I want to delete VPC through CLI. But get an error:

A client error (DependencyViolation) occurred when calling the DeleteVpc operation: The vpc 'vpc-xxx' has dependencies and cannot be deleted.

How can I list all dependencies that prevent me from deleting this VPC?


Solution 1:

here's what finally worked for me, using the AWS CLI. I'm aware there are other dependencies besides subnets, but this is a start:

jcomeau@aspire:~$ aws ec2 describe-subnets
{
    "Subnets": [
        {
            "VpcId": "vpc-9a5c2bfe", 
            "CidrBlock": "10.0.0.0/25", 
            "MapPublicIpOnLaunch": false, 
            "DefaultForAz": false, 
            "State": "available", 
            "AvailabilityZone": "us-east-1c", 
            "SubnetId": "subnet-10923666", 
            "AvailableIpAddressCount": 123
        }
    ]
}
jcomeau@aspire:~$ aws ec2 delete-subnet --subnet-id=subnet-10923666
jcomeau@aspire:~$ aws ec2 delete-vpc --vpc-id=vpc-9a5c2bfe
jcomeau@aspire:~$

OK, so that didn't work on all of mine. here's another one:

jcomeau@aspire:~$ aws ec2 describe-internet-gateways
{
    "InternetGateways": [
        {
            "Tags": [], 
            "InternetGatewayId": "igw-37e81153", 
            "Attachments": [
                {
                    "State": "available", 
                    "VpcId": "vpc-e2087c86"
                }
            ]
        }
    ]
}
jcomeau@aspire:~$ aws ec2 detach-internet-gateway --internet-gateway-id=igw-37e81153 --vpc-id=vpc-e2087c86
jcomeau@aspire:~$ aws ec2 delete-internet-gateway --internet-gateway-id=igw-37e81153
jcomeau@aspire:~$ aws ec2 delete-vpc --vpc-id=vpc-e2087c86
jcomeau@aspire:~$

Solution 2:

I believe there is no CLI function that will return what is causing the DependencyViolation error, so you have two choices:

  1. Sign in to the AWS Management Console and search for any component that is pointed to the VPC, it can be a Security Group, Subnet, Router Table, EC2, etc.;
  2. Get in touch with the AWS Support Team and check if they can identify the reason for you.

Solution 3:

I just found this script: https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-dependency-error-delete-vpc/

#!/bin/bash
vpc="vpc-xxxxxxxxxxxxx" 
aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc | grep InternetGatewayId
aws ec2 describe-subnets --filters 'Name=vpc-id,Values='$vpc | grep SubnetId
aws ec2 describe-route-tables --filters 'Name=vpc-id,Values='$vpc | grep RouteTableId
aws ec2 describe-network-acls --filters 'Name=vpc-id,Values='$vpc | grep NetworkAclId
aws ec2 describe-vpc-peering-connections --filters 'Name=requester-vpc-info.vpc-id,Values='$vpc | grep VpcPeeringConnectionId
aws ec2 describe-vpc-endpoints --filters 'Name=vpc-id,Values='$vpc | grep VpcEndpointId
aws ec2 describe-nat-gateways --filter 'Name=vpc-id,Values='$vpc | grep NatGatewayId
aws ec2 describe-security-groups --filters 'Name=vpc-id,Values='$vpc | grep GroupId
aws ec2 describe-instances --filters 'Name=vpc-id,Values='$vpc | grep InstanceId
aws ec2 describe-vpn-connections --filters 'Name=vpc-id,Values='$vpc | grep VpnConnectionId
aws ec2 describe-vpn-gateways --filters 'Name=attachment.vpc-id,Values='$vpc | grep VpnGatewayId
aws ec2 describe-network-interfaces --filters 'Name=vpc-id,Values='$vpc | grep NetworkInterfaceId

that helped me to find the issue. Maybe it will be useful.

Solution 4:

Here is an AWS article that lists all items that must be deleted before deleting the VPC.

https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-dependency-error-delete-vpc/

Solution 5:

In principle this one works if it is re-run several times ... with some 5s between the runs ... Yet I am sure that it has some bugs ... so feel free to edit / suggest additional functionalities ...

 # probably a buggy one but just to get you start with something
 # ensure your default output is json + you have default region ... 
 aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc_id \
       | jq -r ".InternetGateways[].InternetGatewayId"
    # terminate all vpc instances
    while read -r instance_id ; do
       aws ec2 terminate-instances --instance-ids $instance_id
    done < <(aws ec2 describe-instances --filters 'Name=vpc-id,Values='$vpc_id \
       | jq -r '.Reservations[].Instances[].InstanceId')

    while read -r sg ; do
       aws ec2 delete-security-group --group-id $sg
    done < <(aws ec2 describe-security-groups --filters 'Name=vpc-id,Values='$vpc_id \
       | jq -r '.SecurityGroups[].GroupId')

    while read -r rt_id ; do
       aws ec2 delete-route-table --route-table-id $rt_id ;
    done < <(aws ec2 describe-route-tables --filters 'Name=vpc-id,Values='$vpc_id | \
       jq -r .RouteTables[].RouteTableId)

    while read -r ig_id ; do
       aws ec2 detach-internet-gateway --internet-gateway-id $ig_id --vpc-id $vpc_id
    done < <(aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc_id  \
       | jq -r ".InternetGateways[].InternetGatewayId")

    while read -r ig_id ; do
       aws ec2 delete-internet-gateway --internet-gateway-id $ig_id --vpc-id $vpc_id
    done < <(aws ec2 describe-internet-gateways --filters 'Name=attachment.vpc-id,Values='$vpc_id  \
       | jq -r ".InternetGateways[].InternetGatewayId")

    # delete all vpc subnets
    while read -r subnet_id ; do
       aws ec2 delete-subnet --subnet-id "$subnet_id"
    done < <(aws ec2 describe-subnets --filters 'Name=vpc-id,Values='$vpc_id | jq -r '.Subnets[].SubnetId')

    # delete the whole vpc
    aws ec2 delete-vpc --vpc-id=$vpc_id