Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Unable to Delete ENIs Attached to Lambda where Deleted Lambda Functions Created by CloudFormation

0

I have several ENIs that are still attached to Lambda functions. That Lambda function created with CloudFormation and stack has since been deleted, and its state shows DELETE_COMPLETE.

However, I am now unable to delete these ENIs. When I try, the system reports that they are still attached to Lambda functions. These Lambda functions no longer appear in the AWS Lambda console, confirming they were deleted along with the stack.

I have tried the following:

Verified that the ENIs are in in-use state.

Attempted to detach them via the CLI (aws ec2 detach-network-interface), which fails with OperationNotPermitted.

Searched for the Lambda functions via the AWS Console and CLI — they are no longer listed.

This appears to be a resource orphaning issue where the ENIs are stuck in an attached state to a non-existent Lambda function.

❓ My Questions: How can I forcefully detach or delete these ENIs?

Is there any cleanup mechanism for ENIs that remain after a Lambda or CloudFormation stack is deleted?

Would AWS Support be able to forcefully release or remove these stuck ENI

Topics
ServerlessManagement & GovernanceCompute
Tags
Amazon EC2AWS CloudFormationAWS Lambda
Language
English
asked 9 months ago488 views
1 Answer
0

This is a common issue when dealing with network interfaces (ENIs) associated with Lambda functions, especially when the functions have been deleted through CloudFormation. Here are some steps you can take to address this problem:

  1. Wait for automatic deletion: Lambda typically deletes the ENI automatically, but this process can take up to an hour or even longer in some cases. Try waiting for 24 hours and then attempt to delete the ENI again.

  2. Use the Lambda ENI Finder: AWS provides a tool called the Lambda ENI Finder that can help identify which Lambda functions or versions might be using the network interface. Run this tool to check for any associations, even if the functions are no longer visible in the console.

  3. Check for old Lambda versions: Sometimes, inactive versions of Lambda functions can still reference the subnets. Go through your Lambda functions in the AWS Console and delete any old versions that might be affected.

  4. Verify event source mappings: Check if any event source mappings from services like Amazon MSK, self-managed Kafka, Amazon MQ, or Amazon DocumentDB are using the ENI.

  5. Force detach using AWS CLI: Although you mentioned this failed with OperationNotPermitted, you can try again using the following command: aws ec2 detach-network-interface --attachment-id <attachment-id> --force Note that this may not work for Lambda-managed attachments.

  6. Check VPC configuration: If you recently updated a function to remove its VPC configuration, Lambda may require up to 20 minutes to delete the attached Hyperplane ENI.

If none of these steps resolve the issue after waiting for 24 hours, it's likely that the ENIs are truly "stuck" and require intervention from AWS Support. In this case, contacting AWS Support would be the best course of action. They have the ability to forcefully release or remove these stuck ENIs from your account.

Regarding cleanup mechanisms, AWS does have automatic processes to clean up resources, but sometimes these can fail or take longer than expected, especially in complex scenarios involving CloudFormation stacks and Lambda functions.

If you don't have a support plan that allows you to open a case with AWS Support, you can try posting on the AWS forums or reaching out to AWS through their general contact channels to report the issue. However, for the most direct and effective resolution, a support plan that allows you to open a case would be the best option.
Sources
Want to delete Network Interface, but it is showing it is connected to lambda, but there is no lambda | AWS re:Post
Unable to Delete network interface due link with Lambda | AWS re:Post
Unable to delete eni interface lambda type. | AWS re:Post

answered 9 months ago
EXPERT
reviewed 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content