I want to transfer multiple Elastic IP addresses between AWS accounts in the same AWS Region.
Short description
When you transfer an Elastic IP address, there's a two-step handshake between the source account and transfer account. The source account can be a standard AWS account or an AWS Organizations account. When the source account starts the transfer, the transfer account has 7 days to accept it. Otherwise, the Elastic IP address returns to its original owner.
AWS doesn't inform the transfer account about pending Elastic IP address transfer requests. To facilitate the transfer within the time frame, the source account owner must communicate this request to the transfer account owner.
To transfer multiple Elastic IP addresses at once, use a bash script in Linux.
Note: To transfer a single Elastic IP address between accounts, see How do I transfer an Elastic IP address between AWS accounts in the same Region?
Resolution
Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you're using the most recent version of the AWS CLI.
Transfer the IP addresses (source account owner)
1. Verify that you configured your AWS CLI credentials for the source account. Also, verify that you have AWS Identity and Access Management (IAM) permissions to allow the ec2:DescribeAddresses and ec2:EnableAddressTransfer API calls.
2. Add the Elastic IP addresses to a text file, with one address per line. In the following example bash script, this text file is named eips.txt.
3. Create a bash script that’s similar to the following example, named EIPTransfer.sh:
#! /bin/bash
ARRAY=()
while read line
do
ARRAY+=($line)
done < $1
now_start="$(date)"
echo "Starting the loop to enable transfer of the provided EIPs in Region: $2 from AWS account: $3 to AWS account: $4 at $now_start" >> EIPTransfer-results-"`date +"%d-%m-%Y"`".txt
for i in "${ARRAY[@]}"
do
echo "Trying to get the AllocationId for ${i}" >> EIPTransfer-results-"`date +"%d-%m-%Y"`".txt
EIPAlloc=`aws ec2 describe-addresses --filters "Name=public-ip,Values=${i}" --query "Addresses[].AllocationId" --region $2 --output text`
if [[ "$EIPAlloc" == *"eipalloc"* ]]; then
echo "Trying to enable transfer for ${i} with allocation-id $EIPAlloc" >> EIPTransfer-results-"`date +"%d-%m-%Y"`".txt
aws ec2 enable-address-transfer --allocation-id ${EIPAlloc} --transfer-account-id $4 --region $2 --output text >> EIPTransfer-results-"`date +"%d-%m-%Y"`".txt 2>&1
else
echo "No allocation-id found for EIP ${i}" >> EIPTransfer-results-"`date +"%d-%m-%Y"`".txt
fi
done
now_end="$(date)"
echo "All done! Exiting the script at $now_end!" >> EIPTransfer-results-"`date +"%d-%m-%Y"`".txt
## usage sh EIPTransfer.sh eips.txt xx-region-y srcaccount dstaccount
4. To run this script, run the following command:
sh EIPTransfer.sh eips.txt xx-region-y srcaccount dstaccount
5. Review the EIPTransfer log for any errors. The log is named EIPTransfer-results-DATE.txt.
Note: In this file name, DATE is the date when you run the script.
Accept the transfer (transfer account owner)
1. Verify that you configured your AWS CLI credentials for the transfer account. Also, verify that you have IAM permissions to allow the ec2:AcceptAddressTransfer API call.
2. Add the Elastic IP addresses to a text file, with one address per line. In the following example bash script, this text file is named eips.txt.
3. Create a bash script that’s similar to the following example, named EIPAccept.sh:
#! /bin/bash
ARRAY=()
while read line
do
ARRAY+=($line)
done < $1
now_start="$(date)"
echo "Starting the loop to accept transfer of the provided EIPs in Region: $2 from AWS account: $3 to AWS account: $4 at $now_start" >> EIPAccept-results-"`date +"%d-%m-%Y"`".txt
for i in "${ARRAY[@]}"
do
echo "Trying to accept the EIP transfer for ${i} from account $3" >> EIPAccept-results-"`date +"%d-%m-%Y"`".txt
aws ec2 accept-address-transfer --address ${i} --region $2 --output text >> EIPAccept-results-"`date +"%d-%m-%Y"`".txt 2>&1
done
now_end="$(date)"
echo "All done! Exiting the script at $now_end!" >> EIPAccept-results-"`date +"%d-%m-%Y"`".txt
## usage sh EIPAccept.sh eips.txt xx-region-y srcaccount dstaccount
4. To run this script, run the following command:
sh EIPAccept.sh eips.txt xx-region-y srcaccount dstaccount
5. Review the EIPAccept log for any errors. This log is named EIPAccept-results-DATE.txt.
Note: In this file name, DATE is the date when you run the script.