从子网手动分离ENI后,VPC中的Lambda不会创建新的ENI [英] Lambda in VPC won't create new ENI after an ENI has been manually detached from subnet
问题描述
我遇到了一个问题,一旦从该子网中分离并删除了ENI,Lambda函数就无法在VPC子网中创建新的ENI.我已经在两个不同的VPC和多个子网上复制了此内容.
I have run into a problem where my Lambda functions can no longer create new ENI's in a VPC subnet once an ENI has been detached and deleted from that subnet. I have reproduced this on two different VPC's and multiple subnets.
以下是我用来重现此内容的步骤:
Here are the steps I used to reproduce this:
- 创建Lambda函数并将其与VPC和子网关联.
- 执行Lambda函数,这将使其在子网中创建新的ENI.该功能可以访问VPC中的RDS数据库.
- 从子网中手动分离并删除ENI.
- 再次执行Lambda函数.不会创建任何ENI. Lambda函数无法访问RDS数据库.
我在两个VPC的多个子网中重复了这些步骤,现在Lambda函数无法在这些子网中的任何一个中创建新的ENI.
I repeated these steps across multiple subnets in two VPC's and a now Lambda functions are unable to create new ENI's in any of those subnets.
似乎VPC子网永远无法通过Lambda函数创建新的ENI,但是让事情待了一整夜后,我今天早上再次运行了该函数,并且它能够创建ENI. AWS必须具有自动清理流程.即便如此,我还是测试了分离和删除操作,回到Lambda函数不会创建新ENI的状态.
It seemed like the VPC subnet was permanently unable to have new ENI's created by Lambda functions but after letting things sit overnight I ran the function again this morning and it was able to create an ENI. AWS must have an automated process that cleaned something up. Even so, I tested detaching and deleting again and I'm back in the state where the Lambda function won't create a new ENI.
不知道这是怎么回事.分离ENI时,我没有选择强制分离".我在做什么错了?
Not sure what is going on here. I'm not selecting 'Force Detach' when detaching the ENI. What am I doing wrong?
推荐答案
从我今天下午完成的研究来看,这似乎是对VPC中运行的Lambda函数的限制,并且已经使用了一年多.删除Lambda函数后,清理ENI会有六个小时的延迟.我手动分离和删除ENI使情况变得更糟,因为似乎ENI直到六个小时的延迟才真正被删除.手动删除似乎使ENI处于某种孤立状态,从而阻止了在AWS清理旧的ENI之前在该子网中创建新的ENI.
From the research I have done this afternoon it appears this is a limitation of Lambda functions running in a VPC and has been for over a year. There is a six hour delay in the clean up of ENI's after a Lambda function has been deleted. My manual detachment and deletion of the ENI made things worse because it seems the ENI isn't really removed until after the six hour delay. The manual deletion seems to put the ENI in some sort of orphaned state that prevents new ENI's from being created in that subnet until after AWS has cleaned up the old one.
https://www.reddit.com/r/aws/comments/4fncrl/dangling_enis_after_deleting_an_invpc_lambda_with/
https://github.com/hashicorp/terraform/issues/5767
因此,目前看来,强制清除的唯一解决方案是删除ENI和它所在的子网.:-/
So it seems currently the only solution to forcing clean up is to delete the ENI and the subnet it was in. :-/
我让我的无服务器删除命令运行了很长时间(我没有手动删除ENI来加快速度),它最终完成了,但是花了40分钟. ENI被抛在后面,但其他所有内容都被清理了.我想象六个小时之内ENI就会消失.
I let my serverless remove command run for a long time (without me speeding things along by manually deleting the ENI) and it did eventually finish but it took 40 minutes. The ENI was left behind but everything else was cleaned up. I imagine in six hours that ENI will disappear.
这篇关于从子网手动分离ENI后,VPC中的Lambda不会创建新的ENI的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
