How can the Administrator identify who is creating the Elastic IP address?

By:
In: SOA-C01
Tagged:
With: 1 Comment
A SysOps Administrator noticed that a large number of Elastic IP addresses are being created on the company’s AWS account., but they are not being associated with Amazon EC2 instances, and are incurring Elastic IP address charges in the monthly bill.

How can the Administrator identify who is creating the Elastic IP address?

Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the Developer who creates it.

Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.

Create a CloudWatch alarm on the EIPCreated metric and send an Amazon SNS notification when the alarm triggers.

Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.

Explanations:

Cost-allocation tags cannot be dynamically applied to existing Elastic IPs, and this option won’t help identify who created them directly.

AWS CloudTrail logs can capture detailed API activity, including Elastic IP creation events. Using Amazon Athena to query these logs can help identify the IAM user responsible.

CloudWatch alarms can track specific metrics, but there is no built-in EIPCreated metric for triggering alarms. This option won’t effectively identify the creator.

Amazon Inspector does not track Elastic IP creation events. It’s a security assessment service, not for resource creation tracking.

2025-09-28

1 Comment

  1. James
    Author

    I map out that the answer is:
    Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.

Leave a Reply

Your email address will not be published. Required fields are marked *

5 − 4 =