Automate deletion of orphaned network interfaces.

Question

A customer has thousands of network interfaces in the us-east-1. The customer is looking for a way to identify any network interfaces that have not been used in the last 90 days and delete them all.

Customer is aware he can use the AWS CLI to identify instances that are not in-use and delete them by providing the id for each interface.

My Question:

Is there a way to automate this entire process? Finding all the network interfaces older than 90 days and deleting them?

If there is no way to identify when they were last used, is there a way for the customer delete all the network interfaces that are not in use and delete all of them at once.

Accepted Answer

When you try to delete an ENI, if the interface is in use, you'll be prevented from doing so. You can see ahead of time which ENIs are in use in the VPC console, under Network Interfaces.

Programatically, as I see it, you have two choices (or a combination of both). Firstly, if you don't care when an interface was last used so long as it isn't currently being used, then you can parse the output of `aws ec2 describe-network-interfaces`; the `status` section of the response is `available` (if not in use) and `in-use` (if, well, in use). If you do care, you could take each of these ENI IDs and parse through your VPC Flow Logs to find any traffic over that interface in the last X period, and use that to determine whether or not you delete the interface.

However, remember that VPC Flow Logs will log any traffic received by an ENI - if someone tries to connect to a port on an IP served by an ENI from the outside, that will show as activity. If you want to filter just so that you only look for customer-initiated activity to that ENI, then VPC Flow Logs can help, but you'd need to parse a little more to work out the source IP address.

Automate deletion of orphaned network interfaces.

Contenido relevante