Can't delete a RequesterManaged Network interface

Question

I did the [https://catalog.us-east-1.prod.workshops.aws/workshops/976050cc-0606-4b23-b49f-ca7b8ac4b153/en-US]( **Data Engineering Immersion Day**) session from **workshops.aws** by my own and when I wanted to clean up the resources after all, a couple of resources have not been deleted by the "Delete stack" function in CloudFormation.

Remaining resources are only these:  *IGW, ENI,PrivateSubnet,RouteTable,VPC*

Manual deletion of the network interface did not work due to: 
*Failed to detach the network interface. API error: "You do not have permission to access the specified resource."*

**What I've found is that there is a "RequesterId": "27xxxxx". I don't know how this had been created, because I have a different account number and I did not create such resources. Could the CloudFormation template have created such ? I can't delete the ENI, but I want to release the publicIP after all. 
How to delete it?**

`"NetworkInterfaces": [
        {
            "Association": {
                "IpOwnerId": "23xxxxx",
                "PublicIp": "3.230.216.167"
            },
            "Attachment": {
                "AttachTime": "2024-04-24T11:29:56+00:00",
                "AttachmentId": "eni-attach-061bad9b2a0e20bd3",
                "DeleteOnTermination": false,
                "InstanceOwnerId": "23xxxxx",
                "Status": "attached"
            },
            "Groups": [
                {
                    "GroupName": "dmslab-student-sgdefault-6ykSO9oeetTe",
                    "GroupId": "sg-0e4d09d04549c0606"
                }
            ],
             "NetworkInterfaceId": "eni-00ca9c577f535eaa6",
            "OwnerId": "43xxxxx",
             "RequesterId": "27xxxxx",
            "RequesterManaged": true,
            "Status": "in-use",
            "SubnetId": "subnet-09f49b4c49429eee7",
            "VpcId": "vpc-0173bc2edc5b71725"
        }
    ]`

Accepted Answer

Hello.

Are there any DMS replication instances or endpoints left?  
If the DMS resources remain, the ENI should also remain, so make sure that the DMS resources are deleted.

Looking at the workshop documentation, it appears that the DMS replication instance uses the corresponding security group.  
So that ENI could be that of a DMS replication instance.  
https://catalog.us-east-1.prod.workshops.aws/workshops/976050cc-0606-4b23-b49f-ca7b8ac4b153/en-US/400/401/430-main-lab

If there are any remaining DMS replication instances, please try deleting them using the steps in the document below.  
https://docs.aws.amazon.com/dms/latest/userguide/CHAP_ReplicationInstance.Deleting.html

Answer

Review CloudFormation Template: Go back to the CloudFormation template used to create the stack. Check if there are any configurations that might have caused the ENI to be created with a "RequesterId" from a different account. Look for any references to the specific ENI or the "RequesterId".

Check Stack Deletion Policy: Sometimes, CloudFormation can't delete resources due to dependencies or permissions issues. Review the deletion policy for the stack and ensure it's set to "Retain" or "Delete" for the ENI and other resources.

Before attempting to delete the ENI again, ensure that any resources associated with it, such as instances, security groups, or network interfaces, are terminated or detached. CloudFormation may fail to delete resources if they are still in use.

Release Public IP: Once the ENI is detached or deleted, you can release the associated public IP address. This can typically be done through the AWS Management Console or AWS CLI by navigating to the Elastic IPs section and releasing the IP address

Can't delete a RequesterManaged Network interface

관련 콘텐츠