IT Knowledgebase
< All Topics
Print

How to reduce the cost for AWS public IP?

AWS recently announced a price increase for Public IPs (IPv4) resources.

Before February 1, 2024, AWS charged customers for Public IPs only when an Elastic (static) IP was not associated with a running EC2 instance or an instance with multiple Elastic IPs.

After this date, every resource with a Public IP: NAT Gateway, EC2 Instance, Load balancer, VPN etc., would cost an extra $0.005/Hour ($3.65/Month).

What is a Public IP?

A Public IP refers to an IP address (for example, 52.52.52.52) that anyone on the internet can access. There are two protocols: IPv4 and IPv6.

Here are a few examples:

Public IP address (IPv4): 52.52.52.52

Private IP address (IPv4): 10.0.0.50 (not accessible from the public internet)

Public IP address (IPv6): 2600:1f69:8000:0000:0000:0000:0000:0001

AWS Supports IPv4 and IPv6, but IPv4 can’t communicate with IPv6 addresses.

When I create an EC2 instance, based on my VPC (Virtual Private Cloud) subnet settings, AWS will assign one of the following configurations:

  • A private IPv4 address.
  • A private and public (ephemeral) IPv4 address (default setting).
  • A private and public (ephemeral) IPv4 address with a public (static) IPv6 address.
  • A public (static) IPv6 address.

Ephemeral IP addresses are assigned automatically for VPC components such as EC2 instances. These IPv4 addresses can change and are relatively non-deterministic, hence ‘ephemeral.’

Why has AWS started charging for IP addresses?

Since the Internet was launched, the Internet has been connected via IPv4 addresses. Nowadays, the entire range of possible IPv4 addresses, 3.7 billion IPs, have already been assigned to Internet service providers (ISP), companies and associations. In 2012, IPv6 was launched, which should replace IPv4 and provide a much larger address range, 340 trillion.

AWS already has 136.6 Million IP addresses, and as more and more new customers migrate to AWS platform, AWS must ensure that it matches the demand.

But there are no more allocations of IPs. AWS can only purchase IP addresses in the open market; over the years, the cost of IP addresses increased dramatically. Here is a graph that shows the price per IP from IPv4.global which acts as an auctioneer for the IPv4 address polls.

Therefore, to encourage AWS customers to reduce the use of public IP addresses, AWS has decided to charge for using a public IP address.

What’s the cost impact on your AWS Invoice

The monthly cost of each resource with a public IP address will increase by $3.65.

DoiT, an AWS Premier Partner with more than $1.5B in cloud spending under management, helps thousands of customers worldwide to solve complex cloud challenges, saving them time and money. After checking the average impact for DoiT customers, and this price update will result in an average 2.6% increase in the monthly bill. We have developed best practices to minimize the price increase for our customers.

Find out the impact on your AWS Account

To help customers review their current Public IP address usage at the account level, AWS released a new feature called “Public IP Insights” in the AWS Console.

Public IP Insights displays graphs with the current usage of Public IPs and contains a table with the list of all the IPs and where it’s being used. The data is at the account level and only for the region you are querying.

To calculate the cost increase, multiply the number of Public IPs, in this example 137 by the hourly cost of a public IP: $0.005 and multiply by the number of hours in a month: 730 (365 Days / 12 Months)

137 IPs * $0.005 (Hourly fee) * 730 (Hours in month) = $500.05/Month

In February 2024, AWS changed the interface and now you must create a Free Tier IPAM (free of charge) to access Public IP insights.

Find out the impact on your AWS Organization

To evaluate the impact at the AWS Organization level, for all the accounts and regions. AWS provides a free billing dashboard: AWS Cost Explorer.

Using the Cost Explorer, the number of hours Public IP were used in the organization could be extracted. Prior to the price increase (2024–02–01), the cost will be 0. As an example, a calculation of the cost per number of hours follows:

To generate this report, you can access AWS Cost Explorer.

  • Adjust the Date Range to last month.
  • In the Usage Type field, search for Usage Type that contains “PublicIPv4:InUseAddress” and click on Select all and then on the Apply button:

Note: Cost Explorer will display the Usage Type only in regions you operate. Your list may show fewer results.

Note 2: The prefix before the PublicIPv4:InUseAddress states the region prefix name. You can find the full list here.

  • Adjust the Group By Dimension and see the results per AWS Account or Region. In this presentation, I would like to explore the overall cost of this price increase. Set the Dimension to None.

The number of Public IP hours is 201675.28 Hours. I will multiply it by the hourly cost of Public IP: $0.005.

201675.28 Hours * $0.005 (Hourly fee) = $1,008.3764/Month

Extracting the Cost and Usage from AWS Cost and Usage Report (CUR)

If you use the AWS Cost and Usage report (CUR) that includes the resource id, you will see the PublicIPv4:InUseAddress Usage Type associated with any resource with a public IP.

You can see the following example from the CUR:

https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fdatawrapper.dwcdn.net%2FCNCnR%2F1%2F&display_name=Datawrapper&url=https%3A%2F%2Fdatawrapper.dwcdn.net%2FCNCnR%2F1%2F&image=https%3A%2F%2Fdatawrapper.dwcdn.net%2FCNCnR%2Fplain-s.png%3Fv%3D1&key=a19fcc184b9711e1b4764040d3dc5c07&type=text%2Fhtml&schema=dwcdn

The cost is associated with the instance Elastic Network Interface (ENI); the product name is “Amazon Virtual Private Cloud”.

Tagging Public IP costs

When we create an instance, AWS allows us to tag the instance. The tags can filter the costs in AWS Cost Explorer and CUR.

However, since an instance consists of several components (instance, disk, network interface), each component is tagged separately.
The Public IP is charged on the instance’s Elastic network interfaces (network card), so we must start tagging the ENI with the same tags as the instance.

Can I avoid using a Public IP?

Yes, there are a few alternatives that allow you to operate in the cloud without a Public IPv4 address or reduce dramatically the Public IP usage:

Disable Public IPv4 addresses

If your workload (excluding the Load Balancers) doesn’t require access to external resources outside your VPC, like 3rd party API, S3, DynamoDB etc., you can disable assigning public IP for new instances, and rotate your instances. The new instances will be launched without a public IP.

Migrate to IPv6

AWS supports IPv6 and you can create a hybrid environment that supports both IPv6 and IPv4, with this setup you can use Public IPv6 to access the internet and still support IPv4 for ingress traffic from your Load Balancers.

If your environment does not require IPv4 at all, you can use. The IPv6-only subnets solution, at no additional cost.

NAT Gateway with VPC Endpoints

NAT Gateway is a managed service that allows your instances in a private subnet, to connect to external resources from your VPC.

The setup process requires understanding Networking, but the migration process is fast.

Note: NAT Gateway pricing is based on the traffic that passes through the NAT Gateway (In/Out). If your environment communicates a lot of AWS-managed services outside of a VPC, consider using VPC Endpoints.
If the environment communicates a lot with the Internet, an open-source project called AlterNAT can replace NAT Gateway at a much lower cost.

Firewall

Using AWS Marketplace, you can purchase Firewall products from companies like Cisco, CheckPoint, Fortinet, Palo Alto, etc.
This way, you can set up instances that will function as a firewall. All traffic will pass through them and remove the public IP addresses from the servers.

This solution will require network knowledge to implement.

Bring Your Own IP (BYOIP)

If you already have a pool of IP addresses, you can import and use it in your AWS environment. There is no additional cost for using BYOIP.

Summary

In conclusion, although this price increase was a surprise, AWS announced it six months before the price update took effect. With the set of alternative solutions that AWS already provides today, AWS customers have the time to switch to solutions that do not require paying for public IP addresses.

Not doing anything could lead to unexpected costs. Check how much your organization is using IPv4 now to avoid surprise charges in the bill you get in February!

Messenger