Analyze Elastic IP utilization historical past utilizing Amazon Athena and AWS CloudTrail

An AWS Elastic IP (EIP) address is a static, public, and distinctive IPv4 deal with. Allotted completely to your AWS account, the EIP stays underneath your management till you determine to launch it. It may be allotted to your Amazon Elastic Compute Cloud (Amazon EC2) occasion or different AWS sources corresponding to load balancers.

EIP addresses are designed for dynamic cloud computing as a result of they are often re-mapped to a different occasion to masks any disruptions. These EIPs are additionally used for purposes that should make exterior requests to companies that require a constant deal with for enable listed inbound connections. As your software utilization varies, these EIPs would possibly see sporadic use over weeks and even months, resulting in potential accumulation of unused EIPs which will inadvertently inflate your AWS expenditure.

On this publish, we present you how you can analyze EIP utilization historical past utilizing AWS CloudTrail and Amazon Athena to have a greater perception of your EIP utilization sample in your AWS account. You should use this resolution usually as a part of your cost-optimization efforts to soundly take away unused EIPs to scale back your prices.

Resolution overview

This resolution makes use of exercise logs from CloudTrail and the ability of Athena to conduct a complete evaluation of historic EIP attachment exercise inside your AWS account. CloudTrail, a essential AWS service, meticulously logs API exercise inside an AWS account.

Athena is an interactive question service that simplifies information evaluation in Amazon Simple Storage Service (Amazon S3) utilizing commonplace SQL. It’s a serverless service, eliminating the necessity for infrastructure administration and costing you just for the queries you run.

By extracting detailed info from CloudTrail and querying it utilizing Athena, this resolution streamlines the method of knowledge assortment, evaluation, and reporting of EIP utilization inside an AWS account.

To collect EIP utilization reporting, this resolution compares snapshots of the present EIPs, specializing in their most up-to-date attachment inside a customizable 3-month interval. It then determines the frequency of EIP attachments to sources. An attachment rely better than zero means that the EIPs are actively in use. In distinction, an attachment rely of zero signifies that these EIPs are idle and will be launched, aiding in figuring out potential areas for value discount.

Within the following sections, we present you how you can deploy the answer utilizing AWS CloudFormation after which run an evaluation.

Stipulations

Full the next prerequisite steps:

1. In case your account doesn’t have CloudTrail enabled, create a trail, then seize the S3 bucket identify to make use of later within the implementation steps.
2. Obtain the CloudFormation template from the repository. You want this template.yaml file for the implementation steps.

Deploy the answer

On this part, you utilize AWS CloudFormation to create the required sources. AWS CloudFormation is a service that helps you mannequin and arrange your AWS sources so to spend much less time managing these sources and extra time focusing in your purposes that run in AWS.

The CloudFormation template creates Athena views and a desk to go looking previous AssociateAddress occasions in CloudTrail, an AWS Lambda perform to gather snapshots of current EIPs, and an S3 bucket to retailer the evaluation outcomes.

Full the next steps:

1. On the AWS CloudFormation console, select on Create stack and select With new sources (commonplace).
2. Within the Specify Template part, select an current template and add the template.yaml file downloaded from the stipulations.
3. Within the Specify stack particulars part, enter your most well-liked stack identify and the prevailing CloudTrail S3 location, and preserve the default settings for the opposite parameters.
4. On the backside of the Evaluate and create web page, choose the acknowledgement examine field, then select Submit.

Anticipate the stack to be created. It ought to take a couple of minutes to finish. You possibly can open the AWS CloudFormation console to view the stack creation course of.

Run an evaluation

You might have configured the answer to run your EIP attachments evaluation. Full the next steps to research your EIP attachment historical past. When you’re utilizing Athena for the primary time in your account, that you must arrange a query result location in Amazon S3.

1. On the Athena console, navigate to the question editor.
2. For Database, select default.
3. Enter the next question and select Run question:

choose 
eip.publicip,
eip.allocationid,
eip.area,
eip.accountid,
eip.associationid, 
eip.PublicIpv4Pool,
max(associate_ip_event.eventtime) as latest_attachment,
rely(associate_ip_event.associationid) as attachmentCount
from eip LEFT JOIN associate_ip_event on associate_ip_event.allocationid = eip.allocationid 
group by 1,2,3,4,5,6

All of the required tables are created underneath the default database.

Now you can run a question on the CloudTrail logs to look again in time for the EIP attachment. This question supplies you with higher perception to soundly launch idle EIPs in an effort to cut back prices by displaying how continuously every particular EIP was beforehand hooked up to any sources.

This report will present the next info:

• Public IP
• Allocation ID (the ID that AWS assigns to characterize the allocation of the EIP deal with to be used with situations in a VPC)
• Area
• Account ID
• latest_attachment date (the final time EIP was hooked up to a useful resource)
• attachmentCount (variety of attachments)
• The affiliation ID for the deal with (if this area is empty, the EIP is idle and never hooked up to any sources)

The next screenshot reveals the question outcomes.

Clear up

To optimize value, clear up the sources you deployed for this publish by finishing the next steps:

1. Delete the contents in your S3 buckets (eip-analyzer-eipsnapshot-* and eip-analyzer-athenaresulteipanalyzer-*).
2. Delete the S3 buckets.
3. On the AWS CloudFormation console, delete the stack you created.

Conclusion

This publish demonstrated how one can analyze Elastic IP utilization historical past to have a greater perception of EIP attachment patterns utilizing Athena and CloudTrail. Try the GitHub repo to usually run this evaluation as a part of your cost-optimization technique to determine and launch inactive EIPs to scale back prices.

You may as well use Athena to research logs from different AWS companies; for extra info, see Querying AWS service logs.

Moreover, you may analyze exercise logs with AWS CloudTrail Lake and Amazon Athena. AWS CloudTrail Lake is a managed information lake that permits organizations to combination, immutably retailer, and question occasions recorded by CloudTrail for auditing, safety investigation, and operational troubleshooting. AWS CloudTrail Lake helps the gathering of occasions from a number of AWS areas and AWS accounts. For CloudTrail Lake, you pay for information ingestion, retention, and evaluation. Seek advice from AWS CloudTrail Lake pricing page for pricing particulars.

Concerning the Writer

Aidin Khosrowshahi is a Senior Technical Account Supervisor with Amazon Internet Providers primarily based out of San Francisco. He focuses on reliability, optimization, and enhancing operational mechanisms together with his prospects.