Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Can't delete network interfaces of type lambda

0

I have three network interfaces in a VPC that was created to support an EKS cluster. I deleted the EKS and all related resources, but I can't delete the VPC because of these three network interfaces. The error I get is that:

**"Network interface is currently in use and is of type lambda ." **

I've never used or created any lambda service, and I've got no applications nor functions in the "lambda dashboard".

Topics
Networking & Content Delivery
Tags
Amazon VPC
Language
English
asked a year ago232 views
3 Answers
0
Accepted Answer

Ok apparently the interfaces were "used" by a managed prometheus instance in a workspace that was automatically created with my test EKS cluster. After removing the workspace, I was able to delete the ENIs and all security groups, subnets and the VPC itself.

I'm posting this since the documentation does not mention this and it's impossible to trace what is using an interface with the console and/or the cli, so maybe someone else with the same problem will find this helpful.

answered a year ago
0

This is a common issue when trying to delete network interfaces (ENIs) associated with Lambda functions, even when you don't see any Lambda functions in your console. Here are several steps you can take to resolve this:

  1. Wait for automatic deletion: Lambda typically deletes the ENI automatically, but this process can take up to an hour or sometimes longer. Try waiting and then attempt to delete the ENI again.

  2. Use the Lambda ENI Finder tool: AWS provides a tool called the Lambda ENI Finder that can help identify which Lambda functions or versions might be using the network interface. You can find instructions on how to use this tool in the AWS Knowledge Center.

  3. Check for hidden Lambda associations: Even if you don't see Lambda functions in the console, the ENIs might be associated with:

  • Unpublished Lambda function versions
  • Event source mappings from services like Amazon MSK, self-managed Kafka, Amazon MQ, or Amazon DocumentDB

  1. Run the Lambda ENI Finder script: When you run this script, if you get a message saying "No Lambda functions or versions found that were using the same subnet as this ENI," it suggests the ENI might be "stuck."

  2. Try force detaching: You can attempt to force detach the network interface using the AWS CLI:

aws ec2 detach-network-interface --attachment-id <attachment-id> --force

However, this may not work for Lambda-managed attachments, which often return an error like "You are not allowed to manage 'ela-attach' attachments."

  1. Check for EKS-related Lambda functions: Since you mentioned this was related to an EKS cluster, it's possible that the cluster created Lambda functions for operational purposes that aren't immediately visible.

If none of these steps resolve the issue after 24 hours, the recommended approach is to contact AWS Support. They can help internally remove the ENIs that are stuck in this state. For users without a support plan, this presents a challenge, but you may be able to open a case under "Account and billing" which can be done free of charge.
Sources
Cant delete ENI | AWS re:Post
Unable to Delete network interface due link with Lambda | AWS re:Post
Want to delete Network Interface, but it is showing it is connected to lambda, but there is no lambda | AWS re:Post
how do i delete network interface that its type is lambda | AWS re:Post
Unable to delete eni interface lambda type. | AWS re:Post

answered a year ago
EXPERT
reviewed a year ago
  • Claudio Tassini
    a year ago

    The VPC and ENI interfaces are in this state since two weeks. I've tried the "detach-network-interface" command, but I got this error:

    An error occurred (OperationNotPermitted) when calling the DetachNetworkInterface operation: You are not allowed to manage 'ela-attach' attachments.

    The EKS cluster was created for testing purposes, and deleted immediately afterwards. No resources were created in the cluster itself. Especially not lambda functions.

0

We've tried running the findEniAssociation script but we get this error:

`./findEniAssociations --eni eni-02bc391de32c1ff28 --region eu-central-1 This script is for determining why an ENI that is managed by AWS Lambda has not been deleted.

Found eni-02bc391de32c1ff28 with "subnet-03a35c358b400ed7e" using Security Groups "sg-052352ed9b18f0b7a" Searching for Lambda function versions using "subnet-03a35c358b400ed7e" and Security Groups "sg-052352ed9b18f0b7a"...

No Lambda functions or versions found that were using the same subnet as this ENI. If this ENI is not deleted automatically in the next 24 hours then it may be 'stuck'. If the ENI will not allow you to delete it manually after 24 hours then please contact AWS support and send them the output of this script.`

The interfaces have been there for weeks, and we cannot delete them.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content