Remove default VPC via aws CLI

When you start a new account, Amazon creates a new VPC by default with 3 subnets, 1 security group, 1 ACL, and 1 internet gateway. I want to remove vpc related and default objects. I can do this through the console, but I want to achieve this through the aws cli and I am stuck.

When I try the following command:

aws ec2 delete-vpc --vpc-id $VpcId


The console returns a DependencyViolation error:

Client error (DependencyViolation) occurred while calling DeleteVpc operation: vpc 'vpc-13f53076' has dependencies and cannot be deleted.

So I tried to remove the dependencies, but that doesn't work for everyone!

  • For the internet gateway, I got the same error:

    Client error (DependencyViolation) occurred when calling DeleteInternetGateway operation: InternetGateway 'igw-d0f51bb5' has dependencies and cannot be deleted.

  • For the default security group. I got the following error:

    Client error (CannotDelete) occurred while calling DeleteSecurityGroup operation: specified group: "sg-acca7bc" name: "default" cannot be deleted by user

  • For the default ACL, I got the following error:

    Client error (InvalidParameterValue) occurred when calling DeleteNetworkAcl operation: Unable to delete default ACL ACL-d3ba77b6

This is a new account without any previously created exceptions if the default vpc is created by Amazon. Any help or pointers in the right direction would be appreciated.


source to share

3 answers

Try uninstalling from AWS Control Panel, it may result in more detailed error.

  • FYI, you cannot remove the default security group.
  • Disconnect the VPC before removing the Internet gateway
  • Make sure there is no Elastic Network Interface (ENI) connected. You can see it under NetworkInterfaces in the EC2 left pane.

And why do you want to delete your default VPC?



you need to disable the gateway before you can remove it; nesting creates a circular dependency. see my answer here .



I needed to go through and remove all default VPCs in all regions and wrote a script to do that. May save someone else for a while. Requires aws cli and 'jq'.

#/usr/bin/env bash

export REGIONS=$(aws ec2 describe-regions | jq -r ".Regions[].RegionName")

for region in $REGIONS; do
    # list vpcs
    echo $region
    aws --region=$region ec2 describe-vpcs | jq ".Vpcs[]|{is_default: .IsDefault, cidr: .CidrBlock, id: .VpcId} | select(.is_default)"

read -p "Are you sure? " -n 1 -r
echo    # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]
    for region in $REGIONS ; do
        echo "Killing $region"
        # list vpcs
        export IDs=$(aws --region=$region ec2 describe-vpcs | jq -r ".Vpcs[]|{is_default: .IsDefault, id: .VpcId} | select(.is_default) | .id")
        for id in "$IDs" ; do
            if [ -z "$id" ] ; then

            # kill igws
            for igw in 'aws --region=$region ec2 describe-internet-gateways | jq -r ".InternetGateways[] | {id: .InternetGatewayId, vpc: .Attachments[0].VpcId} | select(.vpc == \"$id\") | .id"' ; do
                echo "Killing igw $region $id $igw"
                aws --region=$region ec2 detach-internet-gateway --internet-gateway-id=$igw --vpc-id=$id
                aws --region=$region ec2 delete-internet-gateway --internet-gateway-id=$igw

            # kill subnets
            for sub in 'aws --region=$region ec2 describe-subnets | jq -r ".Subnets[] | {id: .SubnetId, vpc: .VpcId} | select(.vpc == \"$id\") | .id"' ; do
                echo "Killing subnet $region $id $sub"
                aws --region=$region ec2 delete-subnet --subnet-id=$sub

            echo "Killing vpc $region $id"
            aws --region=$region ec2 delete-vpc --vpc-id=$id





All Articles