Find Who owns the Private IP in AWS | DevOps Junction

At times of troubleshooting an issue or doing a forensic on a security incident in your AWS account.  Finding who owns Private IP plays a major role.

Do you know Almost all the AWS resources like Load Balancers, RDS, EFS has their own private IP address.

So how to find out which resource owns this Private IP in AWS.


Most of the time the IP Address you are seeing in the VPC flow logs (or)  web server or ALB access log does not match to any EC2 instance private IP address.

So it gives a huge list of private IP addresses to look into.

One way to list all your Private IP address is to list your network interfaces  using the aws CLI

aws ec2 describe-network-interfaces

My favourite is to use awless  a wonderful CLI tool for AWS administration and reporting

you can learn more about awless here

awless list networkinterfaces -p prod

But if you want to be real quick about it and find out more detailed information about a single private IP address

you can use the following AWS CLI command with your private ip address on the filter.

aws ec2 describe-network-interfaces – filters Name=addresses.public-ip-address,Values=<private ip>

This would give a detailed result on who owns the IP address and their name etc. If it is a EC2 instance (or) Load Balancer etc.

Hope this helps.


Sarav AK

Follow me on Linkedin My Profile
Follow DevopsJunction onFacebook orTwitter
For more practical videos and tutorials. Subscribe to our channel

Buy Me a Coffee at

Signup for Exclusive "Subscriber-only" Content