Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I resolve a dependency error I receive when I try to delete my VPC?

5 minute read
1

I want to resolve a dependency error I receive when I try to delete my VPC in Amazon Virtual Private Cloud (Amazon VPC).

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

If you receive a dependency error when you delete your VPC, then delete the VPC's associated and dependent resources and then, delete the VPC. You can use use the Amazon VPC console or the AWS CLI to delete your VPC's dependent resources.

Before you delete a VPC, you must delete all its components. Components that you must delete include subnets, security groups, network access control lists (network ACLs), route tables, internet gateways, and DHCP options.

Use the AWS CLI to resolve a "DependencyViolation" error

If you receive the following error when you delete your Amazon VPC, then you must manually delete your VPC's components:

"An error occurred (DependencyViolation) when calling the DeleteVpc operation: The vpc 'vpc-id' has dependencies and cannot be deleted."

To resolve this error, complete the following steps:

  1. Run the following script to find your VPC's dependencies: 
    #!/bin/bash  
vpc="vpc-#############"   
region="yy-yyyy-y"   
aws ec2 describe-internet-gateways --region example-region --filters 'Name=attachment.vpc-id,Values='example-vpc-id'' | grep InternetGatewayId  
aws ec2 describe-egress-only-internet-gateways --region example-region --filters 'Name=attachment.vpc-id,Values='example-vpc-id'' | grep EgressOnlyInternetGatewayId  
aws vpc-lattice list-service-network-vpc-associations --region example-region --vpc-id example-vpc-id | grep serviceNetworkId  
aws ec2 describe-transit-gateway-vpc-attachments --region example-region --filters 'Name=vpc-id,Values='example-vpc-id'' | grep TransitGatewayAttachmentId  
aws ec2 describe-subnets --region example-region --filters 'Name=vpc-id,Values='example-vpc-id'' | grep SubnetId  
aws ec2 describe-route-tables --region example-region --filters 'Name=vpc-id,Values='example-vpc-id'' | grep RouteTableId  
aws ec2 describe-network-acls --region example-region --filters 'Name=vpc-id,Values='example-vpc-id'' | grep NetworkAclId  
aws ec2 describe-vpc-peering-connections --region example-region --filters 'Name=accepter-vpc-info.vpc-id,Values='example-vpc-id'' | grep VpcPeeringConnectionId  
aws ec2 describe-vpc-peering-connections --region example-region --filters 'Name=requester-vpc-info.vpc-id,Values='example-vpc-id'' | grep VpcPeeringConnectionId  
aws ec2 describe-vpc-endpoints --region example-region --filters 'Name=vpc-id,Values='example-vpc-id'' | grep VpcEndpointId  
aws ec2 describe-nat-gateways --region example-region --filter 'Name=vpc-id,Values='example-vpc-id'' | grep NatGatewayId  
aws ec2 describe-security-groups --region example-region --filters 'Name=vpc-id,Values='example-vpc-id'' | grep GroupId  
aws ec2 describe-instances --region example-region --filters 'Name=vpc-id,Values='example-vpc-id'' | grep InstanceId  
aws ec2 describe-network-interfaces --region example-region --filters 'Name=vpc-id,Values='example-vpc-id'' | grep NetworkInterfaceId  
aws ec2 describe-vpn-gateways --region example-region --filters 'Name=attachment.vpc-id,Values='example-vpc-id'' | grep VpnGatewayId  
aws ec2 describe-carrier-gateways --region example-region --filters 'Name=vpc-id,Values='example-vpc-id'' | grep CarrierGatewayId  
aws ec2 describe-local-gateway-route-table-vpc-associations --region example-region --filters 'Name=vpc-id,Values='example-vpc-id'' | grep LocalGatewayRouteTableVpcAssociationId
    Note: Replace example-vpc-id with your VPC's ID. Replace example-region with your AWS Region. Use credentials with the necessary permissions to run the necessary API calls.
  2. Delete any dependencies that you identified in the output of step 1.
  3. Delete your VPC.
    Important: You must first delete your VPC's dependent resources manually before you use the AWS CLI to delete your VPC.

Resolve Dependency errors in the Amazon VPC Console

Use the Amazon VPC console to manually remove your VPC's components, based on the error that you receive:

Note: When you delete a VPC through the Amazon VPC console, Amazon VPC automatically removes subnets, and internet gateways.

"VPC contains one or more instances, and cannot be deleted until those instances have been terminated."

To resolve this error, terminate the Amazon Elastic Compute Cloud (Amazon EC2) instances on your VPC.

"VPC contains one or more in-use network interfaces, and cannot be deleted until those network interfaces have been deleted."

To resolve this error, delete the network interfaces on your VPC.

"An error occurred (InvalidParameterValue) when calling the DeleteNetworkInterface operation: Network interface 'eni-aabbccdd' is currently in use."

To resolve this error, complete the following steps:

  1. Open the Amazon EC2 console.
  2. Select the Region that the VPC is in.
  3. In the navigation pane, under Network Interfaces, search for the VPC ID of the VPC that you want to delete.
  4. Select the network interface and choose the Details tab.
  5. Review the Description to see the resources that the network interface is attached to.
  6. Delete the AWS service that created the network interfaces.
    Note: If the network interface is a primary interface, then when you delete the instance, the resources are also deleted.

"VPC has one or more attached NAT gateways or virtual private gateways, and cannot be deleted until they are detached or deleted."

To resolve this error, delete your VPC's NAT gateways and virtual private gateways. For more information, see Delete an AWS Site-to-Site VPN connection and gateway.

"The VPC is peered as a requester/accepter with at least one other VPC through peering connections."

To resolve this error, delete your VPC's peering connections.

Other dependency errors

If you encounter other dependency errors, then complete the following steps:

  1. Open the Amazon VPC console.
  2. In the navigation pane, choose Carrier Gateways.
  3. Select the carrier gateway, choose Actions, and then choose Delete carrier gateway.
  4. In the Delete carrier gateway dialog box, enter Delete, and then choose Delete.
  5. Open the AWS Outposts console.
  6. In the navigation pane, choose Local gateway route tables.
  7. Select the route table.
  8. Choose Actions and then choose View details.
  9. In VPC associations, select the VPC to disassociate, and then choose Disassociate.

Related information

Why can't I detach or delete an elastic network interface that Lambda created?

How can I delete my VPC that is shared with another AWS account?

Why can't I delete my requester-managed VPC endpoint?

Topics
Networking & Content Delivery
Tags
Amazon VPC
Language
English

Related videos

Watch Napoleone’s video to learn more (3:31)
Watch Napoleone’s video to learn more (3:31)
AWS OFFICIALUpdated 7 months ago
3 Comments

In above script, below aws cli command is incorrect

aws --profile prod ec2 describe-vpn-connections --region $region --filters 'Name=vpc-id,Values='$vpc | grep VpnConnectionId

API call DescribeVPNConnections does not have filter vpc-id

https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpn-connections.html

Correct AWS CLI command should be:

aws --profile prod ec2 describe-vpn-connections --region $region --filters 'Name=vpn-gateway-id,Values='vgw-xxxxx
replied 3 years ago

Thanks for the script.

Please also include one more line in the script to list peering connections where the VPC is the accepter, like this: aws ec2 describe-vpc-peering-connections --region $region --filters 'Name=accepter-vpc-info.vpc-id,Values='$vpc | grep VpcPeeringConnectionId

replied 2 years ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

AWS
EXPERT
replied 2 years ago

Relevant content