1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
I haven't timed this lately but I know prior to the improved Lambda VPC networking using AWS Hyperplane rolled out 2019/2020, it could take several hours for an ENI to be cleaned up and deleted. Supposedly it's improved now ... I guess 45 mins is an improvement! :)
One workaround I heard of with CloudFormation was using a Custom Resource to force deletion of the ENI. Something to watch out for with this is that ENIs are shared across Lambda execution environments with the same security group & subnet combination, so best to use a unique security group per Function to avoid deleting an ENI in use by someone else.
The strange thing is I am creating the security group as part of the same stack and the ENI is only used for the single lambda, so I don't see why the ENI needs to be kept for so long after deletion.
I think I had seen something similar with the custom resource, so I might give this a try. Though deleting the ENI early via the AWS Console doesn't seem to be possible, even after CloudFormation has deleted the lambda...