2

I am new to AWS and,

Here's the drill: - Logged in to AWS with root admin credentials. - I created few security groups in AWS. - Terminated all the EC2 instances that I had. - Deleted ELB successfully. - Deleted RDS successfully. - Using default VPC and no Elastic IPs.

Now, when I am trying to delete security groups, one group says its being referenced by another. When I try to delete the referenced one, it says that the security group is being referenced by a Network Interface.

We get two options here- Associate with another group or Delete that Network Interface. Trying first makes no sense as I want to get rid of all the Security Groups except the default (Like it was in the beginning). Still I tried that option and got the error "You do not have permission to access the specified resource" and it did not let me associate that Network Interface (Status-In Use) with any Security Group. Tried deleting/detaching(force) that Network Interface and got an error message "You do not have permission to access the specified resource."

A similar issue can be found below without any known solution: https://forums.aws.amazon.com/thread.jspa?threadID=99189&start=0&tstart=0

Unresolved Stackoverflow link: issue in deleting VPC and network interface

I would really appreciate if someone hits me with a hammer of facts :)

Thanks, in advance!

Community
  • 1
  • 1
  • 1
    That AWS forums question has correct and accepted answer: contact AWS support and they will fix it. – Dusan Bajic Aug 16 '16 at 23:35
  • 1
    @DusanBajic Yes, support is a solution, but knowing from where the issue comes is better. That AWS forum doesn't show any accepted answer, just a ton of people complaining they have the same issue, and nobody answering them. – arvymetal May 31 '17 at 19:34
  • @arvymetal true! –  May 31 '17 at 19:35

2 Answers2

1

I had the same issue, after having removed load balancers, auto-scaling groups, the memcached cluster and so on, I couldn't delete the VPC.

I had the feeling that there was some vicious circle between two network interfaces that I couldn't detach or modify and the security group itself that I couldn't remove as long as it was attached to the interfaces.

I ran the aws elasticache describe-instances command (I saw a reference to elasticache in a network interface description) to see if it would show something I missed. And indeed, there was some redis cluster remaining, that I didn't see in the mess of the UI, which was some remnant of a long forgotten test. After having removed this cluster, I could delete the VPC.

So I'd say that kind of issue: unauthorized access, even for admins is mainly related to a component managed by AWS, and to the fact that the UI is far from friendly when it comes to know from where an error comes.

arvymetal
  • 2,787
  • 1
  • 30
  • 39
  • What I had observed is, if you delete it after some time, e.g after a day or two, it gets deleted. I didn't get much time to dive into the details but that's certainly very strange. –  May 31 '17 at 19:33
  • I also thought about waiting a few days, thinking that maybe some background process needs to do some cleaning on AWS side. But this issue happened to me 2 hours ago and I felt that if I postponed, things would remain like that for long... – arvymetal May 31 '17 at 19:44
  • Did we try AWS CLI? aws ec2 delete-security-group --group-name MySecurityGroup OR aws ec2 delete-security-group --group-id sg-903004f8 Ref: http://docs.aws.amazon.com/cli/latest/reference/ec2/delete-security-group.html –  May 31 '17 at 19:47
  • Now that it's solved for me, I couldn't say if it would have worked. Usually, given that the UI is built over the AWS API, I get the same errors when using the CLI. But maybe they would have been more explicit or less misleading. – arvymetal May 31 '17 at 20:56
0

https://forums.aws.amazon.com/thread.jspa?threadID=168376

It looks like sg-72bd411a does in fact reference itself. You'll need to go into it and remove the reference before you can delete it.

Eduardo Antunes
  • 1
  • 2