Bearse Feature Reporting - Elastic IP Support

Introduction

We are pleased to announce the release of Bearse Feature Reporting version 0.9.13, which introduces support for AWS Elastic IP (EIP) resource reporting. This enhancement extends the asset discovery capabilities of the Bearse Feature Reporting tool, enabling organizations to track and report on their Elastic IP allocations across AWS accounts and regions.

Elastic IPs are static IPv4 addresses designed for dynamic cloud computing. With this update, organizations can now include EIPs in their comprehensive resource inventory, improving visibility into their AWS infrastructure and helping with cost optimization and security auditing.

Features

New Resource Type: Elastic IP (EIP) Support

The primary feature of this release is the addition of Elastic IP resources to the reporting framework. This includes:

1. EIP Resource Discovery

• Automatic discovery of all Elastic IPs across configured AWS regions
• Collection of comprehensive EIP metadata including:
  • Public IP address
  • Allocation ID
  • Association status
  • Instance or network interface associations
  • Domain (VPC or EC2-Classic)
  • Tags and custom metadata
  • Region information

2. Enhanced IAM Permissions

The following IAM permissions have been added to support EIP discovery:

• ec2:DescribeAddresses - Required to list and describe Elastic IP addresses

3. Standardized Tag Processing

• EIP resources utilize the existing tag standardization framework
• Automatic extraction of the “Name” tag for easy identification
• Conversion of AWS tags to a standardized format for consistent reporting

4. Error Handling and Resilience

• Robust error handling for API failures
• Graceful handling of permission issues
• Regional failure isolation to ensure partial data collection continues

Technical Implementation Details

The implementation follows the established resource reporting pattern in Bearse:

1. New EIP Service Module (services/eip.py):

   • Implements the Resource base class
   • Uses boto3 EC2 client for API interactions
   • Provides standardized data transformation

2. Configuration Updates:

   • Added ‘eip’ to the list of supported resource types
   • Updated IAM policy templates with required permissions

3. Code Cleanup:

   • Removed unused imports from the main application file
   • Maintained clean and efficient codebase

Examples

Configuration

To enable EIP reporting, ensure your reporter.config.yaml includes ‘eip’ in the resource types list:

resource_types:
  - ec2
  - lambda
  - ami
  - rds
  - rdscluster
  - s3
  - eip  # New addition

IAM Policy Requirements

Add the following permissions to your IAM policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeAddresses"
      ],
      "Resource": "*"
    }
  ]
}

Sample EIP Report Output

The EIP reporter will generate output in the following format:

{
  "PublicIp": "203.0.113.12",
  "AllocationId": "eipalloc-12345678",
  "Domain": "vpc",
  "InstanceId": "i-1234567890abcdef0",
  "AssociationId": "eipassoc-12345678",
  "NetworkInterfaceId": "eni-12345678",
  "NetworkInterfaceOwnerId": "123456789012",
  "PrivateIpAddress": "10.0.0.12",
  "Name": "production-web-server-eip",
  "Tags": {
    "Environment": "production",
    "Application": "web-server",
    "Owner": "infrastructure-team"
  },
  "Region": "us-east-1"
}

Usage in Asset Discovery Workflows

The EIP data can be integrated into existing asset discovery workflows:

1. Cost Optimization: Identify unassociated EIPs that are incurring charges
2. Security Auditing: Track public IP allocations across your infrastructure
3. Compliance Reporting: Maintain an inventory of all public-facing resources
4. Resource Tagging: Ensure all EIPs are properly tagged according to organizational standards

Conclusion

The addition of Elastic IP support to Bearse Feature Reporting v0.9.13 represents a significant enhancement to the tool’s asset discovery capabilities. This update enables organizations to maintain a complete inventory of their AWS resources, including static IP allocations, which is crucial for cost management, security auditing, and compliance reporting.

Organizations using Bearse Feature Reporting should update to version 0.9.13 to take advantage of this new functionality. The update is backward compatible and requires only minor configuration changes to enable EIP reporting.

For questions or issues related to this release, please contact the Base2Services support team or raise an issue in the project repository.

Next Steps

1. Update your Bearse Feature Reporting deployment to version 0.9.13
2. Update IAM policies to include the new ec2:DescribeAddresses permission
3. Add ‘eip’ to your resource types configuration
4. Run the resource reporter to begin collecting EIP data
5. Integrate EIP data into your existing reporting and monitoring workflows