Baza-86
commented
10 months ago Possible Solutions:
- Use Config API and return deleted resources (will need to age these out of DDB)
- Capture creation/change events for resources in target accounts and forward to analysis account
Implement a means of capturing resource data for resources that have been deleted.
The underlying cause of #112 appears to be due to the fact that short lived network interfaces are created by certain services (e.g. Glue), and then removed after use.
As the analysis and Lambda functions don't run until the following day it is possible for an ENI in the flow logs to have been removed in between flow log ingestion, and the analysis being run.