==`vpc-xxxxxxxx`]'
mddilley commented 1 month ago

@mddilley make issue to capture larger organization of AWS resources that is blocking the removal of the elastic IPs.

frankhereford commented 1 month ago

@mddilley and I were talking today, and he reminded me that I owed this issue some extra information about why it is blocked. We have a fair number of private subnets that require NAT to get out to the internet. These NAT services need real, routable internet IPs, so we have EIPs dedicated to them, as one would. The trick is that we don't host any services on these subnets, so we're paying for those IPs and NAT services for no benefit. The restructuring / elimination of these subnets and their incorporated EIPs is what is blocking this issue.