aws-nuke
aws-nuke copied to clipboard
rebuy-de
I keep getting a DependencyViolation errors!
AWS Nuke throws up multiple errors:
DependencyViolation: The vpc ... has dependencies and cannot be deleted.
I can't see why. When I attempt to delete them via the AWS console, they delete without any problem.
Any ideas, or is this a bug!?
Hello @john-morsley.
Sorry for the late response. It probably works through the UI, because the UI is doing a recursive delete. When using the API on the other hand AWS expects us to manually delete all dependent resources.
This means there must be a resource which depends on the VPC which is either not yet supported by aws-nuke or which is filtered by the config.
Any news on this @john-morsley? Were you able to find a solution for your problem?
Bumping this thread, we recently started to observe this issue as well. Looking in the AWS console, there doesn't appear to be other dependencies associated with the VPC vpc-0898dcfe306f12f1e. Also, retrying with aws-nuke shows that no other dependencies exist,
[2021-04-22T16:08:31.056Z] us-west-2 - EC2InternetGateway - igw-0dadd35a683869d51 - [tag:Name: "default"] - filtered by config
[2021-04-22T16:08:31.056Z] us-west-2 - EC2Subnet - subnet-f4bfa78d - [DefaultForAz: "true"] - filtered by config
[2021-04-22T16:08:31.056Z] us-west-2 - EC2Subnet - subnet-2bec0676 - [DefaultForAz: "true"] - filtered by config
[2021-04-22T16:08:31.056Z] us-west-2 - EC2Subnet - subnet-d1e3e69a - [DefaultForAz: "true"] - filtered by config
[2021-04-22T16:08:31.057Z] us-west-2 - EC2Subnet - subnet-ea81e3c1 - [DefaultForAz: "true"] - filtered by config
[2021-04-22T16:08:31.057Z] us-west-2 - EC2RouteTable - rtb-0b6753bdae6283b8d - [] - filtered by config
[2021-04-22T16:08:31.057Z] us-west-2 - EC2RouteTable - rtb-86c8a0fd - [] - filtered by config
[2021-04-22T16:08:31.057Z] us-west-2 - EC2VPC - vpc-0898dcfe306f12f1e - [ID: "vpc-0898dcfe306f12f1e", IsDefault: "false",] - would remove
[2021-04-22T16:08:31.057Z] us-west-2 - EC2VPC - vpc-4ff77937 - [ID: "vpc-4ff77937", IsDefault: "true"] - filtered by config
[2021-04-22T16:08:31.057Z] us-west-2 - CloudFormationStack - guardduty-event-stack - [Name: "guardduty-event-stack", tag:ManagedBy: "ConformityEngine"] - filtered by config
[2021-04-22T16:08:31.057Z] us-west-2 - CloudFormationStack - vss-event-setup - [Name: "vss-event-setup", tag:ManagedBy: "ConformityEngine"] - filtered by config
[2021-04-22T16:08:31.057Z] us-west-2 - EC2NetworkInterface - [AvailabilityZone: "us-west-2c", ID: "eni-09b7fbd972d080c66", PrivateIPAddress: "172.31.15.28", Status: "in-use", SubnetID: "subnet-2bec0676", VPC: "vpc-4ff77937"] - filtered by config
[2021-04-22T16:08:31.057Z] us-west-2 - EC2SecurityGroup - sg-030a904fd5f4a420f - [Name: "k8s-elb-a5a6642bdafea4cdc84a5b48e365f06c", tag:kubernetes.io/cluster/tkg-capa-mgmt-aws: "owned"] - filtered by config
[2021-04-22T16:08:31.057Z] us-west-2 - EC2SecurityGroup - sg-04bb364b26da43f7e - [Name: "default"] - cannot delete group 'default'
[2021-04-22T16:08:31.057Z] us-west-2 - EC2SecurityGroup - sg-0e8091d6ee7199e85 - [Name: "launch-wizard-19"] - filtered by config
[2021-04-22T16:08:31.057Z] us-west-2 - EC2SecurityGroup - sg-1ab77358 - [Name: "default"] - cannot delete group 'default'
[2021-04-22T16:08:31.057Z] us-west-2 - EC2Instance - i-09d44e59e144538f5 - [] - filtered by config
[2021-04-22T16:08:31.057Z] us-west-2 - EC2InternetGatewayAttachment - igw-0dadd35a683869d51 -> vpc-4ff77937 - [tag:igw:Name: "default"] - filtered by config
[2021-04-22T16:08:31.057Z] Scan complete: 18 total, 1 nukeable, 17 filtered.
However, deleting this VPC eventually fails with the following error:
[2021-04-22T16:08:54.568Z] us-west-2 - EC2VPC - vpc-0898dcfe306f12f1e - [ID: "vpc-0898dcfe306f12f1e", IsDefault: "false"] - failed
[2021-04-22T16:08:54.568Z] time="2021-04-22T09:08:54-07:00" level=error msg="DependencyViolation: The vpc 'vpc-0898dcfe306f12f1e' has dependencies and cannot be deleted.\n\tstatus code: 400, request id: 90e2a280-29ee-4316-88b3-86804704e996"
Similar to @john-morsley stated above, deleting the VPC via the AWS console is successful.
