How to list all VPC dependencies in AWS CLI?
I want to delete VPC through CLI. But get an error:
A client error (DependencyViolation) occurred when calling the DeleteVpc operation: The vpc 'vpc-xxx' has dependencies and cannot be deleted.
How can I list all dependencies that prevent me from deleting this VPC?
Solution 1:
here's what finally worked for me, using the AWS CLI. I'm aware there are other dependencies besides subnets, but this is a start:
jcomeau@aspire:~$ aws ec2 describe-subnets
{
"Subnets": [
{
"VpcId": "vpc-9a5c2bfe",
"CidrBlock": "10.0.0.0/25",
"MapPublicIpOnLaunch": false,
"DefaultForAz": false,
"State": "available",
"AvailabilityZone": "us-east-1c",
"SubnetId": "subnet-10923666",
"AvailableIpAddressCount": 123
}
]
}
jcomeau@aspire:~$ aws ec2 delete-subnet --subnet-id=subnet-10923666
jcomeau@aspire:~$ aws ec2 delete-vpc --vpc-id=vpc-9a5c2bfe
jcomeau@aspire:~$
OK, so that didn't work on all of mine. here's another one:
jcomeau@aspire:~$ aws ec2 describe-internet-gateways
{
"InternetGateways": [
{
"Tags": [],
"InternetGatewayId": "igw-37e81153",
"Attachments": [
{
"State": "available",
"VpcId": "vpc-e2087c86"
}
]
}
]
}
jcomeau@aspire:~$ aws ec2 detach-internet-gateway --internet-gateway-id=igw-37e81153 --vpc-id=vpc-e2087c86
jcomeau@aspire:~$ aws ec2 delete-internet-gateway --internet-gateway-id=igw-37e81153
jcomeau@aspire:~$ aws ec2 delete-vpc --vpc-id=vpc-e2087c86
jcomeau@aspire:~$
Solution 2:
I believe there is no CLI function that will return what is causing the DependencyViolation error, so you have two choices:
- Sign in to the AWS Management Console and search for any component that is pointed to the VPC, it can be a Security Group, Subnet, Router Table, EC2, etc.;
- Get in touch with the AWS Support Team and check if they can identify the reason for you.
Solution 3:
I just found this script: https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-dependency-error-delete-vpc/
#!/bin/bash
vpc="vpc-xxxxxxxxxxxxx"
aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc | grep InternetGatewayId
aws ec2 describe-subnets --filters 'Name=vpc-id,Values='$vpc | grep SubnetId
aws ec2 describe-route-tables --filters 'Name=vpc-id,Values='$vpc | grep RouteTableId
aws ec2 describe-network-acls --filters 'Name=vpc-id,Values='$vpc | grep NetworkAclId
aws ec2 describe-vpc-peering-connections --filters 'Name=requester-vpc-info.vpc-id,Values='$vpc | grep VpcPeeringConnectionId
aws ec2 describe-vpc-endpoints --filters 'Name=vpc-id,Values='$vpc | grep VpcEndpointId
aws ec2 describe-nat-gateways --filter 'Name=vpc-id,Values='$vpc | grep NatGatewayId
aws ec2 describe-security-groups --filters 'Name=vpc-id,Values='$vpc | grep GroupId
aws ec2 describe-instances --filters 'Name=vpc-id,Values='$vpc | grep InstanceId
aws ec2 describe-vpn-connections --filters 'Name=vpc-id,Values='$vpc | grep VpnConnectionId
aws ec2 describe-vpn-gateways --filters 'Name=attachment.vpc-id,Values='$vpc | grep VpnGatewayId
aws ec2 describe-network-interfaces --filters 'Name=vpc-id,Values='$vpc | grep NetworkInterfaceId
that helped me to find the issue. Maybe it will be useful.
Solution 4:
Here is an AWS article that lists all items that must be deleted before deleting the VPC.
https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-dependency-error-delete-vpc/
Solution 5:
In principle this one works if it is re-run several times ... with some 5s between the runs ... Yet I am sure that it has some bugs ... so feel free to edit / suggest additional functionalities ...
# probably a buggy one but just to get you start with something
# ensure your default output is json + you have default region ...
aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc_id \
| jq -r ".InternetGateways[].InternetGatewayId"
# terminate all vpc instances
while read -r instance_id ; do
aws ec2 terminate-instances --instance-ids $instance_id
done < <(aws ec2 describe-instances --filters 'Name=vpc-id,Values='$vpc_id \
| jq -r '.Reservations[].Instances[].InstanceId')
while read -r sg ; do
aws ec2 delete-security-group --group-id $sg
done < <(aws ec2 describe-security-groups --filters 'Name=vpc-id,Values='$vpc_id \
| jq -r '.SecurityGroups[].GroupId')
while read -r rt_id ; do
aws ec2 delete-route-table --route-table-id $rt_id ;
done < <(aws ec2 describe-route-tables --filters 'Name=vpc-id,Values='$vpc_id | \
jq -r .RouteTables[].RouteTableId)
while read -r ig_id ; do
aws ec2 detach-internet-gateway --internet-gateway-id $ig_id --vpc-id $vpc_id
done < <(aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc_id \
| jq -r ".InternetGateways[].InternetGatewayId")
while read -r ig_id ; do
aws ec2 delete-internet-gateway --internet-gateway-id $ig_id --vpc-id $vpc_id
done < <(aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc_id \
| jq -r ".InternetGateways[].InternetGatewayId")
# delete all vpc subnets
while read -r subnet_id ; do
aws ec2 delete-subnet --subnet-id "$subnet_id"
done < <(aws ec2 describe-subnets --filters 'Name=vpc-id,Values='$vpc_id | jq -r '.Subnets[].SubnetId')
# delete the whole vpc
aws ec2 delete-vpc --vpc-id=$vpc_id