- Newest
- Most votes
- Most comments
There is an useful tool for Public IP insights shows you all public IPv4 addresses.
Could you please try to use the tool, Amazon VPC IP Address Manager?
This is a hypothesis, so please verify it. When you create an Elastic Network Interface (ENI) in AWS, the public IP address might be associated with an Elastic IP (EIP). If you delete the ENI, the EIP could still be linked to your VPN client endpoint. You should check if any public IP addresses associated with your VPN client endpoint match your Elastic IP. If they do, consider deleting the Elastic IP to avoid potential charges.
Sources:
Those public IP addresses are not Elastic IP addresses. I'm trying to understand when a Client VPN endpoint is created, how does it manage the public ip address? When will it create a new eni and the associated public ip address? I couldn't find it from the Client VPN Endpoint document (https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html).
- A1: The Client VPN endpoint itself does not have a public IP address. Instead, it relies on ENIs that are created for each client connection. If the subnet in which the ENI is created is a public subnet, then the ENI can be assigned a public IP address from the VPC's pool of public IP addresses.
- A2: A new ENI is created for each new client connection to the Client VPN endpoint. This ENI is created in the subnet associated with the Client VPN endpoint's target network. If the subnet is a public subnet, then the ENI will be assigned a public IP address. This public IP address is used to route traffic between the client and the VPN endpoint over the internet. It's important to note that the creation of a new ENI and a public IP address is tied to client connections, not the creation of the VPN endpoint itself.
Thank you, Osvaldo. That seems to be the reason. However, our client VPN endpoint's target network association is to the private subnets. We do have public subnets corresponding to the private subnets. So I guess it still assigns a public IP address when it creates an ENI. If this is the case, is there a way to set the ENI's 'Delete on termination' to true? Basically a way to automatically delete the Public ip address when we disconnect from the Client VPN endpoint?
Relevant content
- asked 5 years ago
- asked 2 years ago
- asked 6 hours ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
I'm using this tool but still unable to confirm which public ip addresses associated with the Client VPN endpoint are not in use so that we can delete them.