Why can't I disassociate or release my Elastic IP address from my EC2 instance?

Short description

If the Elastic IP address is locked, then AWS CloudTrail shows the following error when you run a ReleaseAddress API call:

"The address [IP address] with allocation id [eipalloc-****] cannot be released because it is locked to your account. Please contact AWS Support to unlock it. You won't be able to release the Elastic IP if it is locked to your account."

You might lock your Elastic IP address to your account to avoid accidental release. Or, the Elastic IP address might lock during Reverse Domain Name System (rDNS) configuration. The Elastic IP address locks to your account for as long as the rDNS record exists.

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Check whether you set rDNS for the Elastic IP address

Use SSH to connect to the instance, and then run the following command to check the Elastic IP address domain:

host 000.0.000.0

Note: Replace 000.0.000.0 with your Elastic IP address.

If your Elastic IP address has rDNS set, then the preceding command returns the domain that's set for this Elastic IP address. Example output:

$ IP 000.0.000.0.in-addr.arpa. domain-name-pointer mail.domain.com

Reset the rDNS record

Use one of the following methods to reset the rDNS record.

Note: It's a best practice to use the Amazon EC2 console to remove the rDNS entry.

Use the Amazon EC2 console

Complete the following steps:

1. Open the Amazon EC2 console.
2. In the navigation pane, choose Elastic IPs.
3. Select the Elastic IP address, and then choose Actions.
4. Select Update reverse DNS.
5. For Reverse DNS domain name, clear the domain name.
6. Enter update to confirm.
7. Choose Update.

Use the AWS CLI

To remove a reverse DNS record, run the following reset-address-attribute command:

aws ec2 reset-address-attribute --allocation-id eipalloc-abcdef01234567890 --attribute domain-name

Note: Replace eipalloc-abcdef01234567890 with your Elastic IP address and domain-name with your domain name.

Contact AWS Support

If you can't remove the rDNS with the Amazon EC2 console or the AWS CLI, then submit a request to AWS Support. Complete the following steps:

1. Open the Request to remove email sending limitations form.
2. Enter the following information:
   For Email address, enter your email address.
   For Use case description, enter the reason that you requested rDNS removal.
   For Elastic IP address, enter list of your Elastic IP addresses.
   (Optional) For Reverse DNS record, enter the rDNS name associated with the Elastic IP address.
   For Reverse DNS Record for EIP 1, enter please remove rDNS.
   Keep Reverse DNS Record for EIP 2 blank.
3. Choose Submit.

Note: rDNS removal might take a few days to propagate through the system.

Release the Elastic IP address

Complete the following steps:

1. After you receive confirmation of rDNS removal, run the following command to verify the removal:

   host 000.0.000.0

   Note: Replace 000.0.000.0 with your Elastic IP address.
   Example output:

   $ 000.0.000.0.in-addr.arpa. domain-name-pointer ec2-00-000-00-000.us-west-2.compute.amazonaws.com.

2. Open the Amazon EC2 console.

3. In the navigation pane, choose Elastic IPs.

4. Select the Elastic IP address, and then choose Actions.

5. Select Release addresses.

6. Choose Release.

If you still can't release the Elastic IP address, then create a support case to unlock your Elastic IP address.

Related information

Configurable Reverse DNS for Amazon EC2 Elastic IP addresses