AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Unused Elastic Network Interfaces Should Be Removed
More Info:
Unused AWS Elastic Network Interfaces (ENIs) should be removed to follow best practices.
Risk Level
Informational
Address
Cost optimization, Operational Maturity
Compliance Standards
AWSWAF, HITRUST, SOC2, NISTCSF
Triage and Remediation
Remediation
To remediate the unused Elastic Network Interfaces in AWS, you can follow the below steps using AWS console:
- Login to AWS console and navigate to the EC2 dashboard.
- Click on the “Network Interfaces” option from the left-hand menu.
- Sort the list of network interfaces by the “Status” column, and identify the interfaces that have a status of “available” or “detached”. These are the unused interfaces.
- Select the unused network interfaces that you want to remove.
- Click on the “Actions” dropdown menu and select “Delete network interface”.
- A confirmation message will appear. Click on “Yes, Delete” to confirm the deletion of the selected network interfaces.
Once the unused network interfaces are deleted, you have successfully remediated the misconfiguration.
To remediate the misconfiguration of unused Elastic Network Interfaces in AWS, you can follow the below steps using AWS CLI:
- First, you need to identify the unused Elastic Network Interfaces (ENIs). To do this, run the following command:
aws ec2 describe-network-interfaces --filters Name=status,Values=available
This command will list all the available ENIs that are not currently attached to any EC2 instances.
- Once you have identified the unused ENIs, you can delete them using the following command:
aws ec2 delete-network-interface --network-interface-id <eni-id>
Replace <eni-id> with the ID of the unused ENI that you want to delete. You can run this command for each unused ENI that you identified in step 1.
- Finally, to confirm that the unused ENIs have been deleted, you can run the following command:
aws ec2 describe-network-interfaces --filters Name=status,Values=available
This command should return an empty list, indicating that there are no more available ENIs that are not currently attached to any EC2 instances.
To remediate the misconfiguration of unused Elastic Network Interfaces in AWS using Python, you can use the Boto3 library which is the AWS SDK for Python. Here are the steps to remediate the misconfiguration:
- Import the necessary libraries:
import boto3
import logging
- Set up logging to capture any errors:
logger = logging.getLogger()
logger.setLevel(logging.INFO)
- Create an EC2 client using Boto3:
ec2 = boto3.client('ec2')
- Use the
describe_network_interfacesmethod to get a list of all the network interfaces in your account:
response = ec2.describe_network_interfaces()
- Loop through the response to find all the unused network interfaces and delete them:
for network_interface in response['NetworkInterfaces']:
if not network_interface['Attachment']:
logger.info(f"Deleting unused network interface {network_interface['NetworkInterfaceId']}")
ec2.delete_network_interface(NetworkInterfaceId=network_interface['NetworkInterfaceId'])
- Run the script and it will delete all the unused network interfaces in your AWS account.
Note: Please make sure to test this script in a non-production environment before running it in a production environment.