Cannot delete ENI attached to destroyed EKS

Question

Hello. via terraform I've created a stack with EKS. On EKS I did setup aws-load-balancer-ingress-conotroller and traefik.

Before to destroy everything via terraform I didn't delete the 2 pods for my alb and traefik service.

Doing so I'm not able to delete the eni created by these process.

I'm root in my account and I run also the following command

```
aws ec2 detach-network-interface --attachment-id eni-attach-xxxxxxxx --force

An error occurred (AuthFailure) when calling the DetachNetworkInterface operation: You do not have permission to access the specified resource.
```
Also I've a basic account, so I cannot contact the support in order to ask them to delete for me.

Can please someone shed some light ?

Thanks

Answer

Hello Michael and thanks for answering :)

The problem is that my cluster is already deleted but there is some security groups which was created by our deployment (aws-alb-ingress-controller) did created these eni. 
Because I deleted the cluster before to delete the aws-alb-ingress-controller, this made the ENI still attached and impossible to be removed.

How I can do that now ? I don't have the paying support :(

Answer

You are most likely trying to delete one of the network interfaces associated with the EKS cluster endpoint that is projected into your VPC. Since the EKS cluster is "owned" by AWS, you cannot delete the cluster's ENIs, even as the root account. Once you successfully destroy the cluster, the ENIs will disappear.

Also, please be advised that accessing AWS via the root account is a disfavored approach and so we do not recommend it. See our best practices guidance for additional details.

Also, please be advised that accessing AWS via the root account is a disfavored approach and so we do not recommend it. See our [best practices guidance](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials) for additional details.

Cannot delete ENI attached to destroyed EKS

관련 콘텐츠