CloudAgent gives you AI agents that manage your cloud infrastructure. They handle tasks like security compliance, cost optimization, deployments, and monitoring. You remain in control as agents show you their plans, wait for your approval, then execute. Think of it as having a cloud operations team that works 24/7 without needing to hire an army of cloud experts.

How can AI agents be trusted with production cloud infrastructure?

You stay in control through approval workflows where every infrastructure change can require human approval before execution, custom security controls with granular access rules, complete audit trails of every action, self-hosted deployment options, and progressive trust models starting with read-only access.

How does it actually reduce costs?

CloudAgent agents delete unused resources, schedule non-production shutdowns, right-size infrastructure based on usage patterns, and recommend architectural optimizations. Early customers report 15-40% cost reduction within 90 days. Unlike dashboards, CloudAgent actually fixes the problems.

1. Assessment

List Elastic IPs and metadata
Identify unattached Elastic IPs
User: review and approve EIP release

2. Configuration

Release approved Elastic IPs

3. Validation

Verify releases and report results

1 Credits

Release Unattached Elastic IP Addresses

Overview

Configure deletion of unused Elastic IPs (EIPs) to reduce cost while preserving safety and auditability. This plan will enumerate all EIPs and rich metadata, identify unattached candidates using explicit rules and safety filters, guide you through an approval workflow that captures constraints and irreversibility acknowledgement, execute releases according to your preferences (scheduling, stop-on-error, notifications), and then validate and report the final state. Every step produces machine-readable artifacts and audit metadata (API request IDs, timestamps, approver identity) so decisions and actions can be reviewed and traced.

Execution Details

Phase: Assessment

List Elastic IPs and collect authoritative inventory
- Enumerate all EIPs visible in the target account/region and capture full API metadata (request IDs, pagination tokens, timestamps).
- For each address collect AllocationId/PublicIp, AssociationId, Domain (vpc/classic), instance/ENI/NAT/ELB association details and resolved resource state, owner and tag set, and derived lifecycle info (computed ageDays).
- Detect cross-account references, anomalies (missing association resource, terminated resource, API errors) and record exact evidence.
- Produce a machine-readable inventory (JSON array) with per-address metadata, anomaly flags, and summary aggregates (totals attached/unattached, VPC/classic counts, anomalies, addresses lacking owner tags).
- Persist the inventory artifact for downstream steps.
Identify unattached Elastic IPs and build candidate list
- Consume the authoritative inventory and define the "unattached" rule set: no AssociationId OR association resolves to terminated/deleted OR association lookup returned NotFound/AccessDenied (flag for manual review).
- Apply additional candidate filters: allocation age threshold, presence/absence of owner/purpose/do-not-release tags, and any available cross-reference checks (DNS/CMDB) when available.
- Mark special reservations (e.g., owner tag "do-not-release" or IPAM pools) as do-not-release unless explicitly overridden.
- Re-check each candidate with a fresh live read to reduce race conditions; remove any addresses that became attached.
- Produce a machine-readable candidate list (JSON) with per-address fields (AllocationId/PublicIp, ageDays, tags, last-seen association state/timestamp, anomaly flags) plus a recommended disposition (safe-to-release / requires-owner-confirmation / requires-manual-check), rationale, and next steps.
- Persist the candidate artifact and provide summary counts (unattached, do-not-release, requires confirmation, safe-to-release).

Phase: User review and approval

Present candidates and collect explicit approval artifact
- Deliver the candidate list to the user with full evidence and recommendations.
- Guide the user to select exact AllocationIds and/or PublicIps to release and collect any constraints or exceptions (owner approvals, retention requests, scheduling window).
- Capture pre-release preferences: final live re-check, temporary tagging, owner notifications, notification templates, stop-on-first-error vs continue-on-error, and whether releases should run immediately or in a scheduled change window.
- Require an explicit irreversible-impact acknowledgment (approver identity and timestamp) because released public IPs cannot be recovered.
- Validate overrides for do-not-release items and check approvals remain valid against a fresh inventory read; if any approved address is now attached, prompt for re-approval or removal.
- Produce and persist a machine-readable approval artifact that records approver identity, timestamp, approved addresses, change window, pre-release checks, execution preferences, and any conditional approvals.

Phase: Configuration / Execution

Release approved Elastic IPs
- Load the approval artifact and the latest inventory then derive the final release set, confirming approver authority and permissions as recorded.
- Perform a final pre-release live check for each address; skip and record any that have become attached since approval.
- When disassociation is required and explicitly approved, perform disassociate actions first and confirm address becomes unattached before release.
- Execute releases for VPC (AllocationId) and Classic (PublicIp) addresses as appropriate, capturing full API responses, request IDs, and timestamps for each operation.
- Respect user-specified scheduling (change window), stop-on-error vs continue-on-error behavior, and any temporary tagging or notification steps requested.
- For each attempted address produce a change-result entry: outcome (released/skipped/failed), prior state, API metadata, any disassociation actions, and remediation guidance for failures.
- Persist change logs and the change-result artifact for audit and downstream validation.

Phase: Validation

Verify releases and produce verification report
- Re-run a live enumeration to confirm addresses reported as released no longer appear (match by AllocationId/PublicIp) and capture verification API metadata.
- For any released address that still appears, record the exact returned state, API evidence, and mark as "release not reflected" with diffs.
- Re-check skipped or failed addresses and report current state and changes since the operation.
- Ensure that addresses the user requested to keep remain unchanged; flag any unintended deallocations or modifications with exact API evidence.
- Produce a consolidated, machine-readable verification report linking expected vs actual final state for each address, including pass/fail status, API request IDs/timestamps, discrepancies, and remediation steps (example corrective actions and payloads for operators).
- Summarize totals (released successfully, failed, skipped, discrepancies) and persist the verification report with links to the approval and change-result artifacts. Mark workflow as "completed" or "requires manual remediation" accordingly and return the report to the user.

Artifacts and Audit Trail

Inventory artifact: authoritative JSON of all EIPs and metadata (request IDs, timestamps, ageDays, tags, anomalies).
Candidate list: JSON of unattached candidates with recommended dispositions and rationale.
Approval artifact: machine-readable approval with approver identity, timestamp, selections, scheduling and execution preferences, and irreversibility acknowledgement.
Change-result artifact: per-address outcomes for release attempts with API responses and remediation notes.
Verification report: final validation of expected vs actual state with detailed diffs, API evidence, and remediation guidance. All artifacts include exact API metadata, timestamps, and approver information to support traceability and audit.

Safety and Operational Notes

Addresses flagged do-not-release or requiring owner confirmation are excluded unless explicitly overridden with recorded approval.
Final pre-release live checks reduce race conditions; any address that becomes attached between approval and execution is skipped and logged.
Releasing EIPs is generally irreversible; explicit user acknowledgement is required and recorded.
Execution behavior follows user preferences for scheduling and error handling; extensive logging and machine-readable outputs are produced to support rollback investigation and manual remediation if needed.