Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

I can't delete my ENI because it's currently in use and is of type "interface" (poiting to ECS which is already deleted)

0

Hi everyone! I'm trying to destroy my resources using terraform and I'm getting a lot of errors like this:

Error: deleting EC2 Subnet (subnet-07f0adb64fe424b3f): operation error EC2: DeleteSubnet, https response error StatusCode: 400, RequestID: e392b53d-a520-487c-8e93-55d6da43fad0, api error DependencyViolaatioatioation: The subnet 'subnet-07f0adb64fe424b3f' has dependencies and cannot be deleted.

Then I was trying to figure out manually through AWS Management Console, and when I try to delete the ENI I can't because of the following reason:

Network interface is currently in use and is of type "interface". Possible owning resource is arn:aws:ecs:us-east-1:<account_id>:attachment/b8383ffc-89c6-4304-a39f-b969c4d624c7:: .

The above message has a link to the "resource" which is the ECS Clusters pages, which are already deleted.

When trying to destroy again with terraform it keep the loop "still destroying" to the following resources:

  • Internet Gateway
  • Subnet

Of course, when I try to remove them through AWS Console it points to the ENI.

I still can see the route table and the VPC (again, that I can't remove neither manually because of the ENI)

Note: I've destroyed the ECS cluster and its components more than 12 hours ago.

I've seen this question with the following answer:

If these are already deleted and you still see these ENIs being part of ECS, then wait for sometime but then open a case with ECS support team to remove orphaned ENIs.

I think 12 hours should be more than enough to wait.

What can I do ?

Thank you!

Topics
ContainersNetworking & Content Delivery
Tags
Amazon VPCAmazon Elastic Container ServiceTerraform
Language
English
asked 9 months ago723 views
3 Answers
1

In rare cases, it may take some time for the ENI to disappear.
If you wait a day or two and the ENI does not disappear, I think it is best to contact AWS Support.
Inquiries under "Account and billing" can be made free of charge.
Please inquire from the URL below.
https://console.aws.amazon.com/support

EXPERT
answered 9 months ago
0
Accepted Answer

Just in case someone falls into the same trouble I found out through AWS Ticket (Case ID 174073153000545) that the ENI was stuck because IAM Role (ECS Infraestructure Role) was deleted before AWS could delete the ENI itself.

Basically I needed to re-create just the IAM Infraestructure Role and let it there some time (because AWS keeps trying to remove the ENI "continuously"). After some hours the ENI was deleted and I was able to remove all the others components (VPC, route table, subnets, etc) using terraform destroy again.

answered 9 months ago
0

This is a common issue when trying to delete resources that have dependencies, especially with Elastic Network Interfaces (ENIs) that were created by AWS services like ECS. Even after deleting the parent resource (in this case, the ECS cluster), sometimes the ENIs can remain stuck in an "in-use" state. Here are some steps you can try:

  1. Wait a bit longer: Although you've already waited 12 hours, in rare cases, it can take up to 24-48 hours for all resources to be fully released.

  2. Double-check for any remaining ECS resources: Ensure that all ECS tasks, services, and the cluster itself have been completely removed.

  3. Check for other AWS services: Sometimes, other services like NAT Gateways, Load Balancers, or VPC Endpoints might be using the ENI. Make sure all such resources have been deleted.

  4. Use AWS CLI or SDK to get more information: You can use commands to describe the network interfaces and get more details about what might be using them.

  5. Try force detaching the ENI: In some cases, you might be able to force detach the ENI using the AWS CLI or SDK.

If none of these steps work, your best option is to contact AWS Support. Even if you don't have a paid support plan, you can still open a case under the "Account and Billing" category for free. Explain the situation, provide the ENI ID, and mention that you've already deleted the ECS cluster but the ENI remains stuck. AWS support should be able to manually release the orphaned ENI for you.

Remember, it's important not to try deleting resources like VPCs, subnets, or security groups while there are still ENIs attached, as this can lead to further complications. Focus on resolving the ENI issue first, and then the other resources should be deletable.

Sources
Unable to Delete Stuck Network Interface (ENI) After ELB Deletion – Need AWS Intervention | AWS re:Post
The network interface can't be deleted | AWS re:Post
Cannot delete network interface | AWS re:Post
Unable to delete network interface | AWS re:Post

answered 9 months ago
EXPERT
reviewed 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content