Elastic IP address is protected by AWS Shield Advanced
shield_advanced_protection_in_associated_elastic_ips
Elastic IP addresses are assessed for AWS Shield Advanced coverage by verifying they are listed as protected resources.
Risk
Without Shield Advanced, internet-facing EIPs are more susceptible to DDoS, threatening availability and driving cost spikes.
Volumetric or protocol floods can saturate bandwidth or exhaust connection state, disrupting services behind the EIP and slowing incident response.
prowler aws --checks shield_advanced_protection_in_associated_elastic_ips
Recommendation
Register critical EIPs as Shield Advanced protected resources.
Apply defense in depth: minimize public exposure, use application-layer controls (WAF, rate limiting), monitor telemetry, and review protections regularly, aligning network access with least privilege.
Remediation
aws shield create-protection --name <example_resource_name> --resource-arn arn:aws:ec2:<REGION>:<ACCOUNT_ID>:elastic-ip/eipalloc-<ALLOCATION_ID>
- Open the AWS WAF & Shield console
- Go to AWS Shield > Protected resources
- Click Add resources to protect
- Select the Region and resource type: EC2 Elastic IP, then Load resources
- Select the target Elastic IP
- Click Protect with Shield Advanced
Source Code
Resource Type
AwsEc2Eip