Automate deletion of orphaned network interfaces.

0

A customer has thousands of network interfaces in the us-east-1. The customer is looking for a way to identify any network interfaces that have not been used in the last 90 days and delete them all.

Customer is aware he can use the AWS CLI to identify instances that are not in-use and delete them by providing the id for each interface.

My Question:

Is there a way to automate this entire process? Finding all the network interfaces older than 90 days and deleting them?

If there is no way to identify when they were last used, is there a way for the customer delete all the network interfaces that are not in use and delete all of them at once.

1개 답변
0
수락된 답변

When you try to delete an ENI, if the interface is in use, you'll be prevented from doing so. You can see ahead of time which ENIs are in use in the VPC console, under Network Interfaces.

Programatically, as I see it, you have two choices (or a combination of both). Firstly, if you don't care when an interface was last used so long as it isn't currently being used, then you can parse the output of aws ec2 describe-network-interfaces; the status section of the response is available (if not in use) and in-use (if, well, in use). If you do care, you could take each of these ENI IDs and parse through your VPC Flow Logs to find any traffic over that interface in the last X period, and use that to determine whether or not you delete the interface.

However, remember that VPC Flow Logs will log any traffic received by an ENI - if someone tries to connect to a port on an IP served by an ENI from the outside, that will show as activity. If you want to filter just so that you only look for customer-initiated activity to that ENI, then VPC Flow Logs can help, but you'd need to parse a little more to work out the source IP address.

AWS
전문가
답변함 5년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠