- Newest
- Most votes
- Most comments
When you try to delete an ENI, if the interface is in use, you'll be prevented from doing so. You can see ahead of time which ENIs are in use in the VPC console, under Network Interfaces.
Programatically, as I see it, you have two choices (or a combination of both). Firstly, if you don't care when an interface was last used so long as it isn't currently being used, then you can parse the output of aws ec2 describe-network-interfaces
; the status
section of the response is available
(if not in use) and in-use
(if, well, in use). If you do care, you could take each of these ENI IDs and parse through your VPC Flow Logs to find any traffic over that interface in the last X period, and use that to determine whether or not you delete the interface.
However, remember that VPC Flow Logs will log any traffic received by an ENI - if someone tries to connect to a port on an IP served by an ENI from the outside, that will show as activity. If you want to filter just so that you only look for customer-initiated activity to that ENI, then VPC Flow Logs can help, but you'd need to parse a little more to work out the source IP address.
Relevant content
- asked a year ago
- asked 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago