Home / Industry

Bring Your Own IP (AWS-BYOIP) - AWS to Charge for IPv4

On Friday, July 28, 2023, AWS announced they would begin charging for every IPv4 address an account is allocated or using on the platform, starting February 1, 2024. That’s a change from the current scheme, which only charges you for addresses you reserve, but aren’t using, or if you reassign the same address over a hundred times a month.

The rate is $0.005 per hour per IP. Assuming 30 ½ days per month, the cost of a single IP is $3.66 per month. If you only have one address, that’s a minor increase to your monthly AWS bill. However, some enterprises and universities have moved hundreds of systems to the cloud. With current IPv4 prices for small blocks in the low $30s per address, buying a /24 (256 addresses) pays for itself in less than a year.

AWS also encouraged users to consider, “accelerating your adoption of IPv6.”

How to Discover Your Use

To see how many IPv4 addresses you’re using on AWS, log into the console, under your name on the top right choose Billing > Cost & usage reports > Create Report, enter a Report name, check Include resource IDs, Next. Choose an S3 bucket or create a new one. You may have to wait up to 24 hours to see your report under “Cost and Usage Reports.”

Warning: scary technical content follows!

How to BYOIP

After you buy your /24, here’s how you get started using it. AWS has a free way to Bring Your Own IP (BYOIP):

  1. Create a ROA. In ARIN, the easiest way is to log into ARIN Online > Routing Security > RPKI, then next to your OrgID choose Sign up for RPKI, Sign up for Hosted, Hosted Certificate, agree to RPKI Terms, Submit. Then Manage ROAs > Create ROA, and enter the ASN for AWS (16509 and 14618, you need both), your Prefix (IP address block), and Max Length (24, usually). Then Next > Submit.
  2. Create a key pair for AWS authentication, if you don’t already have one. You will need a unix-like command like console for this (such as a free EC2 instance on AWS):
    1. $ openssl genpkey -aes256 -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private-key.pem
    2. Choose a password
    3. $ openssl rsa -in private-key.pem -pubout > public-key.pem
    4. $ openssl req -new -x509 -key private-key.pem -days 365 | tr -d “n” > certificate.pem,/code>
  3. Add that public certificate to the open text section of Whois. For ARIN, go back to ARIN Online > IP Addresses > Manage Networks, find your block, Actions > Modify
    1. From the unix console, cat certificate.pem
    2. Copy everything including ——BEGIN CERTIFICAT—— and ——END CERTIFICAT——
    3. Paste that into the Public Comments section, Save.
  4. Using the AWS Command Line Interface (AWS CLI) there’s no other way, so install aws-cli if you need to provision the block:

    1. Find your AWS account number; from console.aws.amazon.com, click the name at the top right, and record the numbers after “My Account”
    2. Create an environmental variable calls text_message to store your auth message, using your account number and block: text_message=“1|aws|123456789012||20241201|SHA256|RSAPSS”
    3. Similarly, create an environmental variable to hold the private key: signed_message=$( echo -n $text_message | openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -sign private-key.pem -keyform PEM | openssl base64 | tr—‘+=/’ ‘-_~’ | tr -d “n”)
    4. Provision the block: aws ec2 provision-byoip-cidr—cidr —cidr-authorization-context Message=”$text_message”,Signature=”$signed_message”—region us-east-1
  5. Wait for AWS to complete the provisioning. It could take up to a week, but might take as little as a few hours. Run aws ec2 describe-byoip-cidrs—max-results 5—region us-east-1 to look for the block.
  6. Tell AWS to advertise the addressed so the rest of the Internet can reach them: aws ec2 advertise-byoip-cidr—cidr—region us-east-1

The whole process, except waiting for AWS to provision, should take less than 20 minutes. Text in consolas span above should be pasted exactly, after replacing text in bold with your specific values.

To download a Word file of the above, click here.

By IPv4.Global, Premier IPv4 Broker and Online Marketplace

IPv4.Global by Hilco Streambank helps companies with IPv4 addresses to sell, find companies who need to buy IPv4 addresses. Our business is founded on the belief that the transaction that yields mutual satisfaction is worth pursuing. We customize solutions that work for both buyers and sellers and help evaluate options for acquiring the IP addresses you need, given your Regional Internet Registry requirements.

Visit Page

Filed Under


Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix


Sponsored byVerisign

Brand Protection

Sponsored byCSC