Unveiling the AWS Public IP Puzzle: Solvo’s Query and Cost-Saving Tips
2024-1-31 17:21:25 Author: securityboulevard.com(查看原文) 阅读量:4 收藏

As we all heard back in July 2023, as of February 1st, 2024 AWS will start charging for public IPv4 addresses. The pricing is per resource, per hour. Meaning that for every EC2 you own, that works 24/7, you’ll pay an additional $3.6 a month. While this may not sound a lot, we came to realize that many AWS customers are unaware of the number of public IP addresses they actually consume. These can easily add up to an additional hundreds or thousands of dollars every month.

Public IP Address Type

While the Solvo platform’s main use is for security purposes, you can use it for Ops-related tasks. For example, look for entities with public IP addresses, to make sure you’re aware of your usage, terminate unnecessary instances, or block their internet access and public IP assignment.

Below is a Solvo customized query that checks for assignments of public IP addresses to popular resources. We are sharing this query so that even if you’re not a Solvo customer, you can use its logic and run an analysis on your environment. Solvo users can run this query in the compliance query builder as a one-off or add it to one of their bundles for continuous validation. Please note that we will flag all resources with a public IP address. Some of them probably have that configuration rightfully. Don’t forget to exclude these resources so we will not flag them later on, and only newly assigned resources or previously unfixed resources will appear.

package Solvo
import future.keywords

get_description(eni) := description {
	eni.Description != null
	description := eni.Description
}

get_description(eni) := description {
	eni.Description == null
	description := eni.Attachment.InstanceId
}


noncompliant_entities [item] {
	eni := data.awsEc2NetworkInterfaces[_]
  eni.Association
  eni.Association.PublicIp != null
	item = {"Id": eni.Id, "Region": eni.Region, "PublicIP": eni.Association.PublicIp,  "Description": get_description(eni)}
}


results := noncompliant_entities

OK, I found all my assets with a public IP address, what’s next?

Here are a few steps you should consider, based on your needs and architecture:

  1. Start by removing unnecessary public IP addresses from assets that don’t need public access
  2. Move to IPv6 at no additional cost (for now 🤭)
  3. Use middleware like NATGW or Firewall and only assign a public IP address to them

If you’re not a Solvo user but still want to inspect your environment and make sure there are no surprises with the AWS February bill, you can use Solvo’s free trial and run the suggested query. To start your free trial click here.

The post Unveiling the AWS Public IP Puzzle: Solvo’s Query and Cost-Saving Tips appeared first on Solvo.

*** This is a Security Bloggers Network syndicated blog from Solvo authored by Team Solvo. Read the original post at: https://www.solvo.cloud/blog/unveiling-the-aws-public-ip-puzzle-solvos-query-and-cost-saving-tips/


文章来源: https://securityboulevard.com/2024/01/unveiling-the-aws-public-ip-puzzle-solvos-query-and-cost-saving-tips/
如有侵权请联系:admin#unsafe.sh