AWS Glue does not clean up network interfaces

Question

Hi,

We have several glue jobs with 30-120 workers, some of them run as often as every 5 minutes. We need to access VPC resources from glue, so we created a glue connection that points to RDS. Everything works fine, apart from the fact that glue creates network interfaces (I guess for worker nodes) and does not clean them up on termination. Gradually, we end up with thousands (!) of ENIs in the available state that exhausts the cidr pool completely. Why the ENIs are not deleted on node termination? and how can we fix that?

Answer

Follow the instructions in the following document.  
I believe that removing the unused ENI yourself will help to solve the problem.  
https://repost.aws/knowledge-center/glue-specified-subnet-free-addresses

Answer

You will need to ensure that you have the correct policies for the IAM role that's assigned to the Glue job. Specifically, the [ec2:DeleteNetworkInterface](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteNetworkInterface.html) action will need to be added to the permission set. Then, Glue should be able to clean these up after use.

AWS Glue does not clean up network interfaces

相關內容