Control: 2.10 Ensure unused ENIs are removed

Description

Identify and delete any unused Amazon AWS Elastic Network Interfaces in order to adhere to best practices and to avoid reaching the service limit. An AWS Elastic Network Interface (ENI) is pronounced unused when is not attached anymore to an EC2 instance.

Remediation

From the Console:

Login to EC2 using https://console.aws.amazon.com/ec2/.
On the left Click NETWORK & SECURITY, click Network Interfaces.
Select the ENI that you want to remove.
Click 'Actions', then 'delete'
Click Delete.
Repeat steps 3 - 5 any other ENIs listed in the audit within the current region.

Note Repeat the audit process for all other regions used.

From the CLI:

Run the delete-network-interface command with the ENI names collected above in the audit.

aws ec2 delete-network-interface --region us-east-1 --network-interface-id eni-1234abcd

This will remove the ENI that is not being used.
Repeat steps 1 - 2 for any ENIs within the current region.

Note Repeat the audit process for all other regions used.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.cis_compute_service_v100_2_10

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.cis_compute_service_v100_2_10 --share

SQL

This control uses a named query:

ec2_network_interface_unused