Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

RDS Blue/Green Deployment automatically assigns Elastic IP that cannot be removed while keeping Public Access enabled

0

I performed a Blue/Green deployment to change my RDS instance class from t3.small to t4g.small. After the deployment, I noticed that the new RDS instance has an Elastic IP (EIP) automatically assigned with "Service managed: rds".

Problem:

I cannot manually release or disassociate this EIP When I disable Public Access, the EIP is automatically released When I re-enable Public Access, a new EIP is automatically created and associated I need to keep Public Access enabled, but I want to avoid the EIP cost ($0.005/hour)

My previous RDS instance (t3.small) had Public Access enabled but only had a dynamic Public IP, not an Elastic IP. Why does the new instance (t4g.small) automatically get an EIP instead of a dynamic Public IP? Is there any way to use Public Access without an Elastic IP, like before?

++

Could the security group of the RDS instance be affecting this issue?

Topics
ComputeNetworking & Content DeliveryDatabase
Tags
Amazon VPCAmazon RDS for SQL ServerAmazon EC2
Language
English
asked 2 months ago70 views
2 Answers
0

Sidetrack here - but why do you need public IP for a RDS database? You should consider not having it as essentially you database is open. If you really need the RDS to be public, you can consider setting up a public NLB for it.

In you situation, the EIP is managed by RDS, so, you won't be able to do much to avoid the scenario.

EXPERT
answered 2 months ago
  • shkim
    2 months ago

    It was likely set up this way for convenience because the initial design was done in a rush. There are too many dependencies right now, so it is difficult to switch it to Private immediately.

    Unlike my other RDS instances, which get standard public IPs without EIPs, this specific instance oddly generates and assigns its public IP via an EIP.

    Since this EIP is managed by RDS, I am unable to delete it myself. Should I contact AWS support?

0

Hey,

Hope you're keeping well.

When you switch to certain newer RDS instance families like t4g, AWS now uses Amazon VPC IP Address Manager (IPAM) backed service-managed EIPs for public endpoints rather than assigning dynamic public IPs. This change ensures stable connectivity and DNS resolution during maintenance or failovers, but it also means you’ll incur EIP charges if the instance is publicly accessible. There’s no way to force RDS to revert to dynamic public IPs on these newer families, so the only way to avoid the cost is to disable public access and connect via a bastion host, VPN, or a public-facing load balancer.

Thanks and regards,
Taz

answered a month ago
  • shkim
    a month ago

    Hi Taz,

    Thank you for the detailed explanation.

    Could you please share any official AWS documentation or articles that mention this change? I would appreciate having an official reference.

    Best regards, shkim

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content