Cost

Release unattached Elastic IPs

An Elastic IP that isn't attached to anything still bills ~$3.65/month — and since 2024 even the ones in use cost money. Find the orphans and release them safely.

11 min·10 sections·AWS

Last reviewed 27 May 2026

Unattached Elastic IPs: the basics

Why a public IP you allocated and forgot keeps billing

An Elastic IP (EIP) is a static public IPv4 address you allocate to your account and then associate with a running instance or network interface. AWS has always charged for an EIP that is allocated but not doing useful work — specifically when it is not associated with a running instance, when it's associated with a stopped instance, or when it sits on a network interface that isn't attached to anything. That idle charge is roughly $0.005 per hour, about $3.65 per month, per address.

Since February 1, 2024 the picture got broader: AWS now charges $0.005/hour for every public IPv4 address in your account — including ones actively associated with running instances — because IPv4 is a scarce, paid resource. So the EIP on your healthy web server now costs the same $3.65/month as the orphaned one. This lesson is about the orphans specifically: addresses you're paying for that aren't earning anything, because they're the pure-waste subset that's safe to reclaim.

EIPs get flagged because the asymmetry catches people out. An address is small, invisible in most consoles, and survives the thing it was attached to. Terminate an instance and its EIP is automatically disassociated but stays allocated to your account — still billing — until someone explicitly releases it. One stranded EIP is a rounding error; three hundred of them across a long-lived organisation is a real, recurring line item with nothing on the other side of it.

In this lesson you'll learn the two billing mechanics at play — the long-standing idle-EIP charge and the universal IPv4 charge introduced in February 2024 — and how addresses get stranded after an instance is terminated, stopped, or detached. You'll see the AWS CLI commands to find every unassociated EIP and release it, the small-per-resource / large-in-aggregate pattern that makes this worth a cadence, the IPv6 migration angle as the long-term fix, and the one real risk: releasing an address that something off-platform still points at — a customer firewall allowlist, a DNS A record, or a BYOIP block.

Fun fact

The day every IPv4 address got a price tag

Before February 1, 2024, AWS only charged for idle Elastic IPs — an address attached to a running instance was free. Then AWS started charging $0.005/hour for every public IPv4 address in every account, in-use or not, citing a 300%+ rise in the cost of acquiring IPv4 blocks over the prior five years. Overnight, organisations with tens of thousands of public IPs saw a brand-new five- and six-figure annual line item appear with zero change to their architecture. It turned a long-ignored cleanup task — releasing stranded addresses — into something with a visible, immediate payback, and quietly made IPv6 a budget conversation rather than a purely technical one.

Reclaiming stranded Elastic IPs in action

Dani runs the monthly FinOps cadence at a logistics company with about 30 AWS accounts. The dashboard flags 47 Elastic IPs that are allocated but associated with nothing — roughly $172 a month, and the count has crept up steadily since the IPv4 charge landed. Most trace back to instances that were terminated months ago; the addresses just never got handed back.

Dani doesn't release them blind. The real risk isn't anything inside AWS — a stranded EIP breaks nothing by definition. The risk is something outside AWS still pointing at the address: a customer's firewall allowlist pinned to a specific IP, a DNS A record nobody updated, or a partner integration that whitelisted the address years ago. So before releasing each one, Dani checks Route 53 and the team's runbooks for any reference to the address.

Two of the 47 turn out to be live: one is a static egress IP a payments partner has allowlisted, the other is in a DNS A record for a legacy admin endpoint. Those get tagged Lifecycle=pinned and left alone. The remaining 45 have no references anywhere — terminated instances, an old NAT that was replaced, a detached ENI from a deleted load balancer. Dani releases all 45 in one scripted pass: about $164/month reclaimed, total elapsed time under fifteen minutes.

First, list every Elastic IP in the account that is not associated with anything. An EIP with a null AssociationId is allocated, billing, and attached to nothing.

$ aws ec2 describe-addresses --query "Addresses[?AssociationId==null].{IP:PublicIp,Alloc:AllocationId,NIC:NetworkInterfaceId,Name:Tags[?Key=='Name']|[0].Value}" --output table

------------------------------------------------------------------------

| DescribeAddresses |

+----------------+---------------------------+--------+----------------+

| IP | Alloc | NIC | Name |

+----------------+---------------------------+--------+----------------+

+----------------+---------------------------+--------+----------------+

# All three are unassociated and billing — but check for off-platform references first.

Every address with a null AssociationId is allocated, unattached, and costing ~$3.65/month.

Once you've confirmed nothing off-platform references the address (no DNS A record, no firewall allowlist, not a BYOIP block someone depends on), release it by allocation ID.

$ aws ec2 release-address --allocation-id eipalloc-0aa11bb22cc33dd

# (no output on success — the address returns to the AWS pool immediately)

$ aws ec2 describe-addresses --allocation-ids eipalloc-0aa11bb22cc33dd

An error occurred (InvalidAllocationID.NotFound) when calling the

DescribeAddresses operation: The allocation ID 'eipalloc-0aa11bb22cc33dd' does not exist

# Gone — and you cannot get this exact address back, so the allowlist check is non-negotiable.

Release is instant and irreversible — the address goes back to AWS's pool and is almost certainly gone for good.

Elastic IP billing under the hooddeep dive

There are two separate meters. The long-standing one charges $0.005/hour (~$3.65/month) for an Elastic IP that is not associated with a running instance — i.e. allocated but idle, associated with a stopped instance, or sitting on an unattached network interface. The second, live since February 1, 2024, charges the same $0.005/hour for every public IPv4 address in the account regardless of state, including EIPs and auto-assigned public IPs on running instances. The first is the waste subset you can reclaim by releasing; the second is the cost of using IPv4 at all, which you reduce by using fewer public addresses (or migrating to IPv6).

The key state field is AssociationId. An EIP returned by describe-addresses with a null AssociationId is attached to nothing — that's the unambiguous orphan. An EIP with a non-null AssociationId but a NetworkInterfaceId whose ENI is itself detached (status available rather than in-use) is a subtler case: it's technically associated, but to a dead interface, and still on the idle meter. Terminating an instance auto-disassociates its EIP but never releases it — the allocation persists in your account until an explicit release-address call.

Releasing is irreversible in practice. The address returns to AWS's regional pool and is recycled to other customers; you will almost never get the same IP back. That's precisely why the only real risk here lives outside AWS: anything that hardcoded the address — a customer's firewall allowlist, a third-party API whitelist, a DNS A record, a BYOIP arrangement — will silently break, and you can't undo it. The CLI gives you nothing to confirm those references; that check is a runbook and DNS step, not an API call.

# Find unassociated EIPs, then check Route 53 for any A record pointing at each
# address BEFORE releasing. The DNS check is the safety gate, not the API call.
for alloc in $(aws ec2 describe-addresses \
      --query "Addresses[?AssociationId==null].AllocationId" --output text); do
  ip=$(aws ec2 describe-addresses --allocation-ids "$alloc" \
        --query 'Addresses[0].PublicIp' --output text)
  echo "== $alloc -> $ip =="
  # Scan every hosted zone for an A record resolving to this IP.
  for zone in $(aws route53 list-hosted-zones --query 'HostedZones[].Id' --output text); do
    aws route53 list-resource-record-sets --hosted-zone-id "$zone" \
      --query "ResourceRecordSets[?Type=='A' && contains(ResourceRecords[].Value, '$ip')].Name" \
      --output text
  done
done
# Only release allocations that printed no DNS hits AND clear the firewall/allowlist review.

What is the impact of unattached Elastic IPs?

The direct cost is small per address and material in aggregate. One stranded EIP is ~$3.65/month — genuinely a rounding error. But this is a category that scales with sprawl: 50 orphans is ~$180/month, 300 is ~$1,100/month, and a large multi-account organisation that's been running since before anyone cared about IPv4 charges routinely carries well into four figures a month of addresses attached to nothing. The meter runs every hour regardless, and unlike compute there's no usage variable — it's a flat fee for an idle resource.

The 2024 universal IPv4 charge changed the economics of the whole category, not just the orphans. Before then, only idle EIPs cost money, so cleanup had a tiny payback and rarely made anyone's list. Now every public address in the fleet is metered, which means the in-use addresses you can't simply release become a standing cost that only architecture — fewer public IPs, NAT consolidation, IPv6 — can reduce. The orphan cleanup is the easy, immediate win; the larger structural cost is the conversation it should prompt.

There's a hidden-resource angle too. Orphaned EIPs hide on detached ENIs left behind by deleted load balancers, terminated instances, and replaced NAT Gateways — places nobody looks. Without tagging, it's hard to tell which addresses are deliberately pinned (a static egress IP a partner allowlisted, a DNS-fronted endpoint) and which are pure debris. That ambiguity is exactly what makes people leave the whole category alone, which is how it grows.

Finally, a stranded public IP is a small attack-surface and audit item, not just a cost one. An address that still resolves in DNS but points at nothing, or one a partner still allowlists but you've forgotten about, is the kind of loose end that surfaces in a security review. Reclaiming orphans tightens the surface as much as it trims the bill — the cost report is just the easiest place to see the mess.

How do you release unattached Elastic IPs safely?

Cleanup is a four-step loop: inventory every unassociated address, confirm nothing off-platform references it, release the clear ones, and adopt conventions (plus IPv6 where you can) so the orphans don't come back.

1. Inventory every unassociated address across regions and accounts

Run describe-addresses in every region and account and filter to AssociationId == null. Capture the public IP, allocation ID, any Name/owner tag, and whether it sits on a detached ENI. Also watch the subtler case: an EIP associated with a network interface whose ENI is available (detached) rather than in-use — still idle, still billing. Anything with no tag and no association is a candidate.

2. Check for off-platform references before touching anything

This is the whole risk and it lives outside AWS. For each candidate address, confirm there is no DNS A record pointing at it (scan your Route 53 zones and any external DNS), no customer or partner firewall allowlist pinned to it, and that it isn't part of a BYOIP block someone depends on. Release is irreversible — you won't get the same IP back — so a hardcoded allowlist or stale DNS record is the one thing that turns a safe cleanup into an outage. When in doubt, tag Lifecycle=pinned and leave it.

3. Release the confirmed orphans by allocation ID

For addresses that cleared the reference check, call release-address --allocation-id eipalloc-.... There's no snapshot or undo here as there is with storage — the safety net is entirely the step-2 check, so don't skip it. Batch the releases in a single scripted pass and log each one (IP, allocation ID, date, who approved) so there's a record if a forgotten dependency surfaces weeks later.

4. Prevent recurrence with conventions and IPv6

Make releasing an address part of the same change that decommissions the resource it served — a decommission checklist or an AWS Config rule that flags long-lived unassociated EIPs. Tag deliberately-kept addresses Lifecycle=pinned with an owner so the next audit is short. The structural long-term fix is IPv6: addresses in the IPv6 space aren't metered the way scarce IPv4 is, so migrating public-facing and egress paths to IPv6 shrinks the whole category, not just the orphans.

# Inventory unassociated EIPs, then release only the ones you've cleared.
# RUN THE DNS / ALLOWLIST CHECK FIRST — release-address is irreversible.
REGION=us-east-1

aws ec2 describe-addresses --region $REGION \
  --query "Addresses[?AssociationId==null].[AllocationId,PublicIp]" --output text

# After confirming no DNS A record and no firewall allowlist references each IP:
for alloc in eipalloc-0aa11bb22cc33dd eipalloc-0bb22cc33dd44ee; do
  echo "Releasing $alloc"
  aws ec2 release-address --region $REGION --allocation-id "$alloc"
done

Quick quiz

Question 1 of 5

You find an Elastic IP with a null AssociationId that's been billing for months. Before you run release-address, what's the single most important thing to confirm?

Keep learning

Dig deeper into Elastic IP mechanics, the 2024 IPv4 pricing change, and the IPv6 path that shrinks the whole category.

You've completed Release unattached Elastic IPs. You now know the two billing meters — the long-standing idle-EIP charge and the universal IPv4 charge from February 2024 — how addresses get stranded after a resource is deleted, the inventory-check-release loop, and the one real risk: an off-platform allowlist or DNS record pinned to an address you're about to give back. Next time the wastage report flags an unattached EIP, you'll have a defensible path from "flagged" to "released" in minutes.

Back to the library

Unattached Elastic IPs: what it means for the bill

A tiny per-line charge that multiplies quietly

An Elastic IP is just a public internet address that a workload uses to be reachable. The relevant fact for the bill is simple: AWS charges a small hourly fee — about $3.65 a month — for an address that is allocated to your account but not actively attached to a running machine. It has always worked this way for idle addresses. Since early 2024 AWS also charges for the addresses that are in use, at the same rate, because IPv4 addresses are genuinely scarce and AWS is pricing accordingly.

This finding is about the idle ones — addresses left behind when a server was deleted, when a machine was switched off, or when a piece of networking was decommissioned but the address was never handed back. Each one is roughly $3.65 a month, forever, on no activity. That sounds trivial, and per address it is. The reason it lands on a cost report is aggregation: a few hundred stranded addresses across dozens of accounts is comfortably over $1,000 a month of pure waste, recurring indefinitely, attached to nothing.

For budgeting purposes this category behaves like other small-but-sticky hygiene items: it's easy to create (anyone can allocate an address), it survives the resource it was meant for, and nobody feels ownership of it. The right framing at a cost review isn't "how big is the IP bill" — it's "how many addresses are we paying for that aren't attached to anything, and is that number flat?" A growing count is a tagging-and-lifecycle signal long before it's a dollar problem.

This lesson is for the finance partner who sees a small, opaque "public IPv4" or "Elastic IP" charge and wants to know whether it's worth caring about. It explains why the charge exists, why the idle subset is pure waste, what a reasonable number looks like, and the practical levers — reporting the count not just the dollar, ownership conventions, and a release cadence — that keep it small without learning any AWS internals. By the end you'll know the one question to ask at the monthly review and how to read the answer.

Fun fact

The day every IPv4 address got a price tag

How a finance partner closes the loop

Priya is the finance partner embedded with the platform team. At the monthly cost review a new-ish line — "public IPv4 / Elastic IP" — has been ticking up since the 2024 pricing change, and she asks the question that's now standing on the agenda: "How many addresses are we paying for that aren't attached to anything, and what's that costing us a month?" The answer is 47 addresses, about $172 — small in absolute terms, but it's been growing every month, which is the part that matters.

The conversation isn't technical. Priya doesn't ask about subnets or interfaces. She asks three things: how many are genuinely orphaned versus pinned for a reason, who can confirm the orphaned ones aren't referenced off-platform, and how long the cleanup takes. The platform lead explains that releasing them is near-zero-risk except where something external — a customer firewall rule, a DNS record — points at the address, and that the check for that is quick. Priya gets a commitment to clear the orphans this sprint and to add the count to the recurring finance pack so it can't drift back up unnoticed.

Two months later the same line shows a residual of about $7 — two intentionally pinned addresses with documented owners. Priya knows that's the right floor, and she knows that if the orphan count climbs back above a handful, it means cleanup isn't closing the loop after instances are deleted. The dollar figure is small; she treats the count and its trend as the real metric.

Why this matters to the budget, not just the bill

The direct line-item impact is small per resource and only matters in aggregate. Most environments carry somewhere between a few dozen and a few hundred dollars a month of orphaned-address cost — a fraction of a percent of total cloud spend. It won't move a quarterly number on its own, but it's exactly the kind of charge that lands in "unexplained variance" when budgets are tight, and finance ends up asking what a vague "public IPv4" line even is.

The 2024 pricing change is the part worth understanding at a budget level. A standing per-address fee on every public IP appeared with no architectural change on your side — so a chunk of this line is now structural, not waste, and reducing it means engineering decisions (fewer public addresses, IPv6 adoption) rather than cleanup. The orphan subset is the part you can act on immediately; separating "waste we can release this month" from "structural cost that needs an architecture change" is the useful framing to bring to the review.

This category also tests chargeback. Orphaned addresses are by definition unowned — the resource they served is gone — so the cost can't be cleanly assigned to a team. Every untagged orphan is a dollar that gets absorbed centrally or argued over. Making teams own (and release) the addresses tied to resources they decommission keeps the chargeback model honest at near-zero effort.

Treat it as a leading indicator. A growing orphan count — separate from the dollar amount — is one of the cleanest signals that cleanup isn't closing the loop when resources are deleted. That same gap predicts larger waste categories (idle volumes, stopped instances, unused gateways) drifting in the same direction. Watch the count and its trend, not the absolute spend.

What finance can actually do about this

Finance can't release addresses, but it can set the conditions that keep the orphan count near zero. Three levers, used at the monthly cadence.

1. Report the count, not just the dollar

Add "public IPs attached to nothing" as a standing line on the cost pack, showing both the monthly dollar and the orphan count. The dollar is small and unalarming; the count is the leading indicator. A count that grows two months running is the prompt to escalate, long before the dollar amount looks material.

2. Separate waste from structural cost

Since 2024 every public IP is metered, so part of this line is the cost of using IPv4 at all, not waste. Ask engineering to split it: orphaned addresses you can release this month versus in-use addresses that only architecture (NAT consolidation, IPv6) can reduce. That split tells you what's a cleanup task and what's a roadmap conversation.

3. Make decommission-includes-release the rule

The agreement with each team should be that retiring a resource includes releasing the address it used — and that any unowned, unassociated address counts against the team's budget regardless of who left it behind. That single convention does more than any one-off cleanup, because it stops orphans being created in the first place.

4. Treat the trend as the metric

A small, flat residual of deliberately-pinned addresses is fine and expected. The right question isn't "why isn't this zero?" but "is the orphan count staying flat?" A creeping count with a small dollar figure is worse than a static larger one, because it signals the cleanup loop is slipping.

Quick quiz

Question 1 of 5

The 'public IPv4 / Elastic IP' line has grown since early 2024 and the orphan count has crept from 20 to 60 over six months. The total is small but the trend is up. What's the right next move?

Keep learning

Dig deeper into Elastic IP mechanics, the 2024 IPv4 pricing change, and the IPv6 path that shrinks the whole category.

You've finished the finance partner's view of unattached Elastic IPs. You know why the charge exists, why the orphan subset is pure waste while the rest is structural since 2024, and the three finance levers — report the count not just the dollar, separate waste from structural cost, and make decommission-includes-release the rule. Next time the public-IP line shows up at the review, you'll have a sharper question than "what is this charge?"

Back to the library

Unattached Elastic IPs: the headline

Paying for addresses that connect to nothing

AWS charges for public internet addresses — both the ones in active use and, the focus here, the ones left allocated to the account but attached to nothing. Each orphaned address is a few dollars a month forever; at organisation scale the aggregate becomes a recurring drag from infrastructure that was decommissioned but never fully cleaned up.

This is a hygiene signal more than a cost story. A handful of stranded addresses says cleanup isn't closing the loop after resources are deleted — the same discipline gap that produces larger waste elsewhere. The fix is low-risk reclamation plus a convention that addresses are released when the thing they served goes away.

A short read on a small but stubborn category of cloud waste, written for the exec who wants the headline and the one question to ask. You'll get the framing, what the number signals about cleanup discipline, and what "good" looks like at an org level — no commands, no internals.

Fun fact

The day every IPv4 address got a price tag

What it looks like when the org gets this right

At one company the quarterly cloud review carried a line that nobody could quite explain: a public-IP charge that had appeared after the 2024 pricing change and kept inching up. The exec sponsor stopped asking what it cost and started asking the better question: "How many of these addresses are attached to nothing, and why don't we hand them back when we delete the thing they served?"

Within a quarter the line stopped growing. The team adopted a simple rule — when a workload is decommissioned, its address is released as part of the same change — and added the orphan count to the standing report. The residual settled at a handful of deliberately pinned addresses, each with a named owner and a reason. The dollar saving was modest; the point was that the line had become a confidence signal instead of an unexplained creep.

That's the right outcome state. "Zero public IPs" is the wrong goal; "every address we pay for is either attached to something or deliberately pinned with an owner" is the right one. The report stops being a question mark and becomes evidence the cleanup loop works.

Why this is on the report at all

The dollar amount is usually small. It's tracked because its size and trend report on the discipline underneath: a small, flat, fully-tagged residual means cleanup is closing the loop when resources are deleted; a growing orphan count means it isn't, and the same gap almost certainly applies to bigger spend categories that don't surface as cleanly.

There's a second-order angle. A forgotten public address that still resolves in DNS, or one a partner still allowlists, is an audit and security loose end as much as a cost one. So this category sits where cost, security posture, and operational hygiene meet — modest in dollars, useful as a signal, and cheap to keep clean.

The leadership move on this category

The handle for an executive isn't to chase the dollars — it's to set the norms that make the number a non-issue.

1. Require decommission to include cleanup

Retiring a workload should include releasing the addresses and resources it used, as part of the same change. Most of this category exists because cleanup stops at "delete the server" and never reaches the plumbing left behind.

2. Ask for the orphan count and its trend

"How many public addresses are we paying for that aren't attached to anything, and is that number flat?" is a one-minute review item that tells you whether cleanup discipline is working — no technical depth required. Flat and small for three quarters means the hygiene is healthy.

3. Treat IPv6 as a budget topic, not just a tech one

Since IPv4 is now metered per address, sponsoring IPv6 adoption on public-facing and egress paths is a structural cost lever, not a niche engineering preference. It shrinks the whole category over time rather than just the orphan subset.

Quick quiz

Question 1 of 5

The cloud cost pack shows the public-IP orphan count has been flat at a handful for three quarters, each one tagged with an owner and a reason. What's the right read?

Keep learning

Dig deeper into Elastic IP mechanics, the 2024 IPv4 pricing change, and the IPv6 path that shrinks the whole category.

That's the lesson. Two takeaways: AWS now charges for public addresses whether they're in use or not, and the orphan count — addresses attached to nothing — is a cleanup-discipline signal, not a headline cost. The leadership question is about whether decommissioning closes the loop, and whether IPv6 is on the roadmap.

Back to the library

Part of the learning path Kill idle waste

Release unattached Elastic IPs

Unattached Elastic IPs: the basics

The day every IPv4 address got a price tag

Reclaiming stranded Elastic IPs in action

Elastic IP billing under the hooddeep dive

What is the impact of unattached Elastic IPs?

How do you release unattached Elastic IPs safely?

1. Inventory every unassociated address across regions and accounts

2. Check for off-platform references before touching anything

3. Release the confirmed orphans by allocation ID

4. Prevent recurrence with conventions and IPv6

Quick quiz

Keep learning

Unattached Elastic IPs: what it means for the bill

The day every IPv4 address got a price tag

How a finance partner closes the loop

Why this matters to the budget, not just the bill

What finance can actually do about this

1. Report the count, not just the dollar

2. Separate waste from structural cost

3. Make decommission-includes-release the rule

4. Treat the trend as the metric

Quick quiz

Keep learning

Unattached Elastic IPs: the headline

The day every IPv4 address got a price tag

What it looks like when the org gets this right

Why this is on the report at all

The leadership move on this category

1. Require decommission to include cleanup

2. Ask for the orphan count and its trend

3. Treat IPv6 as a budget topic, not just a tech one

Quick quiz

Keep learning

Related cost lessons