I removed VPC configuration from Lambda function "legallm-export-pdf-worker-prod" in us-east-1, but 2 Lambda-managed ENIs remain and block CloudFormation cleanup.
Account: 142530420275
Region: us-east-1
Stack: LegalLM-Lambda-prod
Failing logical resource: WorkerLambdaSg7861B44F
SG: sg-0ddbe1e100622af0e
ENIs:
eni-031af0d69c1ee4b82
eni-0c05b8613c34a9fc1
ENI status: available, attachment None
Function VpcConfig: empty (SubnetIds: [], SecurityGroupIds: [], VpcId: "")
Versions: only $LATEST
Aliases: none
- Event source mappings still enabled for SQS (normal worker setup)
- No MSK/MQ/DocDB/AMP scrapers in this account/region
- awslabs/aws-support-tools/Lambda/FindEniMappings reports no function/version using these subnet+SG combinations and suggests ENIs may be stuck.
Please advise AWS-side cleanup/reconciliation steps for these Lambda-managed ENIs so CloudFormation can delete the SG.
aws ec2 describe-network-interfaces \
--filters Name=group-id,Values=sg-0ddbe1e100622af0e \
--region us-east-1 \
--query 'NetworkInterfaces[*].[NetworkInterfaceId,Status,Attachment.AttachmentId,Description]' \
--output table
-----------------------------------------------------------------------------------------------------
| DescribeNetworkInterfaces |
+------------------------+------------+-------+-----------------------------------------------------+
| eni-031af0d69c1ee4b82 | available | None | AWS Lambda VPC ENI-legallm-export-pdf-worker-prod |
| eni-0c05b8613c34a9fc1 | available | None | AWS Lambda VPC ENI-legallm-export-pdf-worker-prod |
+------------------------+------------+-------+-----------------------------------------------------+
