Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I find the resource that currently owns an unknown IP address in my Amazon VPC?

3 minute read
3

I want to identify the resource that currently owns an IP address in my Amazon Virtual Private Cloud (Amazon VPC).

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

To identify a resource that owns an IP address in your Amazon VPC, use one of the following methods:

  • Find the elastic network interface that owns the IP address.
  • Use VPC Flow Logs, the ip-ranges.json list, or Amazon VPC IP Address Manager (IPAM) to check whether a public IP address is from an AWS owned resource.

Find the network interface that owns the IP address

To find the network interface that owns the IP address, you can use the Amazon Elastic Compute Cloud (Amazon EC2) console or the AWS CLI .

Use the Amazon EC2 console

  1. Open the Amazon EC2 console.
  2. In the navigation pane, choose Network Interfaces.
  3. Choose Add filter, and then choose one of the following options on the menu: 
    For a private IP address, choose Primary private IPv4 address.
    For a public IP address, choose Public IPv4 address.
  4. In the search box, enter the IP address. 
    Note: The network interfaces that meet your search criteria dynamically appear.
  5. In the Description column, locate the network interface that corresponds with the IP address.

AWS CLI

Run the describe-network-interfaces command:

aws ec2 describe-network-interfaces --region example-region --filters Name=addresses.private-ip-address,Values=example-unknown-IP

Note: Replace example-region with your AWS Region and example-unknown-IP with the IP address.

Check whether a public IP address is from a resource that AWS owns

You can use VPC Flow Logs, the ip-ranges.json list, or IPAM to check whether a public IP address is from an AWS owned resource.

VPC Flow Logs

Create a VPC flow log. For Log record format, choose Custom format and then select pkt-src-aws-service and pkt-dst-aws-service. For information about the required permissions to publish flow logs, see AWS Identity and Access Management (IAM) role for publishing flow logs to CloudWatch Logs.

Then, review your flow log records for the IP address in the pkt-src-aws-service and pkt-dst-aws-service fields. For more information, see Available fields.

If the IP address isn't currently in your VPC, then see How do I find an IP address that's not in my Amazon VPC but is in my logs?

ip-ranges.json list

Review the ip-ranges.json file for the IP address. To refine your search, you can use the ip_prefix, region, and service filters.

IPAM

Use the IPAM console to view the history of the IP address.

Or, you can run the get-ipam-address-history command:

aws ec2 get-ipam-address-history \  
--cidr example-cidr \  
--ipam-scope-id example-ipam-scope-id \  
--region example-region

Note: Replace example-cidr with the CIDR that contains the IP address, example-ipam-scope-id with the ID of the IPAM scope that includes the CIDR, and example-region with your Region.

Topics
Networking & Content Delivery
Tags
Amazon VPC
Language
English
AWS OFFICIALUpdated 9 months ago
No comments

Relevant content