AWS

LambdaENILimitReachedException - Lambda ENI Limit Reached

Hitting a **LambdaENILimitReachedException** means your AWS account has reached the maximum number of Elastic Network Interfaces (ENIs) that can be created in the region—this happens when too many Lambda functions are configured to use VPCs, and each concurrent execution creates an ENI. This client-side error (4xx) happens when AWS enforces ENI limits. Most common when too many Lambda functions use VPCs, but also appears when concurrent executions create too many ENIs, ENIs aren't cleaned up properly, or account-level ENI limits are reached.

#Common Causes

  • Identity: IAM policy allows Lambda VPC but ENI limit reached. Service Control Policy (SCP) enforces ENI limits.
  • Network: VPC endpoint ENI restrictions. Regional ENI capacity limits.
  • Limits: Too many Lambda functions in VPC. ENI limit per region exceeded (default: 250-350 per region). Concurrent executions creating too many ENIs. ENIs not being cleaned up properly. Account-level ENI limit reached.

Solutions

  1. 1Step 1: Diagnose - Check current ENI count: aws ec2 describe-network-interfaces --filters "Name=description,Values=*Lambda*" --query 'length(NetworkInterfaces)' --output text. Compare with account limit.
  2. 2Step 2: Diagnose - List Lambda functions using VPC: aws lambda list-functions --query 'Functions[?VpcConfig.VpcId!=null].[FunctionName,VpcConfig.VpcId]' --output table. Count how many functions use VPC.
  3. 3Step 3: Diagnose - Check ENI limits: aws service-quotas get-service-quota --service-code ec2 --quota-code L-0263D0A3 --query 'Quota.Value' --output text. Verify current limit.
  4. 4Step 4: Fix - Request ENI limit increase: aws service-quotas request-service-quota-increase --service-code ec2 --quota-code L-0263D0A3 --desired-value 500. Or reduce Lambda functions in VPC.
  5. 5Step 5: Fix - Optimize Lambda VPC usage: Remove VPC configuration from non-critical functions: aws lambda update-function-configuration --function-name FUNCTION_NAME --vpc-config SubnetIds=[],SecurityGroupIds=[]. Use VPC endpoints instead of NAT Gateway. Optimize Lambda concurrency settings.

</>Code Examples

Check Current ENI Count and Lambda Functions in VPC
1#!/bin/bash
2echo "=== Current ENI Count (Lambda) ==="
3ENI_COUNT=$(aws ec2 describe-network-interfaces \
4  --filters "Name=description,Values=*Lambda*" \
5  --query 'length(NetworkInterfaces)' \
6  --output text)
7
8echo "Lambda ENIs: ${ENI_COUNT}"
9
10# Check ENI limit
11echo "\n=== ENI Limit ==="
12ENI_LIMIT=$(aws service-quotas get-service-quota \
13  --service-code ec2 \
14  --quota-code L-0263D0A3 \
15  --query 'Quota.Value' \
16  --output text 2>/dev/null || echo "250")
17
18echo "ENI limit: ${ENI_LIMIT}"
19echo "Usage: ${ENI_COUNT} / ${ENI_LIMIT}"
20
21if [ ${ENI_COUNT} -ge ${ENI_LIMIT} ]; then
22  echo "✗ ENI limit reached (LambdaENILimitReachedException)"
23else
24  echo "✓ ENI usage within limit"
25fi
26
27# List Lambda functions using VPC
28echo "\n=== Lambda Functions Using VPC ==="
29aws lambda list-functions \
30  --query 'Functions[?VpcConfig.VpcId!=null].[FunctionName,VpcConfig.VpcId]' \
31  --output table
Request ENI Limit Increase
1#!/bin/bash
2echo "=== Requesting ENI Limit Increase ==="
3DESIRED_VALUE=500
4
5echo "Current limit: Check with aws service-quotas get-service-quota"
6echo "Desired limit: ${DESIRED_VALUE}"
7
8aws service-quotas request-service-quota-increase \
9  --service-code ec2 \
10  --quota-code L-0263D0A3 \
11  --desired-value ${DESIRED_VALUE} \
12  --output json
13
14if [ $? -eq 0 ]; then
15  echo "\n✓ Limit increase requested"
16  echo "Check status: aws service-quotas get-requested-service-quota-change"
17  echo "Note: AWS Support may need to approve the request"
18else
19  echo "\n✗ Failed to request limit increase"
20  echo "Check IAM permissions or contact AWS Support"
21fi
Remove VPC Configuration from Non-Critical Lambda Functions
1#!/bin/bash
2FUNCTION_NAME="my-function"
3
4echo "=== Removing VPC Configuration ==="
5echo "Function: ${FUNCTION_NAME}"
6
7# Remove VPC configuration (empty subnets and security groups)
8aws lambda update-function-configuration \
9  --function-name ${FUNCTION_NAME} \
10  --vpc-config SubnetIds=[],SecurityGroupIds=[] \
11  --output json
12
13if [ $? -eq 0 ]; then
14  echo "\n✓ VPC configuration removed"
15  echo "Function will no longer create ENIs"
16  echo "\n=== Verify ==="
17  aws lambda get-function-configuration \
18    --function-name ${FUNCTION_NAME} \
19    --query 'VpcConfig' \
20    --output json
21else
22  echo "\n✗ Failed to remove VPC configuration"
23  echo "Check function exists and IAM permissions"
24fi

Related Errors

ServiceQuotaExceededExceptionLimitExceededException

Provider Information

This error code is specific to AWS services. For more information, refer to the official AWS documentation.

LambdaENILimitReachedException - Lambda ENI Limit Reached | AWS Error Reference | Error Code Reference