How can I troubleshoot the "You have exceeded the maximum limit for Lambda HyperPlane elastic network interfaces for your VPC" error when configuring a Lambda function in an Amazon VPC?

4 minute read
0

I created or updated an AWS Lambda function that's connected to an Amazon Virtual Private Cloud (Amazon VPC). I received the error "You have exceeded the maximum limit for Lambda HyperPlane ENIs for your VPC."

Short description

When you configure a Lambda function to access resources in an Amazon VPC, Lambda creates a Hyperplane elastic network interface (ENI). The Hyperplane elastic network interface is created the first time that a unique subnet and security group combination is defined.

The default quota limit for elastic network interfaces per Amazon VPC is 250. Exceeding the elastic network interface quota results in a limit exceeded error.

For more information, see Configuring a Lambda function to access resources in a VPC.

Resolution

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you're using the most recent AWS CLI version.

Identify the usage of Hyperplane elastic network interfaces in your Amazon VPC

Run the AWS CLI command describe-network-interfaces to find the total number of Hyperplane ENIs in use by Lambda for your Amazon VPC.

Note: Replace VPC with your Amazon VPC ID and region with your AWS Region.

$ aws ec2 describe-network-interfaces --region us-east-1 \
  --filters 'Name=vpc-id,Values=VPC' 'Name=status,Values=in-use' \
  --query 'NetworkInterfaces[?InterfaceType=='lambda'].NetworkInterfaceId'

Remove Amazon VPC configurations for Lambda functions that don't access private resources

It's a best practice to configure an Amazon VPC for your Lambda function to access only private resources. After you update a function to remove its Amazon VPC configuration, Lambda deletes the attached Hyperplane elastic network interface.

Note: Lambda deletes the Hyperplane elastic network interface only if no other functions or published versions are using that Hyperplane elastic network interface.

To identify the function using an elastic network interface, see Why can't I detach or delete an elastic network interface that Lambda created?

Remove unused versions for active Lambda functions and reuse Hyperplane elastic network interfaces

If your Lambda function configured with your Amazon VPC has multiple published versions, then it's a best practice to remove unused versions. Removing unused Lambda function versions helps to release unused Hyperplane elastic network interfaces.

If a Lambda function remains idle for consecutive weeks, then Lambda reclaims the unused Hyperplane elastic network interfaces and sets the function state to idle. Lambda doesn't delete Hyperplane elastic network interfaces that are in use by Lambda functions.

Lambda reuses the Hyperplane elastic network interface for other Amazon VPC activated functions in your account that use the same subnet and security group combination. Depending on your use case, you can try reusing the elastic network interfaces across functions by configuring the same security group subnet pairing.

For more information, see Creating elastic network interfaces.

Create Lambda functions across multiple Amazon VPCs

The limit of 250 Hyperplane elastic network interfaces is per Amazon VPC. Depending on your use case, you can create the Lambda functions across different Amazon VPCs so that the Hyperplane elastic network interface limit isn't reached.

Open a quota increase case in the Service Quotas dashboard

If you determine that your use case requires a higher service quota for Hyperplane elastic network interfaces, you can request a service quota increase.

1.    Open the Service Quotas dashboard.

2.    Choose the AWS Lambda card. The Lambda Service quotas page opens.

3.    Choose Elastic network interfaces per VPC, and then choose Request quota increase.

4.    For Change quota value, enter your quota amount, and then choose Request.

Note: The initial status of a request is Pending. After the status changes to Quota requested, the AWS Support case number appears.

5.    Choose the case number to open the ticket for your request.

6.    In the ticket's comment thread, add the description of your Lambda function's use case.

Note: You'll receive a status update email from AWS Support that either approves or denies the request.

For more information, see Requesting a quota increase.


Related information

How do I request a concurrency limit increase for my Lambda function?

AWS OFFICIAL
AWS OFFICIALUpdated a year ago