When launching an EC2 instance in the AWS Console I see the expected 'RunInstances' calls in CloudTrail, but I do not see 'CreateNetworkInterface' calls that EC2 makes to create the interfaces it attaches.
When I create a new network interface manually I do see the 'CreateNetworkInterface'. Other services like ELB, also record 'CreateNetworkInterface' entries. Lambda, Cognito, etc. Only EC2 instances do not. I can see the network interface it creates.
Does anyone know why these are not recorded and where I can get find this information via CloudTrail? This seems like a security gap.
