I tried to delete my Amazon VPC, but I received a dependency error. How can I delete my Amazon VPC?

Last updated: 2022-10-28

I received a dependency error when I tried to delete my Amazon Virtual Private Cloud (Amazon VPC). How do I delete it?

Short description

When you delete an Amazon VPC, all its components are also deleted. These components include subnets, security groups, network access control lists (network ACLs), route tables, internet gateways, and DHCP options. However, before you attempt to delete your Amazon VPC, you must first delete or disassociate all dependent resources. Follow these steps in the order listed here to avoid dependency errors.

Resolution

Before you delete your VPC, you must delete the dependent resources.

You can use the AWS Command Line Interface (AWS CLI) delete-vpc command or the Amazon VPC console to delete your Amazon VPC.

Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent AWS CLI version.

Resolve errors received when trying to delete an Amazon VPC through the AWS CLI

The following error indicates that there are dependencies that you must remove before you can delete the Amazon VPC:

"An error occurred (DependencyViolation) when calling the DeleteVpc operation: The vpc 'vpc-id' has dependencies and cannot be deleted."

To resolve this error:

1.    Run the following script to find the remaining dependencies:

#!/bin/bash
vpc="vpc-xxxxxxxxxxxxx"
region="yy-yyyy-y"
aws ec2 describe-internet-gateways --region $region --filters 'Name=attachment.vpc-id,Values='$vpc | grep InternetGatewayId
aws ec2 describe-subnets --region $region --filters 'Name=vpc-id,Values='$vpc | grep SubnetId
aws ec2 describe-route-tables --region $region --filters 'Name=vpc-id,Values='$vpc | grep RouteTableId
aws ec2 describe-network-acls --region $region --filters 'Name=vpc-id,Values='$vpc | grep NetworkAclId
aws ec2 describe-vpc-peering-connections --region $region --filters 'Name=requester-vpc-info.vpc-id,Values='$vpc | grep VpcPeeringConnectionId
aws ec2 describe-vpc-endpoints --region $region --filters 'Name=vpc-id,Values='$vpc | grep VpcEndpointId
aws ec2 describe-nat-gateways --region $region --filter 'Name=vpc-id,Values='$vpc | grep NatGatewayId
aws ec2 describe-security-groups --region $region --filters 'Name=vpc-id,Values='$vpc | grep GroupId
aws ec2 describe-instances --region $region --filters 'Name=vpc-id,Values='$vpc | grep InstanceId
aws ec2 describe-vpn-connections --region $region --filters 'Name=vpc-id,Values='$vpc | grep VpnConnectionId
aws ec2 describe-vpn-gateways --region $region --filters 'Name=attachment.vpc-id,Values='$vpc | grep VpnGatewayId
aws ec2 describe-network-interfaces --region $region --filters 'Name=vpc-id,Values='$vpc | grep NetworkInterfaceId
aws ec2 describe-carrier-gateways --region $region --filters Name=vpc-id,Values=$vpc | grep CarrierGatewayId
aws ec2 describe-local-gateway-route-table-vpc-associations --region $region --filters Name=vpc-id,Values=$vpc | grep LocalGatewayRouteTableVpcAssociationId

Note: In the preceding script, enter your VPC ID in the vpc field, and AWS Region (for example, us-east-1) in the Region field. Also, make sure that you're using credentials with appropriate permissions to run the Describe API calls.

2.    Delete the remaining dependencies that you identified in step 1, and then retry deleting your Amazon VPC.

Resolve errors received when trying to delete an Amazon VPC through the Amazon VPC console

  • The following error indicates that the Amazon VPC has Amazon Elastic Compute Cloud (Amazon EC2) instances running on it: "VPC contains one or more instances, and cannot be deleted until those instances have been terminated." To resolve this error, terminate your instances.
  • The following error indicates that the Amazon VPC has network interfaces that are in use or available: "VPC contains one or more in-use network interfaces, and cannot be deleted until those network interfaces have been deleted."
  • The following error indicates that there are requester-managed network interfaces that you can't delete: "An error occurred (InvalidParameterValue) when calling the DeleteNetworkInterface operation: Network interface 'eni-aabbccdd' is currently in use." To delete requester-managed network interfaces, you must delete the AWS service that created the network interfaces.

Follow these steps to remove the dependent services:

1.    Open the Amazon EC2 console.

2.    Select the AWS Region that the Amazon VPC is in.

3.    In the navigation pane, under Network Interfaces, search for the VPC ID of the Amazon VPC that you're deleting.

4.    Select the network interface and choose the Details tab.

5.    Review the Description to see which resources the network interface is attached to.

6.    Delete the associated resources. For example, you're deleting a Network Interface and the Requester ID is "amazon-elb." Use the value in the Description field of the Elastic Network Interface to identify the load balancer. Then, navigate to the Load Balancer section of the Amazon EC2 console, locate the load balancer, and delete it.

        Note: If the network interface is a primary one, then it's deleted when you delete the instance.

  • The following error indicates that the Amazon VPC has a dependency: "VPC has one or more attached NAT gateways or virtual private gateways, and cannot be deleted until they are detached or deleted." To delete them, follow these steps: Delete a NAT gateway and Detaching and deleting a virtual private gateway.
  • The following error indicates that there are active VPC peering connections in the Amazon VPC: "The VPC is peered as a requester with at least one other VPC through peering connections" To delete them, follow these steps: Delete a VPC peering connection.

If you still have dependencies that are blocking the VPC from deletion, then follow these steps:

Delete the carrier gateway

1.    Open the Amazon VPC console.

2.    In the navigation pane, choose Carrier Gateways.

3.    Select the carrier gateway, and then choose Actions. Then, choose Delete carrier gateway.

4.    In the Delete carrier gateway dialog box, enter Delete, and then choose Delete.

Disassociate the VPC from any local gateway route tables

1.    Open the AWS Outposts console.

2.    On the navigation pane, and then choose Local gateway route tables.

3.    Select the route table.

4.    Choose Actions, and then choose View details.

5.    In VPC associations, select the VPC to disassociate, and then choose Disassociate.

6.    Choose Disassociate.