aws resource_error ai_generated true

Insufficient IP addresses in subnet: The subnet does not have enough free IP addresses to support the requested number of ENIs.

ID: aws/ec2-insufficient-ip-addresses

Also available as: JSON · Markdown · 中文
82%Fix Rate
86%Confidence
1Evidence
2023-09-12First Seen

Version Compatibility

VersionStatusIntroducedDeprecatedNotes
EC2 API 2016-11-15 active
AWS VPC CNI 1.12.0 active

Root Cause

The VPC subnet has exhausted its available IP address space, preventing new ENIs or EC2 instances from launching.

generic

中文

VPC 子网已耗尽可用 IP 地址空间,阻止了新的 ENI 或 EC2 实例启动。

Official Documentation

https://docs.aws.amazon.com/vpc/latest/userguide/subnet-sizing.html

Workarounds

  1. 80% success Release unused ENIs: list ENIs with `aws ec2 describe-network-interfaces --filters Name=subnet-id,Values=subnet-xxx` and delete unattached ones with `aws ec2 delete-network-interface --network-interface-id eni-xxx`. 
    Release unused ENIs: list ENIs with `aws ec2 describe-network-interfaces --filters Name=subnet-id,Values=subnet-xxx` and delete unattached ones with `aws ec2 delete-network-interface --network-interface-id eni-xxx`.
  2. 85% success Create additional subnets in the same VPC with a larger or additional CIDR block. Add a secondary CIDR to VPC: `aws ec2 associate-vpc-cidr-block --vpc-id vpc-xxx --cidr-block 10.0.2.0/24`. Then create new subnets from the new range. 
    Create additional subnets in the same VPC with a larger or additional CIDR block. Add a secondary CIDR to VPC: `aws ec2 associate-vpc-cidr-block --vpc-id vpc-xxx --cidr-block 10.0.2.0/24`. Then create new subnets from the new range.
  3. 70% success Reduce IP consumption: use smaller EC2 instance types that require fewer ENIs, or enable 'assign public IP' only when necessary to avoid extra private IP reservation. 
    Reduce IP consumption: use smaller EC2 instance types that require fewer ENIs, or enable 'assign public IP' only when necessary to avoid extra private IP reservation.

中文步骤

  1. 释放未使用的 ENI:使用 `aws ec2 describe-network-interfaces --filters Name=subnet-id,Values=subnet-xxx` 列出 ENI,并使用 `aws ec2 delete-network-interface --network-interface-id eni-xxx` 删除未附加的 ENI。
  2. 在同一个 VPC 中创建具有更大或额外 CIDR 块的新子网。向 VPC 添加辅助 CIDR:`aws ec2 associate-vpc-cidr-block --vpc-id vpc-xxx --cidr-block 10.0.2.0/24`。然后从新范围创建新子网。
  3. 减少 IP 消耗:使用需要较少 ENI 的较小 EC2 实例类型,或仅在必要时启用“分配公有 IP”,以避免额外的私有 IP 预留。

Dead Ends

Common approaches that don't work:

  1. Delete the subnet and recreate it with a larger CIDR 70% fail

    Deleting a subnet with running resources is impossible; you must first terminate all resources.

  2. Manually assign Elastic IPs to free up private IPs 95% fail

    Elastic IPs are public IPs and don't affect private IP address usage in subnets.

  3. Increase subnet size via AWS Console (no such option) 100% fail

    Subnet CIDR size is fixed at creation; it cannot be changed afterward.