Not able to delete VPCs, Subnets, SGs, and Network Interfaces

0

Hi,

I attempted to do the ECS Fargate DevOps Workshop to deploy a cluster.

Basically, it uses Cloudformation to create and delete the stack. Cloudformation stack kept failing in deleting some resources.
One example: "DELETE_FAILED" error with status reason as "...Status Code: 400; Error Code: DependencyViolation.."

I ended up deleting the stack while skipping the deletion of some resources. Now the stack is deleted, and I have some resources that are not deleting due to dependencies. I have been trying to figure this out all day. Can anyone help?

These are the items that are not deleting:

2 VPCs - vpc-06b826b3ab1da2e58 // vpc-02de9af25da6ced01

2 subnets - subnet-0b672b0e8a1874a87 // subnet-0e4181e7a7537f251

2 network interfaces - "eni-00c5483e08913c88f" & "eni-061e8154b1bc16528"

2 security groups - "ecs-inf-test-servicesgE18B74B7-U32ANMY3D4J5" & "ecs-inf-test-servicesgE18B74B7-7U01IMREA0KK"

THANKS!

adub
asked 3 years ago1173 views
3 Answers
0

Hi adub,
From my understanding you have deleted your stack but there are still some resources left behind because of dependencies.

An Amazon ECS cluster can fail to delete due to an issue with underlying resource dependencies. When an Amazon ECS cluster is created, AWS CloudFormation creates resources such as Auto Scaling groups, virtual private clouds (VPC), or load balancers. These resources are associated with the cluster, and their presence can prevent the deletion of the cluster. Other issues with AWS CloudFormation can also prevent the deletion of an Amazon ECS cluster.

You would need to navigate to your resources and go about removing dependencies and then deleting them.
In the case of your security groups, it could be that the inbound or outbound rules of the security group refers to another security group/groups or associated with a network interface. You would need to clear the dependencies for the security group that you want to delete and then attempt to delete the security group - https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-delete-vpc-sg/.

For deleting your subnets, you can try:
• Delete all ENI's associated with subnets within your VPC
• Disassociate all the respective subnets from all your route tables in your VPC
• Delete all route tables other than the "Main" table
• Disassociate all Network ACL's from all the respective subnets in your VPC
• Delete all Network ACL's other than the Default one
You can check out a previous forum with regards to deleting a subnet that had dependencies, which details some more things to consider: https://forums.aws.amazon.com/thread.jspa?threadID=95189

For deleting your ENIs, you can find these using the Network Interfaces tab of the EC2 Management Console. Once you find the ENI's attached to that VPC, you can find the individual resources. Specifically, take a look at whatever is connected to ‘eni-00c5483e08913c88f’ and ‘eni-061e8154b1bc16528’.
It could be any number of things, including Instances, NAT Gateways, VPC Endpoints, Load Balancers or other resources.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#delete_eni

With regards to the VPC, Common VPC dependencies include InternetGateways, Subnets, or Instances. You would need to clear the dependencies and then delete the VPC - https://docs.aws.amazon.com/vpc/latest/userguide/working-with-vpcs.html#VPC_Deleting.

You can view this AWS document for more information: https://aws.amazon.com/premiumsupport/knowledge-center/ecs-cluster-delete-failure-stack/

I hope this helps. Please let me know if you have any questions.

amz99
answered 3 years ago
0

Hello,

Thank you for your suggestions, however I am still stuck. I did check all these issues.

The security groups do not have any inbound rules. However, when I try to delete it, it gives error "1 network interface associated. Delete the network interface, or associate with a different security group"

There are no Instances, NAT Gateways, VPC Endpoints, Load Balancers or other resources so I am not sure what the network interface is attached to. I have checked all these resources. When I try to delete the NI, it gives error "Network interface is currently in use."

Subnets: Message I get when trying to delete "The following subnets contain one or more network interfaces, and cannot be deleted until those network interfaces have been deleted." The routing tables are all main. They have been disassociated from the routing tables. I'm not able to disassociate all Network ACL's from all the respective subnets in the vpc.

The VPC will not delete because "The following 1 network interfaces must be deleted before this VPC can be deleted"

I have gone through to see if there are any Load Balancers, Auto Scaling Groups, NAT Gateways, Endpoints, and various other resources however there was nothing.

I will check out some of the documentation.

Any other ideas?

Thank you.

adub
answered 3 years ago
0

I was able to delete the interfaces using the aws cli command. Once I deleted the ENIs, I was able to delete everything else. So basically, I couldn't delete from the console, but I could delete it using the aws-cli command. Thanks!
"aws ec2 delete-network-interface --network-interface-id eni-061e8154b1bc16528"

adub
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions