26

I want to delete one of my VPC but when i was trying to delete, this error appeared.

We could not delete the following VPC (vpc-8737bde2 (10.100.0.0/16) | Khoi-VPC) The vpc 'vpc-8737bde2' has dependencies and cannot be deleted. (Service: AmazonEC2; Status Code: 400; Error Code: DependencyViolation; Request ID: e115d5ca-dd34-4cbb-a439-541b0dc225da)

OK, i checked the Security group and found one group with the description that has the name of my VPC so i thought that was the problem. But this time the error appears again.

We could not delete the following security group (sg-a43c0dc1)

the specified group: "sg-a43c0dc1" name: "default" cannot be deleted by a user (Service: AmazonEC2; Status Code: 400; Error Code: CannotDelete; Request ID: b21c425c-25c7-46e7-baeb-9610710afeca)

I dont know how to delete my VPC, has anyone have any idea?

BMW
  • 42,880
  • 12
  • 99
  • 116
The One
  • 2,261
  • 6
  • 22
  • 38
  • I suspect it's something other than that particular security group, which is documented as being something you can't delete: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html#DefaultSecurityGroup – Michael - sqlbot Dec 17 '15 at 11:18
  • is this the default VPC? – Mircea Dec 17 '15 at 17:16
  • This is not the default VPC, and i checked all the things i can but didn't find anything. – The One Dec 18 '15 at 00:55

6 Answers6

18

Most AWS apps that make use of the VPC, don't show its usage under VPC console. (update) Although AWS console say it will detach the resources, you need to check specific VPC resources used by other AWS services.

Here is some :

  1. EC2 instances: Network interface , Security Groups and subnet for any EC2 instance attach to the VPC-subnets. You may choose to

    • TERMINATE(delete) the EC2 instance, or
    • Launch the instance into a "dummy VPC" or public subnet

  2. RDS: DB Security Groups and subnet When create RDS and attach to VPC, you must create a DB Subnet group attach to that VPC. Even you delete the RDS, the DB subnet group(s) stay. So you need to go to the console and delete the DB subnet group(or use aws cli to remove it)

  3. Any other AWS services that make use of VPC

    • Just back track all the services that make use of VPC-id, VPC-Subnet-ID, Security Groups, etc.

(Updated after tested @TheOne pointed out VPC endpoint )
4. VPC endpoint

Things inside VPC that you don't need to worry about when delete VPC

  • Virtual Private Gateways (the console will detach VPG from VPC )
  • VPN Attachments
  • Internet Gateways
  • Route Tables
Scott Stensland
  • 26,870
  • 12
  • 93
  • 104
mootmoot
  • 12,845
  • 5
  • 47
  • 44
  • This is strange. It seems AWS will detach VPC Endpoint from the VPC id that you want to delete. Unless you talking about EC2 endpoint – mootmoot Mar 07 '16 at 19:29
  • I'm sure it's VPC endpoint. I didn't notice the VPC Endpoint until the AWS supporter told me about that. – The One Mar 08 '16 at 01:09
  • Oh, it seems I mixed up and confuse about VPG detachment and VPC endpoint. Yes, you need to delete VPC endpoint, I just confirm it with my vpc creation script :-D TQVM – mootmoot Mar 08 '16 at 10:08
12

Before you can delete a VPC, you must terminate any instances that are running in the VPC.

If you delete a VPC using the VPC console, it also deletes resources that are associated with the VPC, such as subnets, security groups, network ACLs, DHCP options sets, route tables, and Internet gateways. But it will not clean the ec2 instances in it automatically

So there is no request to manually delete security groups.

To terminate your instance, release your Elastic IP address, and delete your VPC

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Instances.

  3. Select your instance, choose Actions, then Instance State, and then select Terminate.

  4. In the dialog box, expand the Release attached Elastic IPs section, and select the check box next to the Elastic IP address. Choose Yes, Terminate.

  5. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  6. In the navigation pane, choose Your VPCs.

  7. Select the VPC, choose Actions, and then choose Delete VPC.

  8. When prompted for confirmation, choose Yes, Delete.

refer:

Clean Up VPC

BMW
  • 42,880
  • 12
  • 99
  • 116
  • I'm sure that there is no running instance related to my VPC. I created 2 VPC and now I'm just using the second VPC, all the instances related to the first VPC that I want to delete was completely deleted. So i dont know how to do next. – The One Dec 17 '15 at 02:33
  • 1
    What about NAT Gateways? You have to delete those yourself, too. I've confirmed this by creating a VPC containing a NAT Gateway (not a NAT Instance), and running no EC2 Instances. Same error as in the original post. Delete the NAT Gateway, error goes away and VPC deletes properly. – sheldonh Jan 28 '16 at 13:43
  • Thanks for the updates. When I answered, NAT gateway was still not on the market. – BMW Jan 28 '16 at 22:10
  • @sheldonh Turns out it was related to VPC Endpoint. I forgot to delete that. :D – The One Mar 07 '16 at 01:40
1

From the AWS documentation:

You can delete your VPC at any time. However, you must terminate all instances in the VPC, and delete any VPC peering connections first. When you delete a VPC using the VPC console, we delete all its components, such as subnets, security groups, network ACLs, route tables, internet gateways, and DHCP options.

However, from the documentation for the delete-vpc command:

You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on.

Thus, there is different behavior deleting a VPC using the console vs. using the AWS CLI.

If you are deleting the VPC using the console you only need to terminate/delete the following first:

  • EC2 instances in the VPC.

  • RDS instances in the VPC.

  • VPC peering connections

If you are deleting the VPC using the CLI you additionally need to detach/delete other dependent resources:

  • Subnets

  • Security Groups (except the default)

  • Route Tables (except the default)

  • RDS Security Group

  • Internet Gateways

  • NAT Gateways

  • VPC Endpoints

  • etc.

Many of these resources can be found in the AWS console by searching in the appropriate section for that resource type using the VPC ID, the associated subnet IDs, or the associated security group IDs.

James Fitzgerald
  • 11
  • 1
1

I just want to add Elastic File System to the deletion checklist, which was my case.

mvitor
  • 37
  • 8
0

In Some Cases, you should check the load balancer. So when you delete that load balancer, You can do these deletions.

To delete VPC Maybe we have 2 situations:

  1. VPC with subnets and gateway, but we got have load balancing, so for this, we should follow these things:

    1. delete gateway and subnets
    2. delete VPC

  2. VPC with subnets, gateway, and load balancer, for deleting this we should follow this thing:

    1. delete a load balancer(based on VPC ID)
    2. delete gateway and subnets,
    3. delete VPC
Ali Naghipour
  • 13
  • 4
0

Late but Helpful. Under console: In the navigation pane, under Network Interfaces, search for the VPC ID of the Amazon VPC that you're deleting.

For me it was : AWS created network interface for directory d-90674e92c9.

so the d-**** was pointing to service directory, i deleted the instance there and i could delete my network interface, my VPC.

Sid Ali
  • 1,779
  • 4
  • 17
  • 38