Analyze Elastic IP utilization historical past utilizing Amazon Athena and AWS CloudTrail

An AWS Elastic IP (EIP) handle is a static, public, and distinctive IPv4 handle. Allotted completely to your AWS account, the EIP stays below your management till you determine to launch it. It may be allotted to your Amazon Elastic Compute Cloud (Amazon EC2) occasion or different AWS sources equivalent to load balancers.

EIP addresses are designed for dynamic cloud computing as a result of they are often re-mapped to a different occasion to masks any disruptions. These EIPs are additionally used for functions that should make exterior requests to companies that require a constant handle for permit listed inbound connections. As your software utilization varies, these EIPs may see sporadic use over weeks and even months, resulting in potential accumulation of unused EIPs which will inadvertently inflate your AWS expenditure.

On this put up, we present you easy methods to analyze EIP utilization historical past utilizing AWS CloudTrail and Amazon Athena to have a greater perception of your EIP utilization sample in your AWS account. You should use this resolution usually as a part of your cost-optimization efforts to soundly take away unused EIPs to cut back your prices.

Resolution overview

This resolution makes use of exercise logs from CloudTrail and the ability of Athena to conduct a complete evaluation of historic EIP attachment exercise inside your AWS account. CloudTrail, a essential AWS service, meticulously logs API exercise inside an AWS account.

Athena is an interactive question service that simplifies knowledge evaluation in Amazon Easy Storage Service (Amazon S3) utilizing customary SQL. It’s a serverless service, eliminating the necessity for infrastructure administration and costing you just for the queries you run.

By extracting detailed info from CloudTrail and querying it utilizing Athena, this resolution streamlines the method of knowledge assortment, evaluation, and reporting of EIP utilization inside an AWS account.

To collect EIP utilization reporting, this resolution compares snapshots of the present EIPs, specializing in their most up-to-date attachment inside a customizable 3-month interval. It then determines the frequency of EIP attachments to sources. An attachment depend higher than zero means that the EIPs are actively in use. In distinction, an attachment depend of zero signifies that these EIPs are idle and will be launched, aiding in figuring out potential areas for value discount.

Within the following sections, we present you easy methods to deploy the answer utilizing AWS CloudFormation after which run an evaluation.

Conditions

Full the next prerequisite steps:

1. In case your account doesn’t have CloudTrail enabled, create a path, then seize the S3 bucket identify to make use of later within the implementation steps.
2. Obtain the CloudFormation template from the repository. You want this template.yaml file for the implementation steps.

Deploy the answer

On this part, you employ AWS CloudFormation to create the required sources. AWS CloudFormation is a service that helps you mannequin and arrange your AWS sources so to spend much less time managing these sources and extra time focusing in your functions that run in AWS.

The CloudFormation template creates Athena views and a desk to go looking previous AssociateAddress occasions in CloudTrail, an AWS Lambda perform to gather snapshots of present EIPs, and an S3 bucket to retailer the evaluation outcomes.

Full the next steps:

1. On the AWS CloudFormation console, select on Create stack and select With new sources (customary).
2. Within the Specify Template part, select an present template and add the template.yaml file downloaded from the conditions.
3. Within the Specify stack particulars part, enter your most well-liked stack identify and the present CloudTrail S3 location, and preserve the default settings for the opposite parameters.
4. On the backside of the Evaluation and create web page, choose the acknowledgement verify field, then select Submit.

Look forward to the stack to be created. It ought to take a couple of minutes to finish. You may open the AWS CloudFormation console to view the stack creation course of.

Run an evaluation

You may have configured the answer to run your EIP attachments evaluation. Full the next steps to research your EIP attachment historical past. Should you’re utilizing Athena for the primary time in your account, you might want to arrange a question outcome location in Amazon S3.

1. On the Athena console, navigate to the question editor.
2. For Database, select default.
3. Enter the next question and select Run question:

choose 
eip.publicip,
eip.allocationid,
eip.area,
eip.accountid,
eip.associationid, 
eip.PublicIpv4Pool,
max(associate_ip_event.eventtime) as latest_attachment,
depend(associate_ip_event.associationid) as attachmentCount
from eip LEFT JOIN associate_ip_event on associate_ip_event.allocationid = eip.allocationid 
group by 1,2,3,4,5,6

All of the required tables are created below the default database.

Now you can run a question on the CloudTrail logs to look again in time for the EIP attachment. This question gives you with higher perception to soundly launch idle EIPs so as to cut back prices by displaying how continuously every particular EIP was beforehand hooked up to any sources.

This report will present the next info:

• Public IP
• Allocation ID (the ID that AWS assigns to signify the allocation of the EIP handle to be used with cases in a VPC)
• Area
• Account ID
• latest_attachment date (the final time EIP was hooked up to a useful resource)
• attachmentCount (variety of attachments)
• The affiliation ID for the handle (if this subject is empty, the EIP is idle and never hooked up to any sources)

The next screenshot reveals the question outcomes.

Clear up

To optimize value, clear up the sources you deployed for this put up by finishing the next steps:

1. Delete the contents in your S3 buckets (eip-analyzer-eipsnapshot-* and eip-analyzer-athenaresulteipanalyzer-*).
2. Delete the S3 buckets.
3. On the AWS CloudFormation console, delete the stack you created.

Conclusion

This put up demonstrated how one can analyze Elastic IP utilization historical past to have a greater perception of EIP attachment patterns utilizing Athena and CloudTrail. Try the GitHub repo to usually run this evaluation as a part of your cost-optimization technique to determine and launch inactive EIPs to cut back prices.

You can too use Athena to research logs from different AWS companies; for extra info, see Querying AWS service logs.

Moreover, you’ll be able to analyze exercise logs with AWS CloudTrail Lake and Amazon Athena. AWS CloudTrail Lake is a managed knowledge lake that allows organizations to mixture, immutably retailer, and question occasions recorded by CloudTrail for auditing, safety investigation, and operational troubleshooting. AWS CloudTrail Lake helps the gathering of occasions from a number of AWS areas and AWS accounts. For CloudTrail Lake, you pay for knowledge ingestion, retention, and evaluation. Confer with AWS CloudTrail Lake pricing web page for pricing particulars.

Concerning the Creator

Aidin Khosrowshahi is a Senior Technical Account Supervisor with Amazon Net Companies primarily based out of San Francisco. He focuses on reliability, optimization, and bettering operational mechanisms along with his clients.