Issue when trying to delete VPC and Network Interface
Amazon Web-ServicesAmazon Ec2Amazon VpcNetwork InterfaceAmazon Web-Services Problem Overview
I am trying to delete AWS VPC (a non default one). I am getting error that "We could not delete the following VPC (vpc-xxxxxxx (xx.xx.xx.x/16)) Network interface 'eni-xxxxxx' is currently in use. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterValue; Request ID: xxxxxx-dd86-47c8-98cd-xxxxxxxxxxx)".
When I tried deleting the related Network Interface, I got error "eni-xxxxxxx: You do not have permission to access the specified resource."
There are security groups associated with the NI (network interface). There are subnets associated with the NI. There are no EC2 instances - all are terminated. There are no VPC endpoints. There are no RDS db, db security group or subnets.
For EC2 SG (security groups), I am getting permission denied error message while trying to delete (even the non default SG against the non-default VPC. This SG has description of "AWS created security group for d-xxxxxxxxxx directory controllers".
For subnets, I am not able to delete them because they are associated with the above mentioned NI.
Can someone help? I have a free tier account and hence even dont have technical support or neither able to post new thread in aws forums (getting error message - Your account is not ready for posting messages yet. Please try again later). I fear this is because I have a free tier account.
Amazon Web-Services Solutions
Solution 1 - Amazon Web-Services
Check 2 things.
- If you have a VPC Elastic IP Address you created in the VPC you are trying to delete.
- Check if you created a AWS ELB in the VPC.
Delete above two resources if present then you will be able to delete the VPC.
Solution 2 - Amazon Web-Services
As @karimtabet said, the VPC I was unable to delete was still assigned to an active RDS instance. after removing this RDS instance, I was able to delete the VPC.
Solution 3 - Amazon Web-Services
Check if you have any EFS instances or S3 buckets with versioning turned on or cross-domain replication (this is the one that got me recently).
Solution 4 - Amazon Web-Services
I solved this by deleting the active load balancer that was attached to the ENIs. You can check active load balancers on EC2 > Load Balancing > Load Balancers
Solution 5 - Amazon Web-Services
A running ECS task could be an issue, try to stop/delete the same. https://forums.aws.amazon.com/thread.jspa?threadID=114301
Solution 6 - Amazon Web-Services
That network interface could be connected to a security group which is then connected to another Amazon product like ElastiCache (or anything). It's connected to something which may be connected to something else.
Solution 7 - Amazon Web-Services
In my case I had to first detach and delete 2 things in EC2 section
(of the same region as your VPC):
- Network & Security -> Elastic IPs. Delete the Elastic IP associated with your VPC
- Network & Security -> Network Interfaces. Detach your VPC's network interface first (This took around a minute). Then delete.
Now try deleting the VPC.
Solution 8 - Amazon Web-Services
I was only able to delete the eni through de api:
aws ec2 delete-network-interface --network-interface-id eni-XXXXXXX
In my case I have created an ECS cluster with Terraform. But wasn't able to clean it up with the command terraform destroy
.
In the web console I always got the error Network interface is currently in use
.
Solution 9 - Amazon Web-Services
So you should check the network interfaces usage, if they don't appear it means you have to check computing and load balancing stacks for it.
For me it was a lambda test function that was using the interface and not appearing in the networkInterface for some reason. Make sure to check your lambda functions.
Solution 10 - Amazon Web-Services
In My case first we have check that any load balancer available if it is then first we have to delete the load balancer then we the delete the exisiting vpc
Solution 11 - Amazon Web-Services
You have to do it bottom-up approach.
- Delete services that are working on subnets if you have them (Redshift clusters, RDS)
- Check jobs in Glue, Lambda etc and delete them if you don't need them
- Release IP addresses from NAT Gateway
- Detach/Delete NAT and Internet Gateway
- Detach and delete subnets
- Delete VPC
Solution 12 - Amazon Web-Services
You were right..It was ECS issue in my case. Not letting me delete my ENIs saying I dont have the permissions. I had already deregistered my ECS task definition but still It was not letting me delete resources like VPC, ENIs created by ECS.
I had to update the version of task definition under ECS using same resources as previous definition version and then I deleted that new service and then deleted the clustere.
With clustere, it deleted all resource like VPC, ENIs which it was not letting me delete earlier.
I then dergistered second version of task definition. I had two inactive tasks definitions for a monent and then one task definitions disappeared..now only one is there in inactive state.
Solution 13 - Amazon Web-Services
I had forgotten that I had an RDS instance that was still connected to that VPC. After deleting it, the network interface deleted itself.
Solution 14 - Amazon Web-Services
There is a tool that can help you figure out which AWS resource associate with the ENI. This post document how you use it: https://aws.amazon.com/premiumsupport/knowledge-center/lambda-eni-find-delete/
Solution 15 - Amazon Web-Services
I had no instances attached. The network interface just was related to a subnet, security group and the VPC. This is how I solved it:
- Delete the Load Balancers that I had
- Delete the network interface
- Delete the VPC
Solution 16 - Amazon Web-Services
I fixed this issue by deleting ElastiCache resource. After that, I was able to remove VPC