Updated on 2025-08-25 GMT+08:00

Idle EIP Check

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

eip-unbound-check

Identifier

Idle EIP Check

Description

If an EIP has not been bound to any resource, this EIP is non-compliant.

Tag

vpc

Trigger Type

Configuration change

Filter Type

vpc.publicips

Rule Parameters

None

Application Scenarios

The EIP service provides independent public IP addresses and public outbound bandwidth. An EIP can be bound to or unbound from resources such as ECSs, BMSs, virtual IP addresses, ELBs, and NAT gateways. Idle EIPs may cause the following problems:

  • Unnecessary expenses: Idle EIPs are still billed, causing increased expenses.
  • Exposure risk: Idle EIPs may be maliciously bound, increasing the possibility of being attacked.
  • Resource confusion: Idle EIPs increase the management difficulty.

Solution

If an EIP is still required, bind it to a resource. For details, see Binding or Unbinding an EIP.

If an EIP is no longer used, release it. For details, see Releasing or Unsubscribing From an EIP.

Rule Logic

  • If an EIP is not bound to any resource, this EIP is non-compliant.
  • If an EIP is bound to a resource, this EIP is compliant.