I receive an error stating "address with allocation id [eipalloc-****] cannot be released because it is locked to your account" when releasing my Elastic IP address from my Amazon Elastic Compute Cloud (Amazon EC2) instance.
If the Elastic IP address is locked, then AWS CloudTrail shows the following error when running ReleaseAddress API calls:
"The address [IP address] with allocation id [eipalloc-****] cannot be released because it is locked to your account. Please contact AWS Support to unlock it. You won't be able to release the Elastic IP if it is locked to your account".
You might lock your Elastic IP address to your account to avoid accidental release. Or, the Elastic IP address might lock during Reverse Domain Name System (rDNS) configuration. The Elastic IP address locks to your account for as long as the rDNS record exists.
Confirm that rDNS is set for the Elastic IP address
Connect to the instance using SSH and then run the following command. In the following command, replace 000.0.000.0 with your Elastic IP address.
$ host 000.0.000.0
If your Elastic IP address has rDNS set, then the preceding command returns the domain that's set for this Elastic IP address. The following is example command output:
$ IP 000.0.000.0.in-addr.arpa. domain-name-pointer mail.domain.com
Reset the rDNS record
Use one of the following methods to reset the rDNS record:
Use the Amazon EC2 console
Note: It's a best practice to remove the rDNS entry using the Amazon EC2 console.
1. Open the Amazon EC2 console.
2. Under Network & Security, select Elastic IPs.
3. Choose the Elastic IP address, and then select Actions, Update reverse DNS.
4. For Reverse DNS domain name, clear the domain name.
5. Enter update to confirm.
6. Select Update.
Use the AWS Command Line Interface (AWS CLI)
To remove a reverse DNS record using the AWS CLI, use the reset-address-attribute command as shown in the following example:
aws ec2 reset-address-attribute --allocation-id value --attribute value
Example command for Linux and Windows:
aws ec2 reset-address-attribute --allocation-id eipalloc-abcdef01234567890 --attribute domain-name
Note: If you receive errors when running AWS CLI commands, make sure that you're using the most recent version of the AWS CLI.
Contact AWS Support
If you can't remove the request using the Amazon EC2 console or the AWS CLI, then submit a request to AWS Support.
1. Open the Request to remove email sending limitations form.
2. Complete the form using the following information:
Email Address: Your email address.
Use Case Description: Your specific use case for requesting rDNS removal.
Elastic IP address: A list of your Elastic IP addresses.
Reverse DNS record: This field is optional.
Reverse DNS Record for EIP 1: Enter please remove rDNS.
Reverse DNS Record for EIP 2: Leave blank.
3. Select Submit.
Note: rDNS removal might take a few days to propagate through the system.
Release the Elastic IP address
1. After you receive confirmation of the rDNS removal, run the host command for your IP address to verify removal. In the following example command, replace 000.0.000.0 with your IP address.
$ host 000.0.000.0
This command returns output that's similar to the following example:
$ 000.0.000.0.in-addr.arpa. domain-name-pointer ec2-00-000-00-000.us-west-2.compute.amazonaws.com.
2. Open the Amazon EC2 console, and then choose Elastic IPs from the navigation pane.
3. Choose the Elastic IP address, and then select Actions, Release addresses.
4. Select Release.
Note: If you can't release your Elastic IP address after removing rDNS configuration, then contact AWS Support to unlock your Elastic IP address.
Configurable reverse DNS for Amazon EC2's Elastic IP addresses