How can I detach or delete an elastic network interface in my Amazon VPC?

Last updated: 2019-07-26

I'm trying to detach or delete an elastic network interface in my Amazon Virtual Private Cloud (Amazon VPC). However, I'm getting an error. How can I detach or delete an elastic network interface in my VPC?

Short Description

Elastic network interfaces in an Amazon VPC can be detached or deleted. However, you might receive errors if your interface is attached to resources managed by other AWS services (such as Elastic Load Balancing or AWS Lambda). These errors might read:

  • "Error detaching network interface. eni-xxxxxxxx: You are not allowed to manage 'ela-attach' attachments."
  • "Network interface 'eni-xxxxxxxx' is currently in use."

Follow the troubleshooting steps below to resolve these errors.

Resolution

Using the AWS console

1.    Open the Amazon EC2 console.

2.    In the navigation pane, choose Network Interfaces.

3.    Search for the ENI ID of the elastic network interface you're detaching or deleting.

4.    Select the elastic network interface and choose the Details tab.

5.    Review the Description to find which resource the elastic network interface is attached to.

6.    If you're no longer using the corresponding AWS service, delete the service. The elastic network interface is automatically removed from your VPC.

Using the AWS CLI

1.    Run the following command to get a list of all network interfaces in your Amazon VPC:

aws ec2 describe-network-interfaces --filters Name=vpc-id,Values=vpc-d15917b6 --query "NetworkInterfaces[*].[NetworkInterfaceId,Description,VpcId,PrivateIpAddress]" --output table

Output:

------------------------------------------------------------------------------------------------------------------------------------------
|                                                        DescribeNetworkInterfaces                                                       |
+-----------------------+---------------------------------------------------------------------------------+---------------+--------------+
|  eni-0fa6a7ec0e1c1239a|  ClientVPN Endpoint resource. EndpointId: cvpn-endpoint-0f451aa2d7ffdd7f2       |  vpc-d15917b6 |  10.0.0.58   |
|  eni-0d498daa2117b4907|  ClientVPN Endpoint resource. EndpointId: cvpn-endpoint-0f451aa2d7ffdd7f2       |  vpc-d15917b6 |  10.0.0.198  |
|  eni-04d5f703186c649fb|  VPC Endpoint Interface vpce-001a91b49230779f2                                  |  vpc-d15917b6 |  10.0.2.233  |
|  eni-0301ca79f9e8b8d84|  Network Interface for Transit Gateway Attachment tgw-attach-0d1005cd905bb73d2  |  vpc-d15917b6 |  10.0.2.38   |
|  eni-0c224db3d1404bb23|  VPC Endpoint Interface vpce-0e9e758afacdb1e88                                  |  vpc-d15917b6 |  10.0.2.82   |
+-----------------------+---------------------------------------------------------------------------------+---------------+--------------+

2.    Find the resource that the elastic network interface is attached to.

Note: In the example above, the resource is the ClientVPN Endpoint for eni-0fa6a7ec0e1c1239a.

3.    If you're no longer using the corresponding AWS service, delete the service. The elastic network interface is automatically removed from your VPC.