v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 2.10 Ensure unused ENIs are removed

Description

Identify and delete any unused Amazon AWS Elastic Network Interfaces in order to adhere to best practices and to avoid reaching the service limit. An AWS Elastic Network Interface (ENI) is pronounced unused when is not attached anymore to an EC2 instance.

Remediation

From the Console:

  1. Login to EC2 using https://console.aws.amazon.com/ec2/.
  2. On the left Click NETWORK & SECURITY, click Network Interfaces.
  3. Select the ENI that you want to remove.
  4. Click 'Actions', then 'delete'
  5. Click Delete.
  6. Repeat steps 3 - 5 any other ENIs listed in the audit within the current region.

Note Repeat the audit process for all other regions used.

From the CLI:

  1. Run the delete-network-interface command with the ENI names collected above in the audit.
aws ec2 delete-network-interface --region us-east-1 --network-interface-id eni-1234abcd
  1. This will remove the ENI that is not being used.
  2. Repeat steps 1 - 2 for any ENIs within the current region.

Note Repeat the audit process for all other regions used.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.cis_compute_service_v100_2_10

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.cis_compute_service_v100_2_10 --share

SQL

This control uses a named query:

ec2_network_interface_unused

Tags

category = Compliance
cis = true
cis_item_id = 2.10
cis_level = 1
cis_section_id = 2
cis_type = manual
cis_version = v1.0.0
plugin = aws
service = AWS/EC2