0

I created stack with nested stacks, there is some network interfaces, VPC etc. I try to remove network interface but I can't because I'm getting an error

Error detaching network interface
eni-0d3be6d4c7869686a: You are not allowed to manage 'ela-attach' attachments.

Do you have any ideas how to force remove?

Kubaszek
  • 113
  • 2
  • 6

2 Answers2

3

I had the same issue with multiple CF Stacks. Stacks fail deleting when there are AWS constructs in use attach to the VPC. One approach that worked for me was to use the following script to find the dependancies and then delete them manually before deleting the VPC. (Delete all dependancies that come out of the script manually, and try deleting Network Interfaces at last). Once done, Then tried deleting the CF stacks from the mgmt console, which worked without any issue.

Let us know if this worked.

#!/bin/bash
vpc="vpc-xxxxxxxxxxxxx" 
aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc | grep InternetGatewayId
aws ec2 describe-subnets --filters 'Name=vpc-id,Values='$vpc | grep SubnetId
aws ec2 describe-route-tables --filters 'Name=vpc-id,Values='$vpc | grep RouteTableId
aws ec2 describe-network-acls --filters 'Name=vpc-id,Values='$vpc | grep NetworkAclId
aws ec2 describe-vpc-peering-connections --filters 'Name=requester-vpc-info.vpc-id,Values='$vpc | grep VpcPeeringConnectionId
aws ec2 describe-vpc-endpoints --filters 'Name=vpc-id,Values='$vpc | grep VpcEndpointId
aws ec2 describe-nat-gateways --filter 'Name=vpc-id,Values='$vpc | grep NatGatewayId
aws ec2 describe-security-groups --filters 'Name=vpc-id,Values='$vpc | grep GroupId
aws ec2 describe-instances --filters 'Name=vpc-id,Values='$vpc | grep InstanceId
aws ec2 describe-vpn-connections --filters 'Name=vpc-id,Values='$vpc | grep VpnConnectionId
aws ec2 describe-vpn-gateways --filters 'Name=attachment.vpc-id,Values='$vpc | grep VpnGatewayId
aws ec2 describe-network-interfaces --filters 'Name=vpc-id,Values='$vpc | grep NetworkInterfaceId

Reference : https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-dependency-error-delete-vpc/

Zoe
  • 27,060
  • 21
  • 118
  • 148
Dhammika
  • 441
  • 4
  • 10
  • This script greps what it expects is json output. In my case I was getting text output for some reason so the grep returned empty. Adding --output json to each aws call allowed grep to return the ids. – Frank Rubino Apr 21 '23 at 20:52
0

Find the resource that the ENI is attached to. It could be a Lambda function or ELB, for example. Was that resource created outside of your CloudFormation stack? If so, you'll need to delete that resource. If it was created within the CloudFormation stack, then you might just need to wait and retry (e.g. if a warm Lambda function was holding on to the ENI).

Steps are described in more detail here. Other ideas here.

jarmod
  • 71,565
  • 16
  • 115
  • 122