Lambda creating ENI everytime it is invoked: Hitting limit

前端未结

关注

 2  689

My Lambda accesses resources on my VPC so as instructed in the documentation I\'ve given the Lambda a role to create network interfaces. I was under the assumption that the

相关标签:

2条回答

暖寄归人

2020-12-29 12:49

As Mark suggested, the issue was my AWS Lambda didn't have the DeleteNetworkInterface Action specified in the role(Policy) that the lambda was set to. By giving the appropriate policy the Lambda now detaches and deletes the ENI when done.

        {
            "Effect": "Allow",
            "Resource": "*",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:CreateNetworkInterface",
                "ec2:AttachNetworkInterface",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DeleteNetworkInterface",
                "ec2:DetachNetworkInterface",
                "ec2:ModifyNetworkInterfaceAttribute",
                "ec2:ResetNetworkInterfaceAttribute",
                "autoscaling:CompleteLifecycleAction"
            ]
        }

0 讨论(0)

灰色年华

2020-12-29 12:53

The official line from AWS (via their docs and a support ticket) is to use the AWS-managed policy AWSLambdaVPCAccessExecutionRole.

Excerpt from a private support ticket:

The role you are using in your Lambda function has an attached policy "AWSLambdaVPCAccessExecutionRole", which is an AWS managed policy for VPC-enabled Lambda functions. This policy contains all needed permissions and may be updated in future if new permissions are needed due to updates to the service.

It is also worth noting that it can sometimes take several hours for detached ENIs to be reaped.

0 讨论(0)
发布评论:

提交评论
- 加载中...