By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Unable to detach or delete network interfaces

1

I have several subnets which were previously associated with Beanstalk load balancers. The load balancers still exist, but the subnets are no longer associated.

I can't delete the subnets because they still contain network interfaces; I can't delete the network interfaces because they show "in use"; I can't detach the network interfaces because I get "You do not have permission to access the specified resource" (even on an admin account).

The subnets have already been removed from the load balancer, so the network interfaces should no longer be attached either. Any suggestions would be greatly appreciated!

Topics
Compute
Tags
Amazon EC2
Language
English
hbgreg
asked 3 years ago16763 views
5 Answers
1

Hi hbgreg,
Sorry to hear about the inconvenience you are facing. The network interface is still probably associated with something in your account and thus you cannot delete it.

You could try some of the following suggestions:

  • Remove unused VPC links from API gateway
  • Remove unused VPC Endpoint services
  • Remove unused NAT gateways
  • Remove unused ECS/EKS clusters
  • Remove unused load balancers
  • Remove unused EFS mount
    In most likelihood it is the Beanstalk load balancers. You would need to delete your load balancers first in order to delete the network interface.

I hope this helps. Let me know if you have any questions.
Warm regards,
awsamy

amz99
answered 3 years ago
0

Hi hbgreg,
Thank you for providing additional clarity with regards to what you want to do. AWS resources have to exist in a VPC and a Subnet. If you intend to delete the subnet you will have to make sure that all resources in the subnets are deleted including all load balancers.

With regards to your question, the ENI will still be associated with the load balancer, even if you removed the subnet from the load balancer. Because load balancers are a managed service you cannot delete the ENI yourself, it happens on the deletion of the load balancer. In order to delete the ENIs that were associated with the subnets you removed from the database, you would still need to delete the load balancer.

My sincere apologies for the delayed response.
I hope this helps. Let me know if you have any questions.
Warm regards,
awsamy

amz99
answered 3 years ago
  • Ofir Gutmacher
    a month ago

    Hi Awasamy, what happens if I deleted the subnet and all resources attached to it, including all load balancers, and still the VPC cannot be deleted because of the ENI ? I am getting the same message : You do not have permission to access the specified resource

0

Hi awsamy,
Thanks for the follow up. I believe you are correct that the network interfaces are still associated with the load balancers, but I am struggling to see how this is the case as the relevant subnets have already been removed from the load balancers.

Deleting the load balancers doesn't sound like a great option as this would cause downtime for the live applications that sit behind them.

I would like to detach the network interfaces from the load balancers (again, I am not sure how they are still attached since the subnets that contain them have been removed from the load balancers), but I am receiving the error "You do not have permission to access the specified resource" even when logged in to an admin account.

hbgreg
answered 3 years ago
0

Hi hbgreg,
I understand that you removed some subnets, however, the subnet with the ENI must still exist as the subnet cannot be deleted while there is still an ENI in use. The load balancer is associated with multiple subnets, one of which contains the ENI. As long as the ENI is there the subnet exists and is still in the account.
You can navigate to the EC2 console to verify this. On the left, scroll down to Network & Security and select Network Interfaces. Select the relevant ENI and see under Details the Subnet ID.

The ENI is needed for the communication between your resources in your VPC and the load balancer. Load balancers are a managed service meaning the load balancer nodes don’t actually exist on the customer's account i.e. your account, they run on an AWS managed account. The ENI is used to allow for the communication between your account resources and the AWS managed account where the load balancer nodes are. So by deleting the ENI without deleting the actual load balancers, you will still be charged for the service, but you can no longer use the load balancers as intended. Thus you would need to delete the load balancers in order to delete the ENI.

Lastly with regards to the error "You do not have permission to access the specified resource", this error appears as you are trying to remove a resource that is associated with a Managed service. The ENI will get detached from the associated node when you delete the Load balancer by the AWS service."

I hope this helps. Let me know if you have any questions.
Warm regards,
awsamy

amz99
answered 3 years ago
0

Hi again, and thank you for the follow up!

I understand that the subnets still exist - in fact, the reason I want to delete the ENI is so that I can then delete the subnet. The subnets are not associated with the load balancer, however.

It was my understanding that if the subnet is no longer associated with the load balancer, the ENI should also no longer be associated with the load balancer. Am I misunderstanding there?

hbgreg
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content