Unable to Remove Locked Unused Elastic IPs


When running the fixer to Remove unused Elastic IP addresses in Cloudfix, you might receive an automated email from CloudFix like the one below saying that the IP "could not be released because it's locked."

This Knowledge Base Article will explain why this error occurs and provide guidance on how to handle it.


Why this error occurs?

This error occurs when an Elastic IP (EIP) is locked to your account. EIPs may be locked due to two main reasons:

  1. Someone specifically requested the EIP to be locked or the EIP has been part of a transfer.
  2. The EIP has a custom reverse DNS (rDNS) set to it.

How to handle the error?

Unfortunately, when EIPs are locked due to the two above reasons, they cannot be released programmatically or manually without contacting AWS support. Additionally, there's no current way to confirm whether an EIP is locked through AWS SDK or CLI without actually trying to release it, so CloudFix cannot identify this situation before it happens.

Therefore, when an unused EIP that CloudFix is trying to remove is locked, it will generate an email like the above communicating the reason for the failure. This way, you are made aware of the issue in a timely manner and can take necessary actions accordingly.

When this particular error occurs, you will need to work with AWS support to:

  1. Determine the reason for the EIP lock
  2. Remove the lock if you want Cloudfix to clean up these IPs


While Cloudfix can identify unused EIPs, it can't automatically deal with EIPs that are locked to an account. In these cases, manual intervention is required to unlock the EIP through AWS Support.




Article is closed for comments.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request