I found unknown IP addresses in my Amazon Virtual Private Cloud (Amazon VPC) flow logs or firewall logs. The unknown IP addresses aren't assigned to an instance.
Resolution
Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you're using the most recent AWS CLI version.
Several resources can create elastic network interfaces in your Amazon VPC. Complete the following steps to find the network interface that owns an IP address:
- Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
- In the navigation pane, choose Network Interfaces.
- In the search box, choose the following:
If you're looking for a private IP address, then choose Primary private IPv4 address.
If you're looking for a public IP address, then choose Public IPv4 address.
- Enter the IP address that you're looking for in the search box. The network interfaces that meet your search criteria appear.
Note: You can also enter the IP address into the search box without selecting a filter.
- In Description, locate the network interface to identify the resource that owns it.
Or, use the AWS CLI to find the network interface that owns an IP address:
aws ec2 describe-network-interfaces --filters "Name=addresses.private-ip-address,Values=IPv4 address"
Confirm that you set the correct AWS Region in the configuration. Otherwise, manually specify the Region with the --region parameter.
Note: Replace IPv4 address with the IP address that you're investigating.
Related information
describe-network-interfaces