35

I am trying to delete AWS VPC (a non default one). I am getting error that "We could not delete the following VPC (vpc-xxxxxxx (xx.xx.xx.x/16)) Network interface 'eni-xxxxxx' is currently in use. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterValue; Request ID: xxxxxx-dd86-47c8-98cd-xxxxxxxxxxx)".

When I tried deleting the related Network Interface, I got error "eni-xxxxxxx: You do not have permission to access the specified resource."

There are security groups associated with the NI (network interface). There are subnets associated with the NI. There are no EC2 instances - all are terminated. There are no VPC endpoints. There are no RDS db, db security group or subnets.

For EC2 SG (security groups), I am getting permission denied error message while trying to delete (even the non default SG against the non-default VPC. This SG has description of "AWS created security group for d-xxxxxxxxxx directory controllers".

For subnets, I am not able to delete them because they are associated with the above mentioned NI.

Can someone help? I have a free tier account and hence even dont have technical support or neither able to post new thread in aws forums (getting error message - Your account is not ready for posting messages yet. Please try again later). I fear this is because I have a free tier account.

Ivan Aracki
  • 3,668
  • 8
  • 47
  • 63
Sujoy
  • 486
  • 1
  • 6
  • 12
  • Are you using Amazon Workspaces? It creates a VPC with an ENI, which you cannot delete if Workspaces has been provisioned. Are there any other services linked into your VPC, such as peering? – John Rotenstein May 15 '16 at 01:13
  • Thanks John! I am neither using Amazon Workspaces nor did establish any peering for that VPC. – Sujoy May 15 '16 at 07:48

9 Answers9

44

Check 2 things.

  • If you have a VPC Elastic IP Address you created in the VPC you are trying to delete.
  • Check if you created a AWS ELB in the VPC.

Delete above two resources if present then you will be able to delete the VPC.

error2007s
  • 11,474
  • 5
  • 25
  • 45
  • thanks for reminding those two. I missed them while posting the question. I had created EIP (elastic IP) but deleted them while deleting the EC2 instance some time back. – Sujoy May 15 '16 at 07:41
  • And I had not created ELB against the VPC. So is there anything else I should check? – Sujoy May 15 '16 at 07:42
  • 1
    @Sujoy Try to detach the Internet Getaway and then try to delete the VPC. – error2007s May 15 '16 at 12:54
  • Not sure of the issue. But the VPC was deleted next time I logged in after 2-3 days. Thank you all for the tips! – Sujoy Nov 05 '16 at 06:03
  • 1
    For me it was a lingering RDS instance. – Karim Tabet Dec 19 '16 at 14:42
  • Thank you. This saved me from a CloudFormation stack generated by a program that failed to delete it and then obscure cascading delete failures all the way down to the ELB without making it obvious that the ELB was the cause. – Taylor Edmiston Aug 22 '19 at 20:53
11

As @karimtabet said, the VPC I was unable to delete was still assigned to an active RDS instance. after removing this RDS instance, I was able to delete the VPC.

Community
  • 1
  • 1
Pierre-Yves Savard
  • 145
  • 1
  • 5
  • Something I encountered which others may run into is that Neptune also counts as an RDS when it comes to this. – SidF Oct 15 '19 at 14:22
6

Check if you have any EFS instances or S3 buckets with versioning turned on or cross-domain replication (this is the one that got me recently).

The Camster
  • 1,572
  • 1
  • 17
  • 24
1

That network interface could be connected to a security group which is then connected to another Amazon product like ElastiCache (or anything). It's connected to something which may be connected to something else.

Sam Malayek
  • 2,963
  • 2
  • 24
  • 40
1

In my case I had to first detach and delete 2 things in EC2 section (of the same region as your VPC):

  1. Network & Security -> Elastic IPs. Delete the Elastic IP associated with your VPC
  2. Network & Security -> Network Interfaces. Detach your VPC's network interface first (This took around a minute). Then delete.

Now try deleting the VPC.

rahuljain1311
  • 1,062
  • 10
  • 18
1

I solve this by deleting active load balancer that was attached to the ENIs. You can check active load balancers on EC2 > Load Balancing > Load Balancers

Pedro Martins
  • 40
  • 7
0

A running ECS task could be an issue, try to stop/delete the same. https://forums.aws.amazon.com/thread.jspa?threadID=114301

Aruni Mishra
  • 27
  • 6
0

You were right..It was ECS issue in my case. Not letting me delete my ENIs saying I dont have the permissions. I had already deregistered my ECS task definition but still It was not letting me delete resources like VPC, ENIs created by ECS.

I had to update the version of task definition under ECS using same resources as previous definition version and then I deleted that new service and then deleted the clustere.

With clustere, it deleted all resource like VPC, ENIs which it was not letting me delete earlier.

I then dergistered second version of task definition. I had two inactive tasks definitions for a monent and then one task definitions disappeared..now only one is there in inactive state.

Atul Pattewar
  • 1
0

I was only able to delete the eni through de api:

aws ec2 delete-network-interface --network-interface-id eni-XXXXXXX

In my case I have created an ECS cluster with Terraform. But wasn't able to clean it up with the command terraform destroy.

In the web console I always got the error Network interface is currently in use.

Alexandre Ito
  • 31
  • 2