1 Answer
- Newest
- Most votes
- Most comments
0
I haven't timed this lately but I know prior to the improved Lambda VPC networking using AWS Hyperplane rolled out 2019/2020, it could take several hours for an ENI to be cleaned up and deleted. Supposedly it's improved now ... I guess 45 mins is an improvement! :)
One workaround I heard of with CloudFormation was using a Custom Resource to force deletion of the ENI. Something to watch out for with this is that ENIs are shared across Lambda execution environments with the same security group & subnet combination, so best to use a unique security group per Function to avoid deleting an ENI in use by someone else.
Relevant content
- asked 12 days ago
- Accepted Answerasked 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- How do I update a CloudFormation stack that's failing because of a resource that I manually deleted?AWS OFFICIALUpdated 3 years ago
The strange thing is I am creating the security group as part of the same stack and the ENI is only used for the single lambda, so I don't see why the ENI needs to be kept for so long after deletion.
I think I had seen something similar with the custom resource, so I might give this a try. Though deleting the ENI early via the AWS Console doesn't seem to be possible, even after CloudFormation has deleted the lambda...