I've been running around 17,000 AWS Batch jobs daily using Fargate (in awsvpc mode) and have been tracking the number of `AWS::EC2::NetworkInterface` events in AWS Config. I've noticed a huge fluctuation in the number of `ResourceDiscovered` and `ResourceDeleted` events, ranging from roughly 200 to 17,000 on different days, even though the job count stays pretty steady each day. Each job can run for up to 1.5 hours, meaning none cross over to the next day. I'm curious if Fargate actually reuses Elastic Network Interfaces (ENIs) between tasks, which could explain the varying event counts. But I couldn't find any official AWS sources confirming this behavior. Can anyone shed light on whether Fargate reuses ENIs and how that might work? Also, is there another reason why these ENI Config events could fluctuate so much regardless of the job count?
3 Answers
It's possible that some of your tasks are finishing so quickly on certain days that they might not even trigger the config event poller. Have you noticed any patterns on the days with fewer or more ENIs reported? Also, are you sure that all your Fargate tasks are actually running on those days, or could they be failing before they start? There could also be some API limits in play. It seems a bit far-fetched that Fargate would reuse ENIs due to security concerns, but it's worth considering.
From my experience, every task does get assigned a unique ENI id, which would count as a distinct resource from Config's view. So, even if there’s a chance of hardware reuse under the hood, each task's ENI being unique will still lead to events being logged separately.
To get to the bottom of this, you could check your CloudTrail logs for events like CreateNetworkInterface, AttachNetworkInterface, DetachNetworkInterface, and DeleteNetworkInterface. This way, you can track ENI IDs. Then look at ECS task events like RunTask and StartTask to see if there's any attribute showing the ENI ID. This should help clarify what's happening with your ENIs at a more detailed level.
Yeah, that might be a valid point, but I'd expect the job durations to stay pretty consistent.