Unused Elastic Network Interfaces

01 Sign in to the AWS Management Console.

02 Navigate to Amazon EC2 console at https://console.aws.amazon.com/ec2/.

03 In the navigation panel, under Network & Security, choose Network Interfaces.

04 Select the Elastic Network Interface (ENI) that you want to examine.

05 Choose the Details tab from the console bottom panel to access the ENI configuration details.

06 In the Network interface details section, check the Network interface status attribute value. If the Network interface status is set to Available, the selected Elastic Network Interface (ENI) is not attached to an Amazon EC2 instance, therefore the verified resource is unused and can be safely removed from your AWS cloud account.

07 Repeat steps no. 4 – 6 to determine the association status for other Elastic Network Interfaces available within the current AWS region.

08 Change the AWS cloud region from the console navigation bar and repeat the audit process for other regions.

01 Run describe-network-interfaces command (OSX/Linux/UNIX) with custom query filters to describe the ID of each Elastic Network Interface (ENI) deployed in the selected AWS region:

aws ec2 describe-network-interfaces
  --region us-east-1
  --output table
  --query 'NetworkInterfaces[*].NetworkInterfaceId'

02 The command output should return a table with the requested ENI identifiers (IDs):

---------------------------
|DescribeNetworkInterfaces|
+-------------------------+
|  eni-0abcd1234abcd1234  |
|  eni-01234abcd1234abcd  |
|  eni-0abcdabcdabcdabcd  |
|  eni-01234123412341234  |
+-------------------------+

03 Run describe-network-interfaces command (OSX/Linux/UNIX) using the ID of the Elastic Network Interface (ENI) that you want to examine as the identifier parameter and custom query filters to describe the association status of the selected ENI:

aws ec2 describe-network-interfaces
  --region us-east-1
  --network-interface-ids eni-0abcd1234abcd1234
  --query 'NetworkInterfaces[*].Status'

04 The command output should return the requested configuration status:

[
	"available"
]

05 Repeat steps no. 3 and 4 to determine the association status for other Elastic Network Interfaces available in the selected AWS region.

06 Change the AWS region by updating the --region command parameter value and repeat the audit process for other regions.

01 Sign in to the AWS Management Console.

02 Navigate to Amazon EC2 console at https://console.aws.amazon.com/ec2/.

03 In the navigation panel, under Network & Security, choose Network Interfaces.

04 Select the Elastic Network Interface (ENI) that you want to delete (see Audit section part I to identify the right resource).

05 Click on the Actions dropdown menu from the console top menu and choose Delete.

06 In the Delete network interface confirmation box, review the ENI resource details, then choose Delete to remove the selected network interface from your AWS cloud account.

07 Repeat steps no. 4 – 6 to remove other unused (detached) Elastic Network Interfaces (ENIs) available within the current AWS region.

08 Change the AWS cloud region from the console navigation bar and repeat the audit process for other regions.

01 Run delete-network-interface command (OSX/Linux/UNIX) using the ID of the Elastic Network Interface (ENI) that you want to delete as the identifier parameter (see Audit section part II to identify the right resource), to remove the selected ENI resource from your AWS cloud account (if successful, the command request does not produce an output):

aws ec2 delete-network-interface
  --region us-east-1
  --network-interface-id eni-0abcd1234abcd1234

02 Repeat step no. 1 to remove other unused (detached) Elastic Network Interfaces (ENIs) available in the selected AWS region.

03 Change the AWS cloud region by updating the --region command parameter value and repeat the remediation process for other regions.