- Newest
- Most votes
- Most comments
Hi hbgreg,
Sorry to hear about the inconvenience you are facing. The network interface is still probably associated with something in your account and thus you cannot delete it.
You could try some of the following suggestions:
- Remove unused VPC links from API gateway
- Remove unused VPC Endpoint services
- Remove unused NAT gateways
- Remove unused ECS/EKS clusters
- Remove unused load balancers
- Remove unused EFS mount
In most likelihood it is the Beanstalk load balancers. You would need to delete your load balancers first in order to delete the network interface.
I hope this helps. Let me know if you have any questions.
Warm regards,
awsamy
Hi hbgreg,
Thank you for providing additional clarity with regards to what you want to do. AWS resources have to exist in a VPC and a Subnet. If you intend to delete the subnet you will have to make sure that all resources in the subnets are deleted including all load balancers.
With regards to your question, the ENI will still be associated with the load balancer, even if you removed the subnet from the load balancer. Because load balancers are a managed service you cannot delete the ENI yourself, it happens on the deletion of the load balancer. In order to delete the ENIs that were associated with the subnets you removed from the database, you would still need to delete the load balancer.
My sincere apologies for the delayed response.
I hope this helps. Let me know if you have any questions.
Warm regards,
awsamy
Hi awsamy,
Thanks for the follow up. I believe you are correct that the network interfaces are still associated with the load balancers, but I am struggling to see how this is the case as the relevant subnets have already been removed from the load balancers.
Deleting the load balancers doesn't sound like a great option as this would cause downtime for the live applications that sit behind them.
I would like to detach the network interfaces from the load balancers (again, I am not sure how they are still attached since the subnets that contain them have been removed from the load balancers), but I am receiving the error "You do not have permission to access the specified resource" even when logged in to an admin account.
Hi hbgreg,
I understand that you removed some subnets, however, the subnet with the ENI must still exist as the subnet cannot be deleted while there is still an ENI in use. The load balancer is associated with multiple subnets, one of which contains the ENI. As long as the ENI is there the subnet exists and is still in the account.
You can navigate to the EC2 console to verify this. On the left, scroll down to Network & Security and select Network Interfaces. Select the relevant ENI and see under Details the Subnet ID.
The ENI is needed for the communication between your resources in your VPC and the load balancer. Load balancers are a managed service meaning the load balancer nodes don’t actually exist on the customer's account i.e. your account, they run on an AWS managed account. The ENI is used to allow for the communication between your account resources and the AWS managed account where the load balancer nodes are. So by deleting the ENI without deleting the actual load balancers, you will still be charged for the service, but you can no longer use the load balancers as intended. Thus you would need to delete the load balancers in order to delete the ENI.
Lastly with regards to the error "You do not have permission to access the specified resource", this error appears as you are trying to remove a resource that is associated with a Managed service. The ENI will get detached from the associated node when you delete the Load balancer by the AWS service."
I hope this helps. Let me know if you have any questions.
Warm regards,
awsamy
Hi again, and thank you for the follow up!
I understand that the subnets still exist - in fact, the reason I want to delete the ENI is so that I can then delete the subnet. The subnets are not associated with the load balancer, however.
It was my understanding that if the subnet is no longer associated with the load balancer, the ENI should also no longer be associated with the load balancer. Am I misunderstanding there?
Relevant content
- asked 3 months ago
- Accepted Answerasked 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- How do I delete my Network Load Balancer that's associated with VPC endpoint services (PrivateLink)?AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Hi Awasamy, what happens if I deleted the subnet and all resources attached to it, including all load balancers, and still the VPC cannot be deleted because of the ENI ? I am getting the same message : You do not have permission to access the specified resource