AWS Supports Transfer of IP Addresses between Accounts

AWS recently announced Elastic IP transfer, an Amazon VPC feature to transfer IP addresses across accounts. The new option helps with organizational restructuring, centralized security administration, and disaster recovery.

A two-step handshake between AWS accounts is required to transfer an IP address: when the source account starts the process, the destination account has seven hours to accept it or the address will return to its original owner. Mark Promnitz, senior solutions architect, comments:

Ever needed to move a server where ~30 third parties have the public IP address whitelisted in their firewalls? It's a change management exercise that I'd rather not repeat. Turns out, I needed this.


It is currently possible to transfer Elastic IP addresses to accounts within the same AWS Organization or to standalone AWS accounts, but it is not possible to do it addresses between AWS Organizations. Aaron Hunter, senior technical trainer at AWS, writes:

My favorite announcement is simple, yet important... the ability to transfer Elastic IP addresses between AWS accounts! So handy when moving applications to a new team/account.

Among the different use cases, the ability to transfer Elastic IP addresses helps in quickly moving workloads across AWS accounts or tracking and moving Elastic IP addresses that have been vetted for security compliance. In emergency events, the new option allows quick remap IPs for public-facing internet workloads.

Multiple threads had been opened in the past on Stack Overflow, re:Post and Server Fault on how to move an IP address. Previously, the only way was to open support cases from both the source and destination accounts to authorize and acknowledge the request. Corey Quinn, cloud economist at The Duckbill Group, comments:

This is huge news for folks who until now couldn't migrate that one, highly specific thing into their modernized account structure from the old legacy "omnibus" AWS account.

While the new option has been positively received, different users ask for a similar feature for S3 buckets, that are currently associated with a specific account and cannot be transferred.

Elastic IP transfers can be tracked using Amazon VPC IP Address Manager (IPAM), a service that allows viewing the history of an IP address. Still, if an IP address is moved to an AWS account outside of the organization, the IPAM audit history will be lost.

Elastic IP addresses for IPv6 are not supported and IP addresses can be transferred only within the same AWS region. The new option is free and available in all regions.

