I can't delete my VPC

问题

I want to delete one of my VPC but when i was trying to delete, this error appeared.

We could not delete the following VPC (vpc-8737bde2 (10.100.0.0/16) | Khoi-VPC) The vpc 'vpc-8737bde2' has dependencies and cannot be deleted. (Service: AmazonEC2; Status Code: 400; Error Code: DependencyViolation; Request ID: e115d5ca-dd34-4cbb-a439-541b0dc225da)

OK, i checked the Security group and found one group with the description that has the name of my VPC so i thought that was the problem. But this time the error appears again.

We could not delete the following security group (sg-a43c0dc1)

the specified group: "sg-a43c0dc1" name: "default" cannot be deleted by a user (Service: AmazonEC2; Status Code: 400; Error Code: CannotDelete; Request ID: b21c425c-25c7-46e7-baeb-9610710afeca)

I dont know how to delete my VPC, has anyone have any idea?

回答1:

Most AWS apps that make use of the VPC, don't show its usage under VPC console. (update) Although AWS console say it will detach the resources, you need to check specific VPC resources used by other AWS services.

Here is some :

1. EC2 instances: Network interface , Security Groups and subnet for any EC2 instance attach to the VPC-subnets. You may choose to

   • TERMINATE(delete) the EC2 instance, or
   • Launch the instance into a "dummy VPC" or public subnet

2. RDS: DB Security Groups and subnet When create RDS and attach to VPC, you must create a DB Subnet group attach to that VPC. Even you delete the RDS, the DB subnet group(s) stay. So you need to go to the console and delete the DB subnet group(or use aws cli to remove it)

3. Any other AWS services that make use of VPC

   • Just back track all the services that make use of VPC-id, VPC-Subnet-ID, Security Groups, etc.

(Updated after tested @TheOne pointed out VPC endpoint )
4. VPC endpoint

Things inside VPC that you don't need to worry about when delete VPC

• Virtual Private Gateways (the console will detach VPG from VPC )
• VPN Attachments
• Internet Gateways
• Route Tables

回答2:

Before you can delete a VPC, you must terminate any instances that are running in the VPC. If you delete a VPC using the VPC console, it also deletes resources that are associated with the VPC, such as subnets, security groups, network ACLs, DHCP options sets, route tables, and Internet gateways.

So there is no request to manually delete security groups.

To terminate your instance, release your Elastic IP address, and delete your VPC

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Instances.

3. Select your instance, choose Actions, then Instance State, and then select Terminate.

4. In the dialog box, expand the Release attached Elastic IPs section, and select the check box next to the Elastic IP address. Choose Yes, Terminate.

5. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

6. In the navigation pane, choose Your VPCs.

7. Select the VPC, choose Actions, and then choose Delete VPC.

8. When prompted for confirmation, choose Yes, Delete.

refer:

Clean Up VPC

回答3:

From the AWS documentation:

You can delete your VPC at any time. However, you must terminate all instances in the VPC, and delete any VPC peering connections first. When you delete a VPC using the VPC console, we delete all its components, such as subnets, security groups, network ACLs, route tables, internet gateways, and DHCP options.

However, from the documentation for the delete-vpc command:

You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on.

Thus, there is different behavior deleting a VPC using the console vs. using the AWS CLI.

If you are deleting the VPC using the console you only need to terminate/delete the following first:

• EC2 instances in the VPC.

• RDS instances in the VPC.

• VPC peering connections

If you are deleting the VPC using the CLI you additionally need to detach/delete other dependent resources:

• Subnets

• Security Groups (except the default)

• Route Tables (except the default)

• RDS Security Group

• Internet Gateways

• NAT Gateways

• VPC Endpoints

• etc.

Many of these resources can be found in the AWS console by searching in the appropriate section for that resource type using the VPC ID, the associated subnet IDs, or the associated security group IDs.

来源：https://stackoverflow.com/questions/34325336/i-cant-delete-my-vpc