Elastic IP: A Static Public IP
When you launch an EC2 (Elastic Compute Cloud, AWS’s virtual servers) instance with a normal public IP, that address is temporary. Stop and start the instance and AWS gives you a brand-new public IP, which breaks anything that was pointing at the old one. An Elastic IP (a permanent public IPv4 address that you own and control) solves this: you allocate it once, attach it to an instance, and it stays the same until you decide to release it. This page shows how to allocate, associate, and — importantly — clean up an Elastic IP so it does not quietly cost you money.
What an Elastic IP actually is
An Elastic IP (EIP) is a static public IPv4 address that belongs to your AWS account, not to any single instance. You can detach it from one instance and re-attach it to another in seconds. That “remap” ability is the whole point: if an instance fails, you can move its public address to a healthy replacement without changing any DNS (Domain Name System, the system that maps names to IP addresses) or telling clients a new address.
Technically the EIP is associated with a network interface, called an ENI (Elastic Network Interface). Most of the time you attach it directly to an instance and AWS handles the ENI for you. Behind the scenes, the EIP maps to the instance’s private IP via a one-to-one NAT (Network Address Translation).
When to use one — and when not to
The honest answer in 2026 is: you usually do not need an Elastic IP. Most production traffic should arrive through a load balancer or a DNS name, not a fixed IP pinned to one box.
| Need | Better option | Use an Elastic IP? |
|---|---|---|
| Public website or API | Application Load Balancer + Route 53 DNS | No |
| Failover between instances | Re-associate the EIP, or use an ALB | Sometimes |
| A third party allow-lists your IP (firewall, payment gateway, SFTP partner) | Elastic IP (a fixed, predictable address) | Yes |
| Outbound internet from private subnets | NAT Gateway (managed) | No |
| Dev/test box you SSH into often | A DNS name, or just the auto-assigned IP | Rarely |
Tip: If your reason is “I want a stable name to connect to,” use a Route 53 DNS record instead of an EIP. DNS is more flexible and avoids the per-IP charge described below.
Allocate and associate an Elastic IP
There are two steps: allocate (reserve an address into your account) and associate (attach it to an instance or ENI).
Using the AWS Management Console
- Open the EC2 console and choose Network & Security → Elastic IPs in the left menu.
- Click Allocate Elastic IP address.
- Leave Amazon’s pool of IPv4 addresses selected (unless you brought your own IP range), then click Allocate.
- Select the new address in the list, then choose Actions → Associate Elastic IP address.
- Set Resource type to Instance, pick your instance (for example
i-0a1b2c3d4e5f), and click Associate.
The instance now answers on that fixed address.
Using the AWS CLI
First allocate the address. This reserves it and returns an allocation ID.
aws ec2 allocate-address --domain vpcOutput:
{
"PublicIp": "52.10.20.30",
"AllocationId": "eipalloc-0a1b2c3d",
"PublicIpv4Pool": "amazon",
"NetworkBorderGroup": "us-east-1",
"Domain": "vpc"
}Now associate it with your instance using the allocation ID:
aws ec2 associate-address \
--instance-id i-0a1b2c3d4e5f \
--allocation-id eipalloc-0a1b2c3dOutput:
{
"AssociationId": "eipassoc-0a1b2c3d"
}Your instance is now reachable at 52.10.20.30, and that address survives a stop/start.
Infrastructure as Code
If you manage infrastructure with Terraform, the same two steps look like this:
resource "aws_eip" "web" {
domain = "vpc"
instance = aws_instance.web.id
}CloudFormation is equally short:
WebEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId: !Ref WebInstanceThe cost gotcha you must know
This is the part most tutorials skip. AWS charges an hourly fee for every public IPv4 address — including all Elastic IPs, attached or not. The change took effect in February 2024, and there is no longer a “free if attached” rule.
As of 2026 the charge is about $0.005 per hour per public IPv4 address, which is roughly $3.60 per month each. That applies to:
- An Elastic IP attached to a running instance.
- An Elastic IP sitting unused in your account (this used to be the only one billed — now everything is).
- Auto-assigned public IPv4 addresses on instances too.
So an EIP you allocated for a long-gone project keeps billing silently. Multiply that across a team and it adds up.
Warning: Releasing an Elastic IP gives the address back to AWS permanently — you will almost certainly get a different IP next time. If a partner has allow-listed it, do not release it. For everything else, release what you do not use.
Cleaning up
To find Elastic IPs that are not attached to anything:
aws ec2 describe-addresses \
--query 'Addresses[?AssociationId==`null`].[PublicIp,AllocationId]' \
--output tableOutput:
-------------------------------------
| DescribeAddresses |
+----------------+------------------+
| 52.10.20.30 | eipalloc-0a1b2c3d|
+----------------+------------------+Release one you no longer need:
aws ec2 release-address --allocation-id eipalloc-0a1b2c3dThis command prints no output on success. In the console, the equivalent is Select the address → Actions → Release Elastic IP addresses → Release.
Best practices
- Prefer a load balancer (ALB/NLB) plus a Route 53 DNS name over pinning an Elastic IP to a single instance — it scales and fails over better.
- Allocate an Elastic IP only when something genuinely requires a fixed, allow-listed IP that survives stop/start.
- Tag every Elastic IP with an owner and purpose so you know later why it exists; use
aws ec2 create-tagson the allocation ID. - Audit unattached Elastic IPs regularly with
describe-addressesand release the ones nothing uses — each one costs roughly $3.60/month. - Never release an IP that a third party has allow-listed; you will not get the same address back.
- For outbound-only internet access from private subnets, use a NAT Gateway rather than parking an EIP on every box.