By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

I cannot delete a VPC Endpoint

0

Hi there,

I am trying to delete an entire VPC and the last elements on it are 2 ENIs that are attached to a VPC Endpoint and I am getting these messages when I try to delete this VPC Endpoint:

aws ec2 delete-vpc-endpoints --vpc-endpoint-ids vpce-VPCEID

{
    "Unsuccessful": [
        {
            "Error": {
                "Code": "InvalidParameter",
                "Message": "Operation is not allowed for requester-managed VPC endpoints for the service com.amazonaws.vpce.us-east-1.vpce-svc-SVCID."
            },
            "ResourceId": "vpce-VPCEID"
        }
    ]
}

Then I see the description of the service and I found this: aws ec2 describe-vpc-endpoint-services --service-names com.amazonaws.vpce.us-east-1.vpce-svc-SVCID

{
    "ServiceDetails": [
        {
            "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-SVCID",
            "ServiceId": "vpce-svc-SVCID",
            "ServiceType": [
                {
                    "ServiceType": "Interface"
                }
            ],
            "AvailabilityZones": [
                "us-east-1a",
                "us-east-1b",
                "us-east-1c",
                "us-east-1d",
                "us-east-1e",
                "us-east-1f"
            ],
            "Owner": "amazon",
            "BaseEndpointDnsNames": [
                "vpce-svc-SVCID.us-east-1.vpce.amazonaws.com"
            ],
            "VpcEndpointPolicySupported": false,
            "AcceptanceRequired": true,
            "ManagesVpcEndpoints": true,
            "PayerResponsibility": "ServiceOwner",
            "Tags": [],
            "SupportedIpAddressTypes": [
                "ipv4"
            ]
        }
    ],
    "ServiceNames": [
        "com.amazonaws.vpce.us-east-1.vpce-svc-SVCID"
    ]
}

Finally I understand that having "ManagesVpcEndpoints": true I cannot manually delete it because its managed directly by AWS. But I dont know with what it is exactly related, how can I get to delete it or at least know why it was created to detach the right resource?

BTW I do not have any listed resource when I go to the "VPC endpoint services" table on the AWS Console.

Thanks!

Topics
Networking & Content Delivery
Tags
Amazon VPC
Language
English
charlymonzon
asked 20 days ago149 views
1 Answer
1

Hello.

A VPC endpoint for requester managed is created when you create an AWS service (such as RDS Proxy).
This can be found in CloudTrail's event history if it was created within the last 90 days.
If it has been more than 90 days since it was created, you will not be able to view it on CloudTrail, so you will need to search for it steadily as described in the document below.
Therefore, please check if there are any AWS services related to the VPC endpoint, and if they exist, try deleting them.
https://repost.aws/knowledge-center/vpc-delete-requester-managed-endpoint

profile picture
EXPERT
Riku_Kobayashi
answered 20 days ago
profile picture
EXPERT
Oleksii Bebych
reviewed 19 days ago
profile pictureAWS
EXPERT
AWS-User-alantam
reviewed 20 days ago
  • charlymonzon
    20 days ago

    Thanks for the answer, it has more than 90 days but there are no tags on the VPC Endpoint to look for the keys and values. There is an old account of a client of mine and I am trying to research all the services. I already deleted the databases, ec2 instances.. etc

  • Riku_Kobayashi EXPERT
    20 days ago

    How about searching for active resources using the "Confirm you have terminated all active resources" procedure described in the document below? You might be able to find something if you search in the tag editor. https://repost.aws/knowledge-center/check-for-active-resources

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content