You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be very helpful if custodian could disassociate in ElasticIP address from a specific resource. This would help as a solution to a user mistakenly attaching an Elastic IP to a resource (like EC2) that should not be exposed. This would allow simple recovery from the disassociation if necessary. The majority of the code is already there as part of the VPC release action.
The text was updated successfully, but these errors were encountered:
Thanks Kapil, I looked at the disassociate associated with the force option. I's like to disassoicate WITHOUT the deletion.
Use Case: Policy requires that EC2 instances DO NOT have associated Elastic IP, unless there is an approved exception. Exception is identified based on tagging on instance. Extant EC2 instance is tagged with appropriate identifier. DNS record created to associate Elastic IP with DNS Name. All is good.
User creates new EC2 instance to replace extant EC2 instance with approved exception. User neglects to tag appropriately. User moves Elastic IP from old EC2 to new EC2. Policy filters in new EC2, Elastic IP is forcefully deleted. Recovery requires recreation of Elastic IP AND DNS update for new IP address. DNS TTL impacts restoration beyond SLA.
It would be very helpful if custodian could disassociate in ElasticIP address from a specific resource. This would help as a solution to a user mistakenly attaching an Elastic IP to a resource (like EC2) that should not be exposed. This would allow simple recovery from the disassociation if necessary. The majority of the code is already there as part of the VPC release action.
The text was updated successfully, but these errors were encountered: