Recently, AWS made an important announcement that marks a significant shift in their pricing structure for public IPv4 addresses. Beginning February 1, 2024, a new charge of $0.005 per IP per hour (sounds less, this cost accumulates to $3.6 per month. If you are operating with multiple IPs, this can mount up to a significant expense.) will apply to all public IPv4 addresses, regardless of whether they are attached to a service or not. Prior to this change, AWS only imposed charges for additional (secondary) Elastic IP addresses on running EC2 instances and public IPv4 addresses that you allocate in your account but leave unattached to an EC2 instance. It is critical for AWS customers to grasp the essence of this change and how it will affect their utilization and cost management of AWS services.

Understanding the Types of AWS Public IPv4 Addresses

AWS has classified public IPv4 addresses into four types:

  1. Amazon EC2 Public IPv4 Addresses: AWS resources in a default VPC or auto-assign public IP subnets are automatically assigned public IPv4 addresses from Amazon’s pool. These addresses aren’t tied to your AWS account and are recycled back into Amazon’s pool when an EC2 instance is stopped, hibernated, or terminated. From February 1, 2024, charges will be applicable for all public IPv4 addresses associated with your VPC resources.

  2. Elastic IP Addresses: Elastic IP is a publicly accessible IPv4 address tied to your AWS account, giving you more control over its association with your VPC resources. From February 1, 2024, there will be charges for all Elastic IP addresses in your AWS account, moving away from the previous model of no charge for the first associated Elastic IP.

  3. Service Managed Public IPv4 Addresses: AWS managed services such as Elastic Load Balancers, NAT gateways, and AWS Global Accelerators deployed in your account utilise public IPv4 addresses from Amazon’s pool. Charges will apply for all these managed public IPv4 addresses starting February 1, 2024.

  4. BYOIP Addresses: BYOIP lets you use your own IPv4 addresses on AWS at no cost. With BYOIP, you continue to own your address range and can assign it to AWS services like EC2 instances or NAT gateways free of charge. These addresses can also be used with AWS Global Accelerator with no incurred charges.

Implications for AWS Customers**

  • Increased Cost of Operations: The new charging model means that the cost of operation will increase for those customers who make extensive use of public IPv4 addresses. This is particularly significant for businesses that have a high number of EC2 instances or use Amazon-managed services heavily.

  • Budgeting and Cost Management: With this new charge, AWS users will need to reconsider their cost management strategies. They will have to monitor their public IP address usage closely to avoid unexpected charges.

Public Ip Insights

The Public IP Insights tool, a convenient feature provided by AWS, acts as a beacon amidst the tempest of this new ipv4 pricing. It offers insightful data about how you’re using your public IPv4 addresses, making the process of tracking, analyzing, and auditing your public IP ecosystem a breeze. As we all know, in today’s data-centric business environment, getting a handle on IP usage metrics is vital. This new feature allows you to dive deeper into your IP landscape and truly grasp what’s going on.

But it’s not just about efficiency. Public IP Insights significantly ramps up your security game as well. By leveraging this feature, you can have a clearer vision of your security status, empowering you to put in place the necessary protective steps to keep your cloud services in check and safe. This tool is a valuable addition to any toolbox, ensuring your cloud-based operations remain secure and efficient.

There’s no need for you to create an AWS IPAM (IP Address Management) Resource to leverage this feature.You can directly access Public IP Insights through the Amazon VPC IP Address Manager. Console Link

Best Practices for AWS Services Following New Public IPv4 Address Charges

  1. Amazon EC2

    • Disable Auto-Assignment of Public IPv4 Addresses: Reconsider the auto-assignment of public IPv4 addresses on default subnets. If this isn’t feasible at the subnet level, tweak the auto-assignment settings during instance launch.

    • Leverage Amazon EC2 Instance Connect (EIC) Endpoints: Instead of assigning a public IPv4 address to each EC2 instance for remote access, utilize Amazon EC2 Instance Connect (EIC) Endpoints. It provides secure and manageable access to your instances.

  2. Amazon Elastic Load Balancer and AWS Global Accelerator

    • Optimize Inbound Internet Traffic: Deploy these services for managing inbound internet traffic. They not only boost the availability and performance of your workloads but also help you optimize public IPv4 utilization by acting as single-point receivers of incoming public traffic.
  3. Virtual Private Cloud (VPC)

    • Prioritize Private Subnet Usage: A significant way to optimize public IPv4 address usage is to primarily use private subnets for deploying resources within your VPC. Public IPv4 addresses are not required for resources within a private subnet, as they are not directly reachable from the internet.

    • VPN Access: If you need to access your resources within a private subnet remotely, consider setting up a Virtual Private Network (VPN). A VPN creates a secure tunnel from your network or device to the AWS VPC, allowing access to private subnet resources without needing public IP addresses. AWS offers Managed VPN options to establish a secure and private tunnel from your network or device to the AWS global network.

    • NAT Gateway for Internet Access: If your resources in private subnets need to access the internet, use a NAT Gateway. A NAT Gateway allows instances in a private subnet to connect to the internet or other AWS services, but it prevents the internet from initiating a connection with those instances. This way, you can control internet access for your instances and ensure that inbound traffic is securely managed.

  4. Amazon RDS , Opensearch (Database Family): It’s recommended to place your database instances in a private subnet for enhanced security. By doing this, your database will be accessible only from within your VPC or via a VPN connection, thus eliminating the need for a public IP address.

  5. Cross account Resource Access :

    • VPC Peering: VPC peering allows you to connect two VPCs privately as if they were on the same network. The peered VPCs can be part of different accounts or regions. VPC peering eliminates the need for a public IP or VPN connection between VPCs, reducing public IPv4 address usage. It’s important to remember that VPC peering connections are not transitive; for multiple VPCs to communicate, you need to create individual peering connections between each pair.

    • Transit Gateways: Transit Gateways are a great way to manage cross-account resource access, particularly when you have many VPCs. They act as a hub and allow transitive peering between VPCs, even across different accounts. Transit Gateways can significantly reduce the management complexity and improve network performance. They do this by eliminating the need for full mesh VPC peering, subsequently limiting the need for public IPv4 addresses.

    • AWS Resource Access Manager (RAM): AWS RAM is another service that can facilitate cross-account resource sharing. It enables you to share AWS resources that you own with other accounts in a secure and scalable way. Sharing can be done within your organization or with an external AWS account. By sharing resources like subnets or Transit Gateways, you can eliminate redundant resource creation and reduce the usage of public IPv4 addresses.

In conclusion, this change in AWS’ pricing policy necessitates a shift in the strategies for managing public IPv4 addresses. By considering the tips mentioned above and planning accordingly, AWS customers can mitigate the financial impact of the new charges. As always, effective monitoring, optimization, and cost management will play an essential role in managing your AWS environment.