Recently, I was trying to delete a VPC both through console and through awscli and encountered failure because some dependency. The awscli was throwing the error below:-
$aws ec2 delete-vpc --vpc-id <vpc-id> --profile <profile-name> --debug --region us-east-1
2014-05-06 14:24:30,107 - awscli.clidriver - DEBUG - CLI version: aws-cli/1.3.8 Python/2.7.3 Windows/7, botocore version: 0.42.0
2014-05-06 14:24:30,108 - botocore.service - DEBUG - Creating service object for: ec2
2014-05-06 14:24:30,216 - botocore.hooks - DEBUG - Event service-data-loaded.ec2: calling handler <function signature_overrides at 0x0286C630>
2014-05-06 14:24:30,216 - botocore.hooks - DEBUG - Event service-created: calling handler <function register_retries_for_service at 0x0286C530>
....
ClientError: A client error (DependencyViolation) occurred when calling the DeleteVpc operation: The vpc 'vpc-xxxx' has dependencies and cannot be deleted.
2014-05-06 14:24:32,667 - awscli.clidriver - DEBUG - Exiting with rc 255
A client error (DependencyViolation) occurred when calling the DeleteVpc operation: The vpc 'vpc-xxxx' has dependencies and cannot be deleted.
The error message simply says that there is a dependency but doesn't state what the dependency is. If it were a subnet, network acl, RDS instance still connected to VPC, it is easy to determine through the console. However, the network interface is shown only in the "EC2" page rather than VPC page. From the AWS console, you can go to EC2->Network Interfaces to see if there are any eni-* that is still present. If present, you can delete it from the console or from the awscli like
$aws ec2 delete-network-interface --network-interface-id eni-xxxx --profile <profile-name> --debug --region us-east-1
2014-05-06 15:09:57,334 - awscli.clidriver - DEBUG - CLI version: aws-cli/1.3.8 Python/2.7.3 Windows/7, botocore version: 0.42.0
2014-05-06 15:09:57,335 - botocore.service - DEBUG - Creating service object for: ec2
2014-05-06 15:09:57,421 - botocore.hooks - DEBUG - Event service-data-loaded.ec2: calling handler <function signature_overrides at 0x02902630>
2014-05-06 15:09:57,423 - botocore.hooks - DEBUG - Event service-created: calling handler <function register_retries_for_service at 0x02902530>
....
2014-05-06 15:10:00,976 - awscli.formatter - DEBUG - RequestId: 7a23cfd5-4c40-4797-8bd7-5902a6a7f309
{
"return": "true"
}
Once you delete the unused eni-*, you can now run the "delete-vpc" command to get rid of the unused VPC.
$aws ec2 delete-vpc --vpc-id <vpc-id> --profile <profile-name> --debug --region us-east-1
2014-05-06 14:24:30,107 - awscli.clidriver - DEBUG - CLI version: aws-cli/1.3.8 Python/2.7.3 Windows/7, botocore version: 0.42.0
2014-05-06 14:24:30,108 - botocore.service - DEBUG - Creating service object for: ec2
2014-05-06 14:24:30,216 - botocore.hooks - DEBUG - Event service-data-loaded.ec2: calling handler <function signature_overrides at 0x0286C630>
2014-05-06 14:24:30,216 - botocore.hooks - DEBUG - Event service-created: calling handler <function register_retries_for_service at 0x0286C530>
....
ClientError: A client error (DependencyViolation) occurred when calling the DeleteVpc operation: The vpc 'vpc-xxxx' has dependencies and cannot be deleted.
2014-05-06 14:24:32,667 - awscli.clidriver - DEBUG - Exiting with rc 255
A client error (DependencyViolation) occurred when calling the DeleteVpc operation: The vpc 'vpc-xxxx' has dependencies and cannot be deleted.
The error message simply says that there is a dependency but doesn't state what the dependency is. If it were a subnet, network acl, RDS instance still connected to VPC, it is easy to determine through the console. However, the network interface is shown only in the "EC2" page rather than VPC page. From the AWS console, you can go to EC2->Network Interfaces to see if there are any eni-* that is still present. If present, you can delete it from the console or from the awscli like
$aws ec2 delete-network-interface --network-interface-id eni-xxxx --profile <profile-name> --debug --region us-east-1
2014-05-06 15:09:57,334 - awscli.clidriver - DEBUG - CLI version: aws-cli/1.3.8 Python/2.7.3 Windows/7, botocore version: 0.42.0
2014-05-06 15:09:57,335 - botocore.service - DEBUG - Creating service object for: ec2
2014-05-06 15:09:57,421 - botocore.hooks - DEBUG - Event service-data-loaded.ec2: calling handler <function signature_overrides at 0x02902630>
2014-05-06 15:09:57,423 - botocore.hooks - DEBUG - Event service-created: calling handler <function register_retries_for_service at 0x02902530>
....
2014-05-06 15:10:00,976 - awscli.formatter - DEBUG - RequestId: 7a23cfd5-4c40-4797-8bd7-5902a6a7f309
{
"return": "true"
}
Once you delete the unused eni-*, you can now run the "delete-vpc" command to get rid of the unused VPC.
Mine was because a security group had another security group referenced in it.
ReplyDeleteThank you for the enlightenment. I also had an extra sg referenced preventing my vpc deletion
DeleteThis comment has been removed by a blog administrator.
ReplyDelete