Why can't I terminate my EC2 instance?

3 minute read
0

I want to terminate my Amazon Elastic Compute Cloud (Amazon EC2) instance.

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Your Amazon EC2 instance might not terminate for the following reasons.

Stop protection is turned on for the instance

You can't terminate an EC2 instance when stop protection is turned on. To check whether stop protection is turned on and to turn it off, you can use either the AWS CLI or the Amazon EC2 console.

Use the AWS CLI

To check whether an EC2 instance has stop protection turned on, run the following describe-instance-attribute command:

aws ec2 describe-instance-attribute --instance-id i-1234567890 --attribute disableApiStop

If the output returns true, then stop protection is turned on for the instance.

To turn off stop protection so that you can terminate the instance, run the following modify-instance-attribute command:

aws ec2 modify-instance-attribute --instance-id i-1234567890 --no-disable-api-stop

Use the Amazon EC2 console

To check the stop protection status from the Amazon EC2 console, complete the following steps:

  1. Open the Amazon EC2 console.
  2. Choose Actions.
  3. Choose Instance settings.
  4. Choose Change stop protection.

If Enable is selected, then clear the check box to turn off stop protection.

Termination protection is turned on for the instance

You can't terminate an EC2 instance when termination protection is turned on. To check whether termination protection is turned on and to turn it off, you can use either the AWS CLI or the Amazon EC2 console.

Use the AWS CLI

To check whether an EC2 instance has termination protection turned on, run the following describe-instance-attribute command:

aws ec2 describe-instance-attribute --instance-id i-1234567890 --attribute disableApiTermination

If the output returns true, then termination protection is turned on for the instance.

To turn off termination protection so that you can terminate the instance, run the following modify-instance-attribute command:

aws ec2 modify-instance-attribute --instance-id i-1234567890 --no-disable-api-termination

Use the Amazon EC2 console

To check the termination protection status from the Amazon EC2 console, complete the following steps:

  1. Open the Amazon EC2 console.
  2. Choose Actions.
  3. Choose Instance settings.
  4. Choose Change termination protection.

If termination protection is turned on, then choose Yes, Disable, and then choose Save to turn off termination protection.

The IAM policy that's attached to your IAM entity doesn't include the permission to terminate the instance

To terminate an instance, your AWS Identity and Access Management (IAM) entity's IAM policy must explicitly allow the TerminateInstances API action.

Example policy:

{  
    "Version": "2012-10-17",  
    "Statement": [  
        {  
            "Effect": "Allow",  
            "Action": "ec2:TerminateInstances",  
            "Resource": [  
                "arn:aws:ec2:us-west-2:123456789012:instance/i-0abcd1234efgh5678",  
                "arn:aws:ec2:us-west-2:123456789012:instance/i-1wxyz9876lmno4321"  
            ]  
        }  
    ]  
}

If the AmazonEC2FullAccess or AdministratorAccess AWS managed policy is attached to your IAM entity, then the entity has permission for the TerminateInstances action. If AmazonEC2FullAccess or AdministratorAccess isn't attached to your IAM entity, then you must edit your customer managed policy to allow the TerminateInstances action. Or, create a customer managed policy that allows the TerminateInstances action.

The instance is part of an Auto Scaling group

When you terminate an instance that's a part of an Auto Scaling group, the Auto Scaling group might launch a replacement instance. The replacement instance allows the Auto Scaling group to maintain the expected instance count. To terminate the instance and adjust the Auto scaling group size, run the terminate-instance-in-auto-scaling-group command in the AWS CLI.

Related information

Terminate Amazon EC2 instances

AWS OFFICIAL
AWS OFFICIALUpdated 3 months ago